From 97cfa202a0f26dd8060ea4636f232bfe9c8aad5a Mon Sep 17 00:00:00 2001
From: cassiatorczon <cassiatorczon@gmail.com>
Date: Thu, 1 May 2025 02:05:21 -0400
Subject: [PATCH 1/8] string lib

---
 src/exercises/string/array.h                  |   0
 src/exercises/string/cn_types.h               |  48 ++
 .../state__util.c__len_lt_buf_size.html       | 698 ++++++++++++++++++
 src/exercises/string/example.c                |  49 ++
 src/exercises/string/lemmas.h                 |  57 ++
 src/exercises/string/spec_funs.h              |  53 ++
 src/exercises/string/string.c                 |  89 +++
 src/exercises/string/string_buf.c             |  74 ++
 src/exercises/string/util.c                   |  43 ++
 9 files changed, 1111 insertions(+)
 create mode 100644 src/exercises/string/array.h
 create mode 100644 src/exercises/string/cn_types.h
 create mode 100644 src/exercises/string/error_files/state__util.c__len_lt_buf_size.html
 create mode 100644 src/exercises/string/example.c
 create mode 100644 src/exercises/string/lemmas.h
 create mode 100644 src/exercises/string/spec_funs.h
 create mode 100644 src/exercises/string/string.c
 create mode 100644 src/exercises/string/string_buf.c
 create mode 100644 src/exercises/string/util.c

diff --git a/src/exercises/string/array.h b/src/exercises/string/array.h
new file mode 100644
index 00000000..e69de29b
diff --git a/src/exercises/string/cn_types.h b/src/exercises/string/cn_types.h
new file mode 100644
index 00000000..fe1c6786
--- /dev/null
+++ b/src/exercises/string/cn_types.h
@@ -0,0 +1,48 @@
+/*@
+
+datatype String {
+    String_Nil {},
+    String_Cons { u8 head, datatype String tail}
+}
+
+@*/
+
+/*@
+// null-terminated strings with (potentially) extra buffer space
+
+datatype String_Buf {
+    String_Buf {
+        datatype String chars,
+        size_t buf_len // full buffer length, including chars
+    }
+}
+
+predicate (datatype String_Buf) String_Buf_At(pointer p, size_t buf_len) {
+    take s = String(p, buf_len);
+    return String_Buf { chars : s, buf_len : buf_len};
+}
+
+predicate (datatype String) String(pointer p, size_t buf_len) {
+    assert (buf_len >= 1u64);
+    take h = RW<char>(p);
+    take s = String_Aux(p, buf_len, h);
+    return s;
+}
+
+// p: pointer to h
+// buf_len: length of buffer including h
+// h: first character of string starting at p
+predicate (datatype String) String_Aux(pointer p, size_t buf_len, u8 h) {
+    if (h == 0u8) {
+        // TODO: initially I did not have "0u64 < i" but did not get any error
+        // indicating I was taking the same thing twice
+        take rem = each (size_t i; 0u64 < i && i < buf_len - 1u64) {
+            W<char>( array_shift<char>(p, i)) };
+        return String_Nil {};
+    } else {
+        take tl_buf = String_Buf_At(array_shift<char>(p, 1u64), buf_len - 1u64);
+        return String_Cons {head : h, tail : tl};
+    }
+}
+
+@*/
diff --git a/src/exercises/string/error_files/state__util.c__len_lt_buf_size.html b/src/exercises/string/error_files/state__util.c__len_lt_buf_size.html
new file mode 100644
index 00000000..2f383640
--- /dev/null
+++ b/src/exercises/string/error_files/state__util.c__len_lt_buf_size.html
@@ -0,0 +1,698 @@
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<title>CN state explorer</title>
+<style>
+html {
+  font-family: sans-serif;
+  font-size: 11pt
+}
+
+body {
+  padding: 0;
+  margin: 0;
+  overflow: hidden;
+}
+
+table {
+  width: 100%;
+  border: 1px solid;
+  border-collapse: collapse;
+}
+
+h1 {
+  font-size: 11pt;
+  margin-top: 16pt;
+}
+
+tr {
+  padding: 0;
+  margin: 0;
+}
+
+.hidden {
+  display: none;
+}
+
+th, td {
+  text-align: left;
+  vertical-align: top;
+  border-left: 1px solid;
+  border-right: 1px solid;
+  padding-left: 5px;
+  padding-right: 5px;
+  padding-top: 3px;
+  padding-bottom: 3px;
+  white-space: pre;
+}
+
+th {
+  padding-top: 5px;
+  padding-bottom: 5px;
+}
+
+th {
+  font-weight: normal;
+  font-style: italic;
+}
+
+#root {
+  display: flex;
+  height: 100vh;
+  margin: 0;
+  padding: 0;
+}
+
+.menu {
+  font-size: 15px;
+  margin: 0px;
+  padding: 0px;
+  vertical-align: middle;
+}
+
+.menu ul {
+  list-style-type: none;
+  display: inline;
+  padding: 0;
+  margin: 0;
+}
+
+.menu li {
+  padding: 0px;
+  margin: 0px;
+  float: left;
+}
+
+.menu button {
+  all: unset;
+  padding: 7px;
+}
+
+.toggle {
+  border-radius: 2px;
+  display: inline-block;
+  font-size: small;
+  cursor: pointer;
+}
+
+#pageinfo {
+  padding: 7px;
+  display: inline-block;
+}
+
+#sectioninfo {
+  padding: 7px;
+  display: inline-block;
+}
+
+#cn_state {
+  width: 50%;
+  align-content: flex-start;
+  display: grid;
+}
+
+#pages {
+  padding: 10px;
+  overflow-y:scroll;
+}
+
+#cn_code_display {
+  width: 50%;
+  display: grid;
+  align-content: flex-start;
+}
+
+#cn_code {
+  overflow-y:scroll;
+  /* padding: 5px; */
+  font-family: monospace;
+  white-space-collapse: preserve;
+  /* text-wrap: nowrap; */
+  white-space: pre;
+}
+
+.nb {
+  padding-left: 5px;
+  /* TODO this will clip if there are more than 999 lines */
+  width: 35px;
+}
+
+.hl {
+    display: inline;
+}
+
+.line {
+  padding-left: 8px;
+  /* overflow:scroll; */
+}
+
+@media (prefers-color-scheme: dark) {
+
+  html {
+    background-color: black;
+    color: lightgray;
+  }
+
+  table, th, td {
+    border-color: #303030;
+  }
+
+  tr {
+    background-color: #181818;
+  }
+
+  tr:nth-child(even) {
+    background-color: #222222;
+  }
+
+  th {
+    background-color: #252525;
+    border-bottom: 1px solid #303030;
+  }
+
+  tr:hover {
+    background-color: #101044;
+  }
+
+  .hl {
+    background-color: #2727a6;
+  }
+
+  .menu {
+    background-color: #CCCCCC;
+    color: black;
+  }
+
+  .menu button:hover {
+    background-color: #AAAAAA;
+  }
+
+  #cn_code {
+    background-color: rgb(30, 30, 30);
+  }
+
+  .nb {
+    width: 35px;
+    color: rgb(150, 150, 150);
+    background-color: rgb(50, 50, 50);
+  }
+
+  .toggle {
+    background-color: #CCCCCC;
+    color: black;
+  }
+}
+
+@media (prefers-color-scheme: light) {
+
+  html {
+    background-color: white;
+    color: black;
+  }
+
+  table, th, td {
+    border-color: #E9E9E9;
+  }
+
+  tr {
+    background-color: #F8F8F8;
+  }
+
+  th {
+    background-color: #F0F0F0;
+    border-bottom: 1px solid #E9E9E9;
+  }
+
+  tr:hover {
+    background-color: #E2F0FF;
+  }
+
+  .hl {
+    background-color: #b4d8fd;
+  }
+
+  .menu {
+    background-color: #333333;
+    color: white;
+  }
+
+  .menu button:hover {
+    background-color: #555555;
+  }
+
+  #cn_code {
+    background-color: rgb(245, 245, 245);
+  }
+
+  .nb {
+    width: 35px;
+    color: rgb(150, 150, 150);
+    background-color: rgb(230, 230, 230);
+  }
+
+  .toggle {
+    background-color: #333333;
+    color: white;
+  }
+}
+</style>
+</head>
+
+<div id="root">
+  <div id="cn_state">
+  <div class="menu" id="menu1">
+    <ul>
+    <li><button onclick="goto_page(1)"/>first</button></li>
+    <li><button onclick="goto_prev()"/>prev</button></li>
+    <li><button onclick="goto_next()"/>next</button></li>
+    <li><button onclick="goto_page(43)"/>last</button></li>
+    </ul>
+    <div id="pageinfo"></div>
+  </div>
+  <div id="pages"><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function"></div></td><td><div class="loc_section"></div></td><td><div class="loc"></div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1>(none)<h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1>(none)</div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section"></div></td><td><div class="loc"></div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>(same type) String_Buf_At(s, n)(sIn)</td></tr></tbody></table><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1>(none)</div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc"></div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">28:0-42:1</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:4-29:18</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:13-29:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:13-29:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:13-29:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:13-29:14</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:13-29:14</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:15-29:16</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:4-41:5</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:8-31:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:8-31:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:8-31:9</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:8-31:9</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:13-31:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:8-31:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">37:4-41:5</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:8-38:23</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:18-38:22</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:18-38:22</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:18-38:22</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:18-38:19</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:18-38:19</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:20-38:21</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:8-39:32</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:8-39:31</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:8-39:25</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:26-39:27</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:26-39:27</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:29-39:30</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:29-39:30</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:8-40:56</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:8-40:55</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:8-40:23</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:24-40:27</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:25-40:27</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:29-40:54</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:29-40:30</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:29-40:30</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:33-40:54</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:53-40:54</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
+                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
+                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
+                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
+                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div></div>
+  </div>
+<div id="cn_code_display">
+<div class="menu" id="menu2">
+  <div id="sectioninfo"></div>
+</div>
+<div id="cn_code">#include "string_buf.c"
+
+// UTILITIES
+
+void nonempty_buf_size(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+    chars(sIn) != String_Nil{};
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    n > 1u64;
+@*/
+{
+    char c = s[0];
+    /*@ split_case (c == 0u8); @*/
+}
+
+void len_lt_buf_size(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    string_buf_len(sOut) < n;
+@*/
+{
+    char c = s[0];
+
+    if (c == '\0')
+    {
+        /*@ unfold string_buf_len(String_Buf {buf_len: n, chars: String_Nil {}}); @*/
+        /*@ unfold string_len(String_Nil{});@*/
+    }
+    else
+    {
+        char c1 = s[1];
+        nonempty_buf_size(s, n);
+        len_lt_buf_size(&c1, n - (unsigned long long)1);
+    }
+}</div>
+</div>
+</div>
+
+<script defer>
+var current_page = 1
+const menu = document.getElementById("menu1").getElementsByTagName("li")
+const pageinfo = document.getElementById("pageinfo")
+const pages = document.getElementById("pages").children
+const cn_code = document.getElementById("cn_code")
+const n_pages = pages.length
+
+
+function clear_highlight() {
+  Array.from(document.getElementById("cn_code").children).forEach((e) => {
+    div = e.children[1]
+    div.replaceChildren(div.textContent)
+  })
+}
+
+function highlight(line, start_col, end_col) {
+  // console.log(`HIGHLIGHT(${line}, ${start_col}, ${end_col})`)
+  if (end_col <= start_col) {
+    end_col = start_col+1
+  }
+  Array.from(cn_code.children).forEach((e, n) => {
+    div = e.children[1]
+    if (n != line-1) {
+      div.replaceChildren(div.textContent)
+    } else {
+      str = div.textContent
+      before = str.substring(0, start_col-1)
+      hl = document.createElement("span")
+      hl.classList.add("hl")
+      hl.textContent = str.substring(start_col-1,end_col-1)
+      after = str.substring(end_col-1)
+      div.replaceChildren(before,hl,after)
+      cn_code.scrollTop = div.offsetTop
+    }
+  })
+}
+
+function multiline_highlight(start_line, start_col, end_line, end_col) {
+  Array.from(cn_code.children).forEach((e, n) => {
+    div = e.children[1]
+    if (n < start_line || end_line < n) {
+      div.replaceChildren(div.textContent)
+    } else {
+      str = div.textContent
+      if (n == start_line) {
+        cn_code.scrollTop = div.offsetTop
+      }
+      hl = document.createElement("span")
+      hl.classList.add("hl")
+      // TODO: probably could be written nicer
+      if (start_line == end_line) {
+        before = str.substring(0, start_col)
+        hl.textContent = str.substring(start_col,end_col)
+        after = str.substring(end_col)
+        div.replaceChildren(before,hl,after)
+      } else if (n == start_line) {
+        before = str.substring(0, start_col)
+        hl.textContent = str.substring(start_col)
+        div.replaceChildren(before,hl)
+      } else if (n == end_line) {
+        hl.textContent = str.substring(0,end_col)
+        after = str.substring(end_col)
+        div.replaceChildren(hl,after)
+      } else {
+        hl.textContent = str
+        div.replaceChildren(hl)
+      }
+    }
+  })
+}
+
+// function decode_loc(n) {
+//   loc = pages[n-1].getElementsByClassName("loc")[0].textContent
+//   console.log("DECODING ==> ", loc)
+//   if (loc == "") {
+//     // console.log("NO LOC")
+//     clear_highlight()
+//   } else {
+//     xs = loc.split(" ")[1].split(":")
+//     line = xs[1]
+//     col = parseInt(xs[2])
+//     // console.log(`LOC ==> line: ${line} -- col: ${col}`)
+//     highlight(line, col, col+1)
+//   }
+// }
+
+function decode_loc(n) {
+  loc = pages[n-1].getElementsByClassName("loc")[0].textContent
+  fnction = pages[n-1].getElementsByClassName("loc_function")[0].textContent
+  section = pages[n-1].getElementsByClassName("loc_section")[0].textContent
+  if (loc == "") {
+    clear_highlight()
+  } else {
+    pair = loc.split("-")
+    start = pair[0].split(":")
+    end = pair[1].split(":")
+    multiline_highlight(start[0], start[1], end[0], end[1])
+  }
+  if (fnction == "") {
+    sectioninfo.textContent = "(none)"
+  }
+  else if (section == "") {
+    sectioninfo.textContent = fnction
+  }
+  else {
+    sectioninfo.textContent = `${fnction}  >  ${section}`
+  }
+}
+
+function goto_page(n) {
+  if (0 < n && n <= n_pages ) {
+    // console.log(`GOTO_PAGE(${n} ==> current: ${current_page})`)
+    decode_loc(n)
+    pages[current_page - 1].style.display = "none"
+    pages[n-1].style.display = "block"
+    current_page = n
+
+    pageinfo.textContent = `[${current_page} / ${n_pages}]`
+    menu[0].disabled = false
+    menu[1].disabled = false
+    menu[2].disabled = false
+    menu[3].disabled = false
+    if (current_page == 1) {
+      menu[0].disabled = true
+      menu[1].disabled = true
+    } else if (current_page == n_pages) {
+      menu[2].disabled = true
+      menu[3].disabled = true
+    }
+  }
+}
+
+function goto_prev() {
+  goto_page(current_page-1)
+}
+
+function goto_next() {
+  goto_page(current_page+1)
+}
+
+function create_line(n, str) {
+  nb_div = document.createElement("div")
+  str_div = document.createElement("div")
+  nb_div.textContent = n
+  nb_div.classList.add("nb")
+  str_div.textContent = str
+  str_div.classList.add("line")
+  ret = document.createElement("div")
+  ret.style.display = "flex"
+  ret.replaceChildren(nb_div, str_div)
+  return ret
+}
+
+function make_toggles(className, labels) {
+  for(const btn of document.getElementsByClassName(className)) {
+    const opts = []
+    for (let i = btn.nextSibling; i !== null; i = i.nextSibling) {
+      i.classList.add("hidden")
+      opts.push(i)
+    }
+    console.log(opts)
+    let cur = 0
+    function update() {
+      cur %= opts.length
+      const lab = labels && labels[cur] || ("Option " + (cur + 1))
+      btn.textContent = lab
+      opts[cur].classList.remove("hidden")
+    }
+    btn.addEventListener("click", () => {
+      opts[cur].classList.add("hidden")
+      ++cur
+      update()
+    })
+    update()
+  }
+}
+
+function init() {
+  make_toggles("toggle",["Simplified","Original"])
+  lines = cn_code.textContent.split("\n")
+  lines.forEach((e, n) => {
+    if (n == 0) {
+      cn_code.replaceChildren(create_line(1, e))
+    } else {
+      cn_code.appendChild(create_line(n+1, e))
+    }
+  })
+
+  goto_page(1)
+
+  Array.from(pages).forEach((e, i) => {
+    if (i != 0) {
+      e.style.display = "none"
+    }
+  })
+}
+
+init()
+</script>
+</html>
diff --git a/src/exercises/string/example.c b/src/exercises/string/example.c
new file mode 100644
index 00000000..a0770209
--- /dev/null
+++ b/src/exercises/string/example.c
@@ -0,0 +1,49 @@
+#include "util.c"
+
+void simple_ex(char *s, unsigned long long n)
+/*@
+    requires
+        take sIn = String_Buf_At(s, n);
+        n < 3u64;
+    ensures
+        true;
+@*/
+{
+    char *sb = malloc_str(5);
+    unsigned long long m = str_buf_len(sb, 5);
+    // m == 0
+
+    /*@ apply len_lt_buf_size(s, n); @*/
+    sb = str_buf_cpy(sb, s, 5, n);
+
+    m = str_buf_len(sb, 5);
+    // m == n
+
+    int j = str_buf_cmp(s, sb, n, 5);
+    // j == 0
+
+    /*@ apply string_buf_to_array(s, n); @*/
+    /*@ focus RW<char>, 0u64; @*/
+    write(s, n, 0, 'c');
+    /*@ apply array_to_string_buf(s, n); @*/
+    /*@ apply string_buf_to_array(sb, 5u64); @*/
+    /*@ focus RW<char>, 0u64; @*/
+    write(sb, 5, 0, 'g');
+    /*@ apply array_to_string_buf(sb, 5u64); @*/
+
+    j = str_buf_cmp(s, sb, n, 5);
+    // j != 0
+
+    /*@
+    unfold string_buf_len(sIn);
+    assert (string_buf_len(sIn) <= 1u64);
+    @*/
+    sb = str_buf_cat(sb, s, 5, n);
+    m = str_buf_len(sb, 5);
+    // m == 2 * n
+
+    free_str(sb, 5);
+    free_str(s, n);
+}
+
+// parser and printer of pairs of numbers
\ No newline at end of file
diff --git a/src/exercises/string/lemmas.h b/src/exercises/string/lemmas.h
new file mode 100644
index 00000000..43c966b7
--- /dev/null
+++ b/src/exercises/string/lemmas.h
@@ -0,0 +1,57 @@
+#include "util.c"
+
+/*@
+// conversion to and from arrays
+
+lemma array_to_string_buf(pointer s, size_t n)
+    requires
+        take sArray = each(u64 i; i < n) {
+            RW<char>( array_shift<char>(s, i)) };
+    ensures
+        take sBuf = String_Buf_At(s, n);
+        each (u64 i; i < string_buf_len(sBuf)) {
+            string_buf_nth(sBuf, i) == sArray[i]
+        };
+
+lemma string_buf_to_array(pointer s, size_t n)
+    requires
+        take sBuf = String_Buf_At(s, n);
+    ensures
+        take sArray = each(u64 i; i < n) {
+            RW<char>( array_shift<char>(s, i)) };
+        each (u64 i; i < string_buf_len(sBuf)) {
+            string_buf_nth(sBuf, i) == sArray[i]
+        };
+
+@*/
+
+/*@
+// length lemmas
+
+lemma len_lt_buf_size (pointer s, size_t n)
+    requires
+        take sIn = String_Buf_At(s, n);
+    ensures
+        take sOut = String_Buf_At(s, n);
+        sIn == sOut;
+        match sOut {
+            String_Buf { chars : cs, buf_len : n0 } => {
+                (string_buf_len(sOut) < n0) && (n == n0)
+            }
+        };
+
+lemma lt_len_impl_nonzero (pointer s, size_t n)
+    requires
+        take sBuf = String_Buf_At(s, n);
+    ensures
+        take sArray = each(u64 i; i < n) {
+            RW<char>( array_shift<char>(s, i)) };
+        each (u64 i; i < string_buf_len(sBuf)) {
+            string_buf_nth(sBuf, i) == sArray[i]
+        };
+        each (u64 i; i < string_buf_len(sBuf)) {
+            sArray[i] != 0u8
+        };
+
+
+@*/
diff --git a/src/exercises/string/spec_funs.h b/src/exercises/string/spec_funs.h
new file mode 100644
index 00000000..771ed871
--- /dev/null
+++ b/src/exercises/string/spec_funs.h
@@ -0,0 +1,53 @@
+#include "cn_types.h"
+
+/*@
+function (datatype String) chars(String_Buf s) {
+    match s {
+        String_Buf { chars : cs, buf_len : n } => { cs }
+    }
+}
+
+function (u64) buf_len(String_Buf s) {
+    match s {
+        String_Buf { chars : cs, buf_len : n } => { n }
+    }
+}
+
+function [rec] (u64) string_len(String s) {
+    match s {
+      String_Nil {} => { 0u64 }
+      String_Cons { head : h , tail : tl } => { 1u64 + string_len(tl) }
+    }
+}
+
+function [rec] (u64) string_buf_len(String_Buf sb) {
+    match sb {
+      String_Buf { chars : cs, buf_len : n } => { string_len(cs) }
+    }
+}
+
+function [rec] (datatype String) string_concat(String s1, String s2) {
+    match s1 {
+        String_Nil {} => { s2 }
+        String_Cons { head : h , tail : tl } => {
+        String_Cons { head : h, tail : string_concat(tl, s2) }
+        }
+    }
+}
+
+// defaults to \0
+function [rec] (u8) string_nth(String s, u64 n) {
+    match s {
+        String_Nil {} => { 0u8 }
+        String_Cons { head : h , tail : tl } => {
+            n == 0u64 ? h : string_nth(tl, n - 1u64)
+        }
+    }
+}
+
+function [rec] (u8) string_buf_nth(String_Buf sb, u64 n) {
+    match sb {
+        String_Buf { chars : cs, buf_len : n0 } => { string_nth(cs, n) }
+    }
+}
+@*/
\ No newline at end of file
diff --git a/src/exercises/string/string.c b/src/exercises/string/string.c
new file mode 100644
index 00000000..53e647d8
--- /dev/null
+++ b/src/exercises/string/string.c
@@ -0,0 +1,89 @@
+#include <stddef.h>
+#include "spec_funs.h"
+
+/*@
+// null-terminated strings with no extra buffer
+
+predicate (datatype String) String_At(pointer p) {
+    take h = RW<char>(p);
+    take s = String_At_Aux(p, h);
+    return s;
+}
+
+predicate (datatype String) String_At_Aux(pointer p, u8 h) {
+    if (h == 0u8) {
+        return String_Nil {};
+    } else {
+        take tl = String_At(array_shift<char>(p, 1u64));
+        return String_Cons {head : h, tail : tl};
+    }
+}
+
+// function [rec] (u64) string_len(String s) {
+//   match s {
+//     String_Nil {} => { 0u64 }
+//     String_Cons { head : h , tail : tl } => { 1u64 + string_len(tl) }
+//   }
+// }
+
+// function [rec] (datatype String) string_concat(String s1, String s2) {
+//   match s1 {
+//       String_Nil {} => { s2 }
+//       String_Cons { head : h , tail : tl } => {
+//       String_Cons { head : h, tail : string_concat(tl, s2) }
+//       }
+//   }
+// }
+@*/
+
+// library functions with minimal buffer size arguments
+
+extern size_t strlen(const char *s);
+/*@ spec strlen(pointer s);
+    requires
+      take sIn = String_At(s);
+    ensures
+      take sOut = String_At(s);
+      sIn == sOut;
+      return == string_len(sIn);
+@*/
+
+extern char *strlcpy(char *dest, const char *src, size_t dest_size);
+/*@ spec strlcpy(pointer dest, pointer src, u64 dest_size);
+    requires
+      take srcIn = String_At(src);
+      take destIn = String_Buf_At(dest, dest_size);
+      string_len(srcIn) < dest_size; // < to leave room for the null
+    ensures
+      take srcOut = String_At(src);
+      take destOut = String_Buf_At(dest, dest_size);
+      srcIn == srcOut;
+      destOut == String_Buf { chars : srcIn, buf_len : dest_size };
+      ptr_eq(return, dest);
+@*/
+
+extern int strcmp(char *s1, char *s2);
+/*@ spec strcmp(pointer s1, pointer s2);
+    requires
+      take s1In = String_At(s1);
+      take s2In = String_At(s2);
+    ensures
+      take s1Out = String_At(s1);
+      take s2Out = String_At(s2);
+      s1In == s1Out;
+      s2In == s2Out;
+      (return == 0i32) ? s1In == s2In : s1In != s2In;
+@*/
+
+extern char *strcat(char *dest, const char *src, size_t dest_size);
+/*@ spec strcat(pointer dest, pointer src, u64 dest_size);
+    requires
+      take srcIn = String_At(src);
+      take destIn = String_Buf_At(dest, dest_size);
+      string_len(srcIn) + string_buf_len(destIn) < dest_size; // < to leave room for the null
+    ensures
+      take srcOut = String_At(src);
+      take destOut = String_Buf_At(dest, dest_size);
+      srcIn == srcOut;
+      destOut == String_Buf { chars : string_concat(srcIn, chars(destIn)), buf_len : buf_len(destIn) };
+@*/
\ No newline at end of file
diff --git a/src/exercises/string/string_buf.c b/src/exercises/string/string_buf.c
new file mode 100644
index 00000000..38a5092b
--- /dev/null
+++ b/src/exercises/string/string_buf.c
@@ -0,0 +1,74 @@
+#include <stddef.h>
+#include "spec_funs.h"
+
+// /* NULL-TERMINATED STRING STANDARD LIBRARY FUNCTIONS */
+
+extern char *malloc_str(size_t n);
+/*@ spec malloc_str(size_t n);
+    requires
+      1u64 <= n; // 1 byte is required for null termination
+    ensures
+      take s = String_Buf_At(return, n);
+@*/
+
+extern void free_str(char *p, size_t n);
+/*@ spec free_str(pointer p, u64 n);
+    requires
+      take s = String_Buf_At(p, n);
+    ensures
+      true;
+@*/
+
+// buffer version of strlen
+extern size_t str_buf_len(const char *s, size_t n);
+/*@ spec str_buf_len(pointer s, u64 n);
+    requires
+      take sIn = String_Buf_At(s, n);
+    ensures
+      take sOut = String_Buf_At(s, n);
+      sIn == sOut;
+      return == string_buf_len(sIn);
+@*/
+
+// buffer version of strcpy
+extern char *str_buf_cpy(char *dest, const char *src, size_t dest_size, size_t src_size);
+/*@ spec str_buf_cpy(pointer dest, pointer src, u64 dest_size, u64 src_size);
+    requires
+      take srcIn = String_Buf_At(src, src_size);
+      take destIn = String_Buf_At(dest, dest_size);
+      string_buf_len(srcIn) < dest_size; // < to leave room for the null
+    ensures
+      take srcOut = String_Buf_At(src, src_size);
+      take destOut = String_Buf_At(dest, dest_size);
+      srcIn == srcOut;
+      destOut == String_Buf { chars : chars(srcIn), buf_len : dest_size };
+      ptr_eq(return, dest);
+@*/
+
+// buffer version of strcmp; does not compare buffer size
+extern int str_buf_cmp(char *s1, char *s2, size_t n1, size_t n2);
+/*@ spec str_buf_cmp(pointer s1, pointer s2, u64 n1, u64 n2);
+    requires
+      take s1In = String_Buf_At(s1, n1);
+      take s2In = String_Buf_At(s2, n2);
+    ensures
+      take s1Out = String_Buf_At(s1, n1);
+      take s2Out = String_Buf_At(s2, n2);
+      s1In == s1Out;
+      s2In == s2Out;
+      (return == 0i32) ? s1In == s2In : s1In != s2In;
+@*/
+
+// buffer version of strcat
+extern char *str_buf_cat(char *dest, const char *src, size_t dest_size, size_t src_size);
+/*@ spec str_buf_cat(pointer dest, pointer src, u64 dest_size, u64 src_size);
+    requires
+      take srcIn = String_Buf_At(src, src_size);
+      take destIn = String_Buf_At(dest, dest_size);
+      string_buf_len(srcIn) + string_buf_len(destIn) < dest_size; // < to leave room for the null
+    ensures
+      take srcOut = String_Buf_At(src, src_size);
+      take destOut = String_Buf_At(dest, dest_size);
+      srcIn == srcOut;
+      destOut == String_Buf { chars : string_concat( chars(srcIn), chars(destIn)), buf_len : dest_size};
+@*/
\ No newline at end of file
diff --git a/src/exercises/string/util.c b/src/exercises/string/util.c
new file mode 100644
index 00000000..b4fea416
--- /dev/null
+++ b/src/exercises/string/util.c
@@ -0,0 +1,43 @@
+#include "string_buf.c"
+
+// UTILITIES
+
+void nonempty_buf_size(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+    chars(sIn) != String_Nil{};
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    n > 1u64;
+@*/
+{
+    char c = s[0];
+    /*@ split_case (c == 0u8); @*/
+}
+
+void len_lt_buf_size(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    string_buf_len(sOut) < n;
+@*/
+{
+    char c = s[0];
+
+    if (c == '\0')
+    {
+        /*@ unfold string_buf_len(String_Buf {buf_len: n, chars: String_Nil {}}); @*/
+        /*@ unfold string_len(String_Nil{});@*/
+    }
+    else
+    {
+        char c1 = s[1];
+        nonempty_buf_size(s, n);
+        len_lt_buf_size(&c1, n - (unsigned long long)1);
+    }
+}
\ No newline at end of file

From 48ec1b323f3b0288c64c85581b85bc0eb8785bf4 Mon Sep 17 00:00:00 2001
From: cassiatorczon <cassiatorczon@gmail.com>
Date: Thu, 1 May 2025 02:26:36 -0400
Subject: [PATCH 2/8] mixed recursive style

---
 src/exercises/string/cn_types.h               |  11 +-
 .../state__util.c__len_lt_buf_size.html       | 698 ------------------
 2 files changed, 2 insertions(+), 707 deletions(-)
 delete mode 100644 src/exercises/string/error_files/state__util.c__len_lt_buf_size.html

diff --git a/src/exercises/string/cn_types.h b/src/exercises/string/cn_types.h
index fe1c6786..3c8305be 100644
--- a/src/exercises/string/cn_types.h
+++ b/src/exercises/string/cn_types.h
@@ -18,15 +18,10 @@ datatype String_Buf {
 }
 
 predicate (datatype String_Buf) String_Buf_At(pointer p, size_t buf_len) {
-    take s = String(p, buf_len);
-    return String_Buf { chars : s, buf_len : buf_len};
-}
-
-predicate (datatype String) String(pointer p, size_t buf_len) {
     assert (buf_len >= 1u64);
     take h = RW<char>(p);
     take s = String_Aux(p, buf_len, h);
-    return s;
+    return String_Buf { chars : s, buf_len : buf_len};
 }
 
 // p: pointer to h
@@ -34,14 +29,12 @@ predicate (datatype String) String(pointer p, size_t buf_len) {
 // h: first character of string starting at p
 predicate (datatype String) String_Aux(pointer p, size_t buf_len, u8 h) {
     if (h == 0u8) {
-        // TODO: initially I did not have "0u64 < i" but did not get any error
-        // indicating I was taking the same thing twice
         take rem = each (size_t i; 0u64 < i && i < buf_len - 1u64) {
             W<char>( array_shift<char>(p, i)) };
         return String_Nil {};
     } else {
         take tl_buf = String_Buf_At(array_shift<char>(p, 1u64), buf_len - 1u64);
-        return String_Cons {head : h, tail : tl};
+        return String_Cons {head : h, tail : chars(tl_buf)};
     }
 }
 
diff --git a/src/exercises/string/error_files/state__util.c__len_lt_buf_size.html b/src/exercises/string/error_files/state__util.c__len_lt_buf_size.html
deleted file mode 100644
index 2f383640..00000000
--- a/src/exercises/string/error_files/state__util.c__len_lt_buf_size.html
+++ /dev/null
@@ -1,698 +0,0 @@
-
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>CN state explorer</title>
-<style>
-html {
-  font-family: sans-serif;
-  font-size: 11pt
-}
-
-body {
-  padding: 0;
-  margin: 0;
-  overflow: hidden;
-}
-
-table {
-  width: 100%;
-  border: 1px solid;
-  border-collapse: collapse;
-}
-
-h1 {
-  font-size: 11pt;
-  margin-top: 16pt;
-}
-
-tr {
-  padding: 0;
-  margin: 0;
-}
-
-.hidden {
-  display: none;
-}
-
-th, td {
-  text-align: left;
-  vertical-align: top;
-  border-left: 1px solid;
-  border-right: 1px solid;
-  padding-left: 5px;
-  padding-right: 5px;
-  padding-top: 3px;
-  padding-bottom: 3px;
-  white-space: pre;
-}
-
-th {
-  padding-top: 5px;
-  padding-bottom: 5px;
-}
-
-th {
-  font-weight: normal;
-  font-style: italic;
-}
-
-#root {
-  display: flex;
-  height: 100vh;
-  margin: 0;
-  padding: 0;
-}
-
-.menu {
-  font-size: 15px;
-  margin: 0px;
-  padding: 0px;
-  vertical-align: middle;
-}
-
-.menu ul {
-  list-style-type: none;
-  display: inline;
-  padding: 0;
-  margin: 0;
-}
-
-.menu li {
-  padding: 0px;
-  margin: 0px;
-  float: left;
-}
-
-.menu button {
-  all: unset;
-  padding: 7px;
-}
-
-.toggle {
-  border-radius: 2px;
-  display: inline-block;
-  font-size: small;
-  cursor: pointer;
-}
-
-#pageinfo {
-  padding: 7px;
-  display: inline-block;
-}
-
-#sectioninfo {
-  padding: 7px;
-  display: inline-block;
-}
-
-#cn_state {
-  width: 50%;
-  align-content: flex-start;
-  display: grid;
-}
-
-#pages {
-  padding: 10px;
-  overflow-y:scroll;
-}
-
-#cn_code_display {
-  width: 50%;
-  display: grid;
-  align-content: flex-start;
-}
-
-#cn_code {
-  overflow-y:scroll;
-  /* padding: 5px; */
-  font-family: monospace;
-  white-space-collapse: preserve;
-  /* text-wrap: nowrap; */
-  white-space: pre;
-}
-
-.nb {
-  padding-left: 5px;
-  /* TODO this will clip if there are more than 999 lines */
-  width: 35px;
-}
-
-.hl {
-    display: inline;
-}
-
-.line {
-  padding-left: 8px;
-  /* overflow:scroll; */
-}
-
-@media (prefers-color-scheme: dark) {
-
-  html {
-    background-color: black;
-    color: lightgray;
-  }
-
-  table, th, td {
-    border-color: #303030;
-  }
-
-  tr {
-    background-color: #181818;
-  }
-
-  tr:nth-child(even) {
-    background-color: #222222;
-  }
-
-  th {
-    background-color: #252525;
-    border-bottom: 1px solid #303030;
-  }
-
-  tr:hover {
-    background-color: #101044;
-  }
-
-  .hl {
-    background-color: #2727a6;
-  }
-
-  .menu {
-    background-color: #CCCCCC;
-    color: black;
-  }
-
-  .menu button:hover {
-    background-color: #AAAAAA;
-  }
-
-  #cn_code {
-    background-color: rgb(30, 30, 30);
-  }
-
-  .nb {
-    width: 35px;
-    color: rgb(150, 150, 150);
-    background-color: rgb(50, 50, 50);
-  }
-
-  .toggle {
-    background-color: #CCCCCC;
-    color: black;
-  }
-}
-
-@media (prefers-color-scheme: light) {
-
-  html {
-    background-color: white;
-    color: black;
-  }
-
-  table, th, td {
-    border-color: #E9E9E9;
-  }
-
-  tr {
-    background-color: #F8F8F8;
-  }
-
-  th {
-    background-color: #F0F0F0;
-    border-bottom: 1px solid #E9E9E9;
-  }
-
-  tr:hover {
-    background-color: #E2F0FF;
-  }
-
-  .hl {
-    background-color: #b4d8fd;
-  }
-
-  .menu {
-    background-color: #333333;
-    color: white;
-  }
-
-  .menu button:hover {
-    background-color: #555555;
-  }
-
-  #cn_code {
-    background-color: rgb(245, 245, 245);
-  }
-
-  .nb {
-    width: 35px;
-    color: rgb(150, 150, 150);
-    background-color: rgb(230, 230, 230);
-  }
-
-  .toggle {
-    background-color: #333333;
-    color: white;
-  }
-}
-</style>
-</head>
-
-<div id="root">
-  <div id="cn_state">
-  <div class="menu" id="menu1">
-    <ul>
-    <li><button onclick="goto_page(1)"/>first</button></li>
-    <li><button onclick="goto_prev()"/>prev</button></li>
-    <li><button onclick="goto_next()"/>next</button></li>
-    <li><button onclick="goto_page(43)"/>last</button></li>
-    </ul>
-    <div id="pageinfo"></div>
-  </div>
-  <div id="pages"><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function"></div></td><td><div class="loc_section"></div></td><td><div class="loc"></div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1>(none)<h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1>(none)</div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section"></div></td><td><div class="loc"></div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>(same type) String_Buf_At(s, n)(sIn)</td></tr></tbody></table><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1>(none)</div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc"></div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">28:0-42:1</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:4-29:18</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:13-29:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:13-29:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:13-29:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:13-29:14</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:13-29:14</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c)(default(u8))</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">29:15-29:16</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:4-41:5</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:8-31:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:8-31:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:8-31:9</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:8-31:9</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:13-31:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>String_Aux(s, n, unpack_String28.h)(unpack_String28.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">31:8-31:17</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">37:4-41:5</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:8-38:23</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:18-38:22</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:18-38:22</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:18-38:22</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:18-38:19</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:18-38:19</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>W&lt;char&gt;(&amp;c1)(default(u8))</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">38:20-38:21</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:8-39:32</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:8-39:31</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:8-39:25</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:26-39:27</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:26-39:27</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:29-39:30</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>String_Aux(&s[1'u64], n - 1'u64, unpack_String29.h)(unpack_String29.s)</td></tr><tr><td>RW&lt;char&gt;(&s[1'u64])(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String28.h)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">39:29-39:30</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:8-40:56</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:8-40:55</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:8-40:23</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:24-40:27</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:25-40:27</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:29-40:54</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:29-40:30</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:29-40:30</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:33-40:54</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c1)(unpack_String29.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div><div class="page"><div class="hidden"><table><thead><tr><th>function</th><th>section</th><th>location</th></tr></thead><tbody><tr><td><div class="loc_function">len_lt_buf_size</div></td><td><div class="loc_section">body</div></td><td><div class="loc">40:53-40:54</div></td></tr></tbody></table></div><h1>Requested resource</h1><table><tbody><tr><td>String_Buf_At(&amp;c1, n - 1'u64)</td></tr></tbody></table><h1>Possibly relevant predicate clauses</h1><table><thead><tr><th>condition</th><th>clause</th></tr></thead><tbody><tr><td>true</td><td>take s = String(p, buf_len); String_Buf {buf_len: buf_len, chars: s}</td></tr></tbody></table><h1>Definitions and constraints not handled automatically</h1><table><tbody><tr><td>Alloc</td></tr><tr><td>String_Aux</td></tr><tr><td>string_len</td></tr><tr><td>string_buf_len</td></tr><tr><td>string_concat</td></tr><tr><td>string_nth</td></tr><tr><td>string_buf_nth</td></tr></tbody></table><h1>Available resources</h1><table><tbody><tr><td>String_Aux(s, n, unpack_String30.h)(unpack_String30.s)</td></tr><tr><td>RW&lt;char&gt;(s)(unpack_String30.h)</td></tr><tr><td>RW&lt;char&gt;(&amp;c)(unpack_String28.h)</td></tr><tr><td>RW&lt;size_t&gt;(&amp;ARG1)(n)</td></tr><tr><td>RW&lt;char*&gt;(&amp;ARG0)(s)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>Alloc(&amp;c1)(allocs[(alloc_id)&amp;c1])</td></tr><tr><td>Alloc(&amp;c)(allocs[(alloc_id)&amp;c])</td></tr><tr><td>Alloc(&amp;ARG1)(allocs[(alloc_id)&amp;ARG1])</td></tr><tr><td>Alloc(&amp;ARG0)(allocs[(alloc_id)&amp;ARG0])</td></tr></tbody></table></details><h1>Terms</h1><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>allocs</td><td>const({ .base = 5082628840178581504'u64 /* 0x4689200050000000 */, .size = 8'u64 })[@5 = { .base = 7927461296021198848'u64 /* 0x6e04000c18005800 */
-                                                                                        , .size = 8'u64 }][@6 = { .base = 9223372036854775808'u64 /* 0x8000000000000000 */
-                                                                                                                , .size = 1'u64 }][@3 = { .base = 171915244577875968'u64 /* 0x262c4010c89e800 */
-                                                                                                                                        , .size = 13857017777464082432'u64 /* 0xc04e044040050000 */ }][@7 = { .base = 274877929472'u64 /* 0x4000005800 */
-                                                                                                                                                                                                            , .size = 1'u64 }]</td></tr><tr><td>n</td><td>9223372036854775808'u64 /* 0x8000000000000000 */</td></tr><tr><td>sIn</td><td>String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}}</td></tr><tr><td>unpack_String_Buf_At25</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String28</td><td>{ .h = 4'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String_Aux3</td><td>{ .tl = String_Nil {} }</td></tr><tr><td>unpack_String29</td><td>{ .h = 0'u8, .s = String_Nil {} }</td></tr><tr><td>call_nonempty_buf_size0</td><td>{ .return = void, .sOut = String_Buf {buf_len: 9223372036854775808'u64 /* 0x8000000000000000 */, chars: String_Cons {head: 4'u8, tail: String_Nil {}}} }</td></tr><tr><td>unpack_String_Buf_At26</td><td>{ .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>unpack_String30</td><td>{ .h = 0'u8, .s = String_Cons {head: 4'u8, tail: String_Nil {}} }</td></tr><tr><td>n - 1'u64</td><td>9223372036854775807'u64 /* 0x7fffffffffffffff */</td></tr></tbody></table><details><summary>more</summary><table><thead><tr><th>term</th><th>value</th></tr></thead><tbody><tr><td>__builtin_ctzl</td><td>NULL</td></tr><tr><td>__builtin_ctzll</td><td>NULL</td></tr><tr><td>malloc_str</td><td>NULL</td></tr><tr><td>free_str</td><td>NULL</td></tr><tr><td>str_buf_len</td><td>NULL</td></tr><tr><td>str_buf_cpy</td><td>NULL</td></tr><tr><td>str_buf_cmp</td><td>NULL</td></tr><tr><td>str_buf_cat</td><td>NULL</td></tr><tr><td>nonempty_buf_size</td><td>NULL</td></tr><tr><td>len_lt_buf_size</td><td>NULL</td></tr><tr><td>s</td><td>{@3; 0x1d005800cc05ffff}</td></tr><tr><td>&amp;ARG0</td><td>{@4; 0x4689200050000000}</td></tr><tr><td>&amp;ARG1</td><td>{@5; 0x6e04000c18005800}</td></tr><tr><td>&amp;c</td><td>{@6; 0x8000000000000000}</td></tr><tr><td>&amp;c1</td><td>{@7; 0x4000005800}</td></tr></tbody></table></details><h1>Constraints</h1><table><tbody><tr><td><div><div class="toggle"></div><div></div><div>true</div></div></td></tr><tr><td>(i32)unpack_String28.h != 0'i32</td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0 || (u64)&amp;ARG0 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)s + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)s</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;ARG1 || (u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div><div>(u64)&amp;ARG0 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG0</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c || (u64)&amp;c + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div><div>(u64)&amp;ARG1 + 8'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;ARG1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)s + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div><div>(u64)&amp;c + 1'u64 &lt;= (u64)&s[1'u64] || (u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s</div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)s || (u64)s + 1'u64 &lt;= (u64)&amp;c1</div></div></td></tr><tr><td><div><div class="toggle"></div><div>(u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div><div>(u64)&s[1'u64] + 1'u64 &lt;= (u64)&amp;c1 || (u64)&amp;c1 + 1'u64 &lt;= (u64)&s[1'u64]</div></div></td></tr><tr><td>1'u64 &lt; n</td></tr><tr><td>1'u64 &lt;= n</td></tr><tr><td>1'u64 &lt;= n - 1'u64</td></tr><tr><td>(u64)s + 1'u64 &lt;= allocs[(alloc_id)s].base + allocs[(alloc_id)s].size</td></tr><tr><td>(u64)&amp;ARG0 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>(u64)&amp;ARG1 + 8'u64 &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>(u64)&amp;c + 1'u64 &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>(u64)&amp;c1 + 1'u64 &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>(u64)&s[1'u64] + 1'u64 &lt;= allocs[(alloc_id)&s[1'u64]].base + allocs[(alloc_id)&s[1'u64]].size</td></tr><tr><td>allocs[(alloc_id)s].base &lt;= (u64)s</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= allocs[(alloc_id)&amp;ARG0].base + allocs[(alloc_id)&amp;ARG0].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0].base &lt;= (u64)&amp;ARG0</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= allocs[(alloc_id)&amp;ARG1].base + allocs[(alloc_id)&amp;ARG1].size</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1].base &lt;= (u64)&amp;ARG1</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= allocs[(alloc_id)&amp;c].base + allocs[(alloc_id)&amp;c].size</td></tr><tr><td>allocs[(alloc_id)&amp;c].base &lt;= (u64)&amp;c</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= allocs[(alloc_id)&amp;c1].base + allocs[(alloc_id)&amp;c1].size</td></tr><tr><td>allocs[(alloc_id)&amp;c1].base &lt;= (u64)&amp;c1</td></tr><tr><td>allocs[(alloc_id)&s[1'u64]].base &lt;= (u64)&s[1'u64]</td></tr><tr><td>(u64)s &lt;= (u64)s + 1'u64</td></tr><tr><td>(u64)&amp;ARG0 &lt;= (u64)&amp;ARG0 + 8'u64</td></tr><tr><td>(u64)&amp;ARG1 &lt;= (u64)&amp;ARG1 + 8'u64</td></tr><tr><td>(u64)&amp;c &lt;= (u64)&amp;c + 1'u64</td></tr><tr><td>(u64)&amp;c1 &lt;= (u64)&amp;c1 + 1'u64</td></tr><tr><td>(u64)&s[1'u64] &lt;= (u64)&s[1'u64] + 1'u64</td></tr><tr><td>sIn == String_Buf {buf_len: n, chars: unpack_String_Buf_At25.s}</td></tr><tr><td>unpack_String_Buf_At25.s == unpack_String28.s</td></tr><tr><td>unpack_String28.s == String_Cons {head: unpack_String28.h, tail: unpack_String_Aux3.tl}</td></tr><tr><td>unpack_String_Aux3.tl == unpack_String29.s</td></tr><tr><td>call_nonempty_buf_size0.sOut == String_Buf {buf_len: n, chars: unpack_String_Buf_At26.s}</td></tr><tr><td>unpack_String_Buf_At26.s == unpack_String30.s</td></tr><tr><td>String_Buf {buf_len: n, chars: String_Cons {head: unpack_String28.h, tail: unpack_String29.s}} == call_nonempty_buf_size0.sOut</td></tr><tr><td>allocs[(alloc_id)&amp;ARG0] == { .base = (u64)&amp;ARG0, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;ARG1] == { .base = (u64)&amp;ARG1, .size = 8'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c] == { .base = (u64)&amp;c, .size = 1'u64 }</td></tr><tr><td>allocs[(alloc_id)&amp;c1] == { .base = (u64)&amp;c1, .size = 1'u64 }</td></tr><tr><td>has_alloc_id(s)</td></tr><tr><td>has_alloc_id(&amp;ARG0)</td></tr><tr><td>has_alloc_id(&amp;ARG1)</td></tr><tr><td>has_alloc_id(&amp;c)</td></tr><tr><td>has_alloc_id(&amp;c1)</td></tr><tr><td>aligned(s, 1'u64)</td></tr><tr><td>aligned(&amp;ARG0, 8'u64)</td></tr><tr><td>aligned(&amp;ARG1, 8'u64)</td></tr><tr><td>aligned(&amp;c, 1'u64)</td></tr><tr><td>aligned(&amp;c1, 1'u64)</td></tr><tr><td>aligned(&s[1'u64], 1'u64)</td></tr></tbody></table><details><summary>more</summary><table><tbody><tr><td>good&lt;char*&gt;(s)</td></tr><tr><td>good&lt;char*&gt;(&s[1'u64])</td></tr></tbody></table></details></div></div>
-  </div>
-<div id="cn_code_display">
-<div class="menu" id="menu2">
-  <div id="sectioninfo"></div>
-</div>
-<div id="cn_code">#include "string_buf.c"
-
-// UTILITIES
-
-void nonempty_buf_size(char *s, size_t n)
-/*@
-requires
-    take sIn = String_Buf_At(s, n);
-    chars(sIn) != String_Nil{};
-ensures
-    take sOut = String_Buf_At(s, n);
-    sIn == sOut;
-    n > 1u64;
-@*/
-{
-    char c = s[0];
-    /*@ split_case (c == 0u8); @*/
-}
-
-void len_lt_buf_size(char *s, size_t n)
-/*@
-requires
-    take sIn = String_Buf_At(s, n);
-ensures
-    take sOut = String_Buf_At(s, n);
-    sIn == sOut;
-    string_buf_len(sOut) < n;
-@*/
-{
-    char c = s[0];
-
-    if (c == '\0')
-    {
-        /*@ unfold string_buf_len(String_Buf {buf_len: n, chars: String_Nil {}}); @*/
-        /*@ unfold string_len(String_Nil{});@*/
-    }
-    else
-    {
-        char c1 = s[1];
-        nonempty_buf_size(s, n);
-        len_lt_buf_size(&c1, n - (unsigned long long)1);
-    }
-}</div>
-</div>
-</div>
-
-<script defer>
-var current_page = 1
-const menu = document.getElementById("menu1").getElementsByTagName("li")
-const pageinfo = document.getElementById("pageinfo")
-const pages = document.getElementById("pages").children
-const cn_code = document.getElementById("cn_code")
-const n_pages = pages.length
-
-
-function clear_highlight() {
-  Array.from(document.getElementById("cn_code").children).forEach((e) => {
-    div = e.children[1]
-    div.replaceChildren(div.textContent)
-  })
-}
-
-function highlight(line, start_col, end_col) {
-  // console.log(`HIGHLIGHT(${line}, ${start_col}, ${end_col})`)
-  if (end_col <= start_col) {
-    end_col = start_col+1
-  }
-  Array.from(cn_code.children).forEach((e, n) => {
-    div = e.children[1]
-    if (n != line-1) {
-      div.replaceChildren(div.textContent)
-    } else {
-      str = div.textContent
-      before = str.substring(0, start_col-1)
-      hl = document.createElement("span")
-      hl.classList.add("hl")
-      hl.textContent = str.substring(start_col-1,end_col-1)
-      after = str.substring(end_col-1)
-      div.replaceChildren(before,hl,after)
-      cn_code.scrollTop = div.offsetTop
-    }
-  })
-}
-
-function multiline_highlight(start_line, start_col, end_line, end_col) {
-  Array.from(cn_code.children).forEach((e, n) => {
-    div = e.children[1]
-    if (n < start_line || end_line < n) {
-      div.replaceChildren(div.textContent)
-    } else {
-      str = div.textContent
-      if (n == start_line) {
-        cn_code.scrollTop = div.offsetTop
-      }
-      hl = document.createElement("span")
-      hl.classList.add("hl")
-      // TODO: probably could be written nicer
-      if (start_line == end_line) {
-        before = str.substring(0, start_col)
-        hl.textContent = str.substring(start_col,end_col)
-        after = str.substring(end_col)
-        div.replaceChildren(before,hl,after)
-      } else if (n == start_line) {
-        before = str.substring(0, start_col)
-        hl.textContent = str.substring(start_col)
-        div.replaceChildren(before,hl)
-      } else if (n == end_line) {
-        hl.textContent = str.substring(0,end_col)
-        after = str.substring(end_col)
-        div.replaceChildren(hl,after)
-      } else {
-        hl.textContent = str
-        div.replaceChildren(hl)
-      }
-    }
-  })
-}
-
-// function decode_loc(n) {
-//   loc = pages[n-1].getElementsByClassName("loc")[0].textContent
-//   console.log("DECODING ==> ", loc)
-//   if (loc == "") {
-//     // console.log("NO LOC")
-//     clear_highlight()
-//   } else {
-//     xs = loc.split(" ")[1].split(":")
-//     line = xs[1]
-//     col = parseInt(xs[2])
-//     // console.log(`LOC ==> line: ${line} -- col: ${col}`)
-//     highlight(line, col, col+1)
-//   }
-// }
-
-function decode_loc(n) {
-  loc = pages[n-1].getElementsByClassName("loc")[0].textContent
-  fnction = pages[n-1].getElementsByClassName("loc_function")[0].textContent
-  section = pages[n-1].getElementsByClassName("loc_section")[0].textContent
-  if (loc == "") {
-    clear_highlight()
-  } else {
-    pair = loc.split("-")
-    start = pair[0].split(":")
-    end = pair[1].split(":")
-    multiline_highlight(start[0], start[1], end[0], end[1])
-  }
-  if (fnction == "") {
-    sectioninfo.textContent = "(none)"
-  }
-  else if (section == "") {
-    sectioninfo.textContent = fnction
-  }
-  else {
-    sectioninfo.textContent = `${fnction}  >  ${section}`
-  }
-}
-
-function goto_page(n) {
-  if (0 < n && n <= n_pages ) {
-    // console.log(`GOTO_PAGE(${n} ==> current: ${current_page})`)
-    decode_loc(n)
-    pages[current_page - 1].style.display = "none"
-    pages[n-1].style.display = "block"
-    current_page = n
-
-    pageinfo.textContent = `[${current_page} / ${n_pages}]`
-    menu[0].disabled = false
-    menu[1].disabled = false
-    menu[2].disabled = false
-    menu[3].disabled = false
-    if (current_page == 1) {
-      menu[0].disabled = true
-      menu[1].disabled = true
-    } else if (current_page == n_pages) {
-      menu[2].disabled = true
-      menu[3].disabled = true
-    }
-  }
-}
-
-function goto_prev() {
-  goto_page(current_page-1)
-}
-
-function goto_next() {
-  goto_page(current_page+1)
-}
-
-function create_line(n, str) {
-  nb_div = document.createElement("div")
-  str_div = document.createElement("div")
-  nb_div.textContent = n
-  nb_div.classList.add("nb")
-  str_div.textContent = str
-  str_div.classList.add("line")
-  ret = document.createElement("div")
-  ret.style.display = "flex"
-  ret.replaceChildren(nb_div, str_div)
-  return ret
-}
-
-function make_toggles(className, labels) {
-  for(const btn of document.getElementsByClassName(className)) {
-    const opts = []
-    for (let i = btn.nextSibling; i !== null; i = i.nextSibling) {
-      i.classList.add("hidden")
-      opts.push(i)
-    }
-    console.log(opts)
-    let cur = 0
-    function update() {
-      cur %= opts.length
-      const lab = labels && labels[cur] || ("Option " + (cur + 1))
-      btn.textContent = lab
-      opts[cur].classList.remove("hidden")
-    }
-    btn.addEventListener("click", () => {
-      opts[cur].classList.add("hidden")
-      ++cur
-      update()
-    })
-    update()
-  }
-}
-
-function init() {
-  make_toggles("toggle",["Simplified","Original"])
-  lines = cn_code.textContent.split("\n")
-  lines.forEach((e, n) => {
-    if (n == 0) {
-      cn_code.replaceChildren(create_line(1, e))
-    } else {
-      cn_code.appendChild(create_line(n+1, e))
-    }
-  })
-
-  goto_page(1)
-
-  Array.from(pages).forEach((e, i) => {
-    if (i != 0) {
-      e.style.display = "none"
-    }
-  })
-}
-
-init()
-</script>
-</html>

From 6a1ddfa22bf0499444a125264439f6fcc10bdbad Mon Sep 17 00:00:00 2001
From: cassiatorczon <cassiatorczon@gmail.com>
Date: Thu, 1 May 2025 02:30:23 -0400
Subject: [PATCH 3/8] cleanup

---
 src/exercises/string/array.h  |  0
 src/exercises/string/string.c | 89 -----------------------------------
 2 files changed, 89 deletions(-)
 delete mode 100644 src/exercises/string/array.h
 delete mode 100644 src/exercises/string/string.c

diff --git a/src/exercises/string/array.h b/src/exercises/string/array.h
deleted file mode 100644
index e69de29b..00000000
diff --git a/src/exercises/string/string.c b/src/exercises/string/string.c
deleted file mode 100644
index 53e647d8..00000000
--- a/src/exercises/string/string.c
+++ /dev/null
@@ -1,89 +0,0 @@
-#include <stddef.h>
-#include "spec_funs.h"
-
-/*@
-// null-terminated strings with no extra buffer
-
-predicate (datatype String) String_At(pointer p) {
-    take h = RW<char>(p);
-    take s = String_At_Aux(p, h);
-    return s;
-}
-
-predicate (datatype String) String_At_Aux(pointer p, u8 h) {
-    if (h == 0u8) {
-        return String_Nil {};
-    } else {
-        take tl = String_At(array_shift<char>(p, 1u64));
-        return String_Cons {head : h, tail : tl};
-    }
-}
-
-// function [rec] (u64) string_len(String s) {
-//   match s {
-//     String_Nil {} => { 0u64 }
-//     String_Cons { head : h , tail : tl } => { 1u64 + string_len(tl) }
-//   }
-// }
-
-// function [rec] (datatype String) string_concat(String s1, String s2) {
-//   match s1 {
-//       String_Nil {} => { s2 }
-//       String_Cons { head : h , tail : tl } => {
-//       String_Cons { head : h, tail : string_concat(tl, s2) }
-//       }
-//   }
-// }
-@*/
-
-// library functions with minimal buffer size arguments
-
-extern size_t strlen(const char *s);
-/*@ spec strlen(pointer s);
-    requires
-      take sIn = String_At(s);
-    ensures
-      take sOut = String_At(s);
-      sIn == sOut;
-      return == string_len(sIn);
-@*/
-
-extern char *strlcpy(char *dest, const char *src, size_t dest_size);
-/*@ spec strlcpy(pointer dest, pointer src, u64 dest_size);
-    requires
-      take srcIn = String_At(src);
-      take destIn = String_Buf_At(dest, dest_size);
-      string_len(srcIn) < dest_size; // < to leave room for the null
-    ensures
-      take srcOut = String_At(src);
-      take destOut = String_Buf_At(dest, dest_size);
-      srcIn == srcOut;
-      destOut == String_Buf { chars : srcIn, buf_len : dest_size };
-      ptr_eq(return, dest);
-@*/
-
-extern int strcmp(char *s1, char *s2);
-/*@ spec strcmp(pointer s1, pointer s2);
-    requires
-      take s1In = String_At(s1);
-      take s2In = String_At(s2);
-    ensures
-      take s1Out = String_At(s1);
-      take s2Out = String_At(s2);
-      s1In == s1Out;
-      s2In == s2Out;
-      (return == 0i32) ? s1In == s2In : s1In != s2In;
-@*/
-
-extern char *strcat(char *dest, const char *src, size_t dest_size);
-/*@ spec strcat(pointer dest, pointer src, u64 dest_size);
-    requires
-      take srcIn = String_At(src);
-      take destIn = String_Buf_At(dest, dest_size);
-      string_len(srcIn) + string_buf_len(destIn) < dest_size; // < to leave room for the null
-    ensures
-      take srcOut = String_At(src);
-      take destOut = String_Buf_At(dest, dest_size);
-      srcIn == srcOut;
-      destOut == String_Buf { chars : string_concat(srcIn, chars(destIn)), buf_len : buf_len(destIn) };
-@*/
\ No newline at end of file

From 7e31f207bab4abc2e8350f1bce5e4cabe816c448 Mon Sep 17 00:00:00 2001
From: cassiatorczon <cassiatorczon@gmail.com>
Date: Sun, 4 May 2025 19:50:30 -0400
Subject: [PATCH 4/8] full simple example

---
 src/exercises/string/lemmas.c   | 158 ++++++++++++++++++++++++++++++++
 src/exercises/string/trusted.h  | 116 +++++++++++++++++++++++
 src/exercises/string/unproven.c | 132 ++++++++++++++++++++++++++
 src/exercises/string/unused.c   |  83 +++++++++++++++++
 4 files changed, 489 insertions(+)
 create mode 100644 src/exercises/string/lemmas.c
 create mode 100644 src/exercises/string/trusted.h
 create mode 100644 src/exercises/string/unproven.c
 create mode 100644 src/exercises/string/unused.c

diff --git a/src/exercises/string/lemmas.c b/src/exercises/string/lemmas.c
new file mode 100644
index 00000000..2bfc3ea8
--- /dev/null
+++ b/src/exercises/string/lemmas.c
@@ -0,0 +1,158 @@
+#include <stddef.h>
+#include "trusted.h"
+
+/*
+String lemmas proven in CN.
+*/
+
+// string length is less than buffer size
+void len_lt_buf_size(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    string_len(sOut) < n;
+@*/
+{
+    char c = s[0];
+
+    if (c == '\0')
+    {
+        /*@ unfold string_len(sIn); @*/
+    }
+    else
+    {
+        len_lt_buf_size(&s[1], n - (unsigned long long)1);
+        /*@ unfold string_len(sIn);@*/
+    }
+}
+
+// nonempty string's length is 1 + its tail's length
+void one_plus_string_len(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+    !is_nil_string_buf(sIn);
+ensures
+    take h = RW<char>(s);
+    take tl = String_Buf_At(array_shift<char>(s, 1u64), n - 1u64);
+    sIn == String_Buf_Cons { head : h, tail : tl };
+    string_len(sIn) == 1u64 + string_len(tl);
+@*/
+{
+    char c = s[0];
+    /*@ split_case (c == 0u8); @*/
+    /*@ unfold string_len(sIn); @*/
+}
+
+// string length is less than max u64
+void string_len_not_max(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    string_len(sIn) < 18446744073709551615u64;
+@*/
+{
+    len_lt_buf_size(s, n);
+}
+
+// adding one to less than max u64 does not wrap around
+void plus_one_gt_zero(size_t n)
+/*@
+requires
+    n < 18446744073709551615u64;
+ensures
+    1u64 + n > 0u64;
+@*/
+{
+}
+
+// length of nonempty string is > 0
+void nonempty_string_len(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+    !is_nil_string_buf(sIn);
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    string_len(sIn) > 0u64;
+@*/
+{
+    char c = s[0];
+    if (c == '\0')
+    {
+        /* impossible */
+        /*@ assert (false); @*/
+    }
+    else
+    {
+        string_len_not_max(&s[1], n - (unsigned long long)1);
+        len_lt_buf_size(&s[1], n - (unsigned long long)1);
+        plus_one_gt_zero(str_buf_len(&s[1], n - (unsigned long long)1));
+        one_plus_string_len(s, n);
+    }
+}
+
+// equal strings have the same length
+void string_equal_impl_equal_len(char *s1, size_t n1, char *s2, size_t n2)
+/*@
+requires
+    take s1In = String_Buf_At(s1, n1);
+    take s2In = String_Buf_At(s2, n2);
+    string_equal(s1In, s2In);
+ensures
+    take s1Out = String_Buf_At(s1, n1);
+    take s2Out = String_Buf_At(s2, n2);
+    s1In == s1Out;
+    s2In == s2Out;
+    string_len(s1In) == string_len(s2In);
+@*/
+{
+    char c1 = s1[0];
+    char c2 = s2[0];
+    if (c1 == '\0')
+    {
+        /*@ unfold string_equal(s1In, s2In); @*/
+        /*@ unfold string_len(s1In); @*/
+        /*@ unfold string_len(s2In); @*/
+    }
+    else
+    {
+        /*@ unfold string_equal(s1In, s2In); @*/
+        /*@ split_case (c2 == 0u8); @*/
+        /*@ unfold string_len(s1In); @*/
+        /*@ unfold string_len(s2In); @*/
+        string_equal_impl_equal_len(&s1[1], n1 - (unsigned long long)1, &s2[1], n2 - (unsigned long long)1);
+    }
+}
+
+// all elements of a string are nonzero up to (excluding) string_len
+void nonzero_up_to_len(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    each (u64 i; i < string_len(sIn)) {
+        string_buf_nth(sIn, i) != 0u8 };
+@*/
+{
+    char c = s[0];
+    if (c == '\0')
+    {
+        /*@ unfold string_len(sIn); @*/
+    }
+    else
+    {
+        /*@ unfold string_buf_nth(sIn, 0u64); @*/
+        nonzero_up_to_len(&s[1], n - (unsigned long long)1);
+        /*@ apply nonzero_up_to_len_step(s, n); @*/
+    }
+}
\ No newline at end of file
diff --git a/src/exercises/string/trusted.h b/src/exercises/string/trusted.h
new file mode 100644
index 00000000..7879d246
--- /dev/null
+++ b/src/exercises/string/trusted.h
@@ -0,0 +1,116 @@
+#include "string_buf.c"
+
+/*
+Trusted string lemmas.
+*/
+
+/*@
+lemma array_owned_shift_one_l(pointer s, u64 tail_owned_len) //TODO
+
+requires
+    take first = RW<char>(s);
+    take rest = each (u64 i; i < tail_owned_len) {
+        RW<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
+    tail_owned_len < 18446744073709551615u64;
+ensures
+    take all = each (u64 i; i < 1u64 + tail_owned_len) {
+        RW<char>(array_shift<char>(s, i))};
+@*/
+
+/*@
+lemma array_blocked_shift_one_l(pointer s, u64 tail_low, u64 tail_high) //TODO
+
+requires
+    take blockedIn = each (u64 i; tail_low < i && i < tail_high) {
+        W<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
+    tail_high < 18446744073709551615u64;
+ensures
+    take blockedOut = each (u64 i; tail_low + 1u64 < i && i < 1u64 + tail_high) {
+        W<char>(array_shift<char>(s, i))};
+@*/
+
+/*@
+lemma array_shift_one_r(pointer s, size_t tail_string_len, size_t tail_buf_len)
+
+requires
+    take ownedIn = each (u64 i; i < 1u64 + tail_string_len) {
+        RW<char>(array_shift<char>(s, i))};
+    take blockedIn = each (u64 i; tail_string_len + 1u64 < i && i < 1u64 + tail_buf_len) {
+        W<char>(array_shift<char>(s, i))};
+    tail_string_len < tail_buf_len;
+    tail_buf_len < 18446744073709551615u64;
+    take nullIn = RW<char>(array_shift<char>(s, 1u64 + tail_string_len));
+    nullIn == 0u8;
+    each (u64 i; i < 1u64 + tail_string_len) {
+        ownedIn[i] != 0u8
+    };
+ensures
+    take first = RW<char>(s);
+    first != 0u8;
+    take ownedOut = each (u64 i; i < tail_string_len) {
+        RW<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
+    take blockedOut = each (u64 i; tail_string_len < i && i < tail_buf_len) {
+        W<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
+    take nullOut = RW<char>(array_shift<char>(array_shift<char>(s, 1u64), tail_string_len));
+    nullOut == 0u8;
+    each (u64 i; i < tail_string_len) {
+        ownedOut[i] != 0u8
+    };
+@*/
+
+/*@
+lemma array_to_string_buf(pointer s, u64 n, u64 string_len)
+requires
+    take sArray = each(u64 i; i < string_len) {
+        RW<char>( array_shift<char>(s, i) ) };
+    take sRem = each(u64 i; string_len < i && i < n) {
+        W<char>( array_shift<char>(s, i)) };
+    n >= 1u64;
+    string_len < n;
+    take sNull = RW<char>(array_shift<char>(s, string_len));
+    sNull == 0u8;
+    each (u64 i; i < string_len) {
+        sArray[i] != 0u8
+    };
+ensures
+    take sBuf = String_Buf_At(s, n);
+    string_len == string_len(sBuf);
+    each (u64 i; i < string_len(sBuf)) {
+        string_buf_nth(sBuf, i) == sArray[i]
+    };
+@*/
+
+/*@
+lemma string_buf_to_array(pointer s, u64 n, u64 string_len) //TODO
+requires
+    take sBuf = String_Buf_At(s, n);
+    string_len(sBuf) == string_len;
+ensures
+    string_len < n;
+    n >= 1u64;
+    take sArray = each (u64 i; i < string_len) {
+        RW<char>( array_shift<char>(s, i) ) };
+    take sRem = each (u64 i; string_len < i && i < n) {
+        W<char>( array_shift<char>(s, i) ) };
+    each (u64 i; i < string_len) {
+        string_buf_nth(sBuf, i) == sArray[i]
+    };
+    take sNull = RW<char>(array_shift<char>(s, string_len));
+    sNull == 0u8;
+@*/
+
+/*@
+lemma nonzero_up_to_len_step(pointer s, size_t n)
+
+requires
+    n > 1u64;
+    take sHead = RW<char>(s);
+    take sTail = String_Buf_At(array_shift<char>(s, 1u64), n - 1u64);
+    each (u64 i; i < string_len(sTail)) {
+        string_buf_nth(sTail, i) != 0u8 };
+ensures
+    take sOut = String_Buf_At(s, n);
+    sOut == String_Buf_Cons { head : sHead, tail : sTail };
+    each (u64 i; i < string_len(sOut)) {
+        string_buf_nth(sOut, i) != 0u8 };
+@*/
\ No newline at end of file
diff --git a/src/exercises/string/unproven.c b/src/exercises/string/unproven.c
new file mode 100644
index 00000000..dab57776
--- /dev/null
+++ b/src/exercises/string/unproven.c
@@ -0,0 +1,132 @@
+#include <stddef.h>
+#include "string_buf.c"
+
+/*
+In progress CN versions of trusted lemmas.
+*/
+
+void array_to_string_buf_c(char *s, size_t string_len, size_t n)
+/*@
+requires
+    take sArray = each(u64 i; i < string_len) {
+        RW<char>( array_shift<char>(s, i) ) };
+    take sRem = each(u64 i; string_len < i && i < n) {
+        W<char>( array_shift<char>(s, i)) };
+    n >= 1u64;
+    string_len < n;
+    take sNull = RW<char>(array_shift<char>(s, string_len));
+    sNull == 0u8;
+    // we need some "fix arbitrary i" tactic for the below
+    each (u64 i; i < string_len) {
+        sArray[i] != 0u8
+    };
+ensures
+    take sBuf = String_Buf_At(s, n);
+    string_len == string_len(sBuf);
+    each (u64 i; i < string_len(sBuf)) {
+        string_buf_nth(sBuf, i) == sArray[i]
+    };
+@*/
+{
+    /*@ split_case (string_len == 0u64); @*/
+    /*@ focus RW<char>, 0u64; @*/
+    char c = s[0];
+    /*@split_case (c == 0u8); @*/
+    if (string_len == (unsigned long long)0)
+    {
+        if (c == '\0')
+        {
+            /*@ unfold string_len(String_Buf_Nil { empty_buf : n }); @*/
+        }
+        else
+        {
+            // impossible
+            /*@ instantiate 0u64; @*/
+            /*@ assert (false); @*/
+        }
+    }
+    else
+    {
+        /*@ apply array_shift_one_r(s, string_len - 1u64, n - 1u64); @*/
+        array_to_string_buf_c(&s[1], string_len - (unsigned long long)1, n - (unsigned long long)1);
+        one_plus_string_len(s, n);
+    }
+}
+
+void string_buf_to_array_c(char *s, size_t n)
+/*@
+requires
+    take sBuf = String_Buf_At(s, n);
+ensures
+    string_len(sBuf) < n;
+    n >= 1u64;
+    take sArray = each (u64 i; i < string_len(sBuf)) {
+        RW<char>( array_shift<char>(s, i) ) };
+    take sRem = each (u64 i; string_len(sBuf) < i && i < n) {
+        W<char>( array_shift<char>(s, i) ) };
+    // we need some "fix arbitrary i" tactic for the below
+    each (u64 i; i < string_len(sBuf)) {
+        string_buf_nth(sBuf, i) == sArray[i]
+    };
+    take sNull = RW<char>(array_shift<char>(s, string_len(sBuf)));
+    sNull == 0u8;
+@*/
+{
+    char c = s[0];
+    if (c == '\0')
+    {
+        /*@ unfold string_len(sBuf); @*/
+    }
+    else
+    {
+        char c1 = s[1];
+        string_buf_to_array_c(&s[1], n - (unsigned long long)1);
+        /*@ unfold string_len(sBuf); @*/
+        /*@ apply array_owned_shift_one_l(s, string_len(sBuf) - 1u64); @*/
+        /*@ apply array_blocked_shift_one_l(s, string_len(sBuf) - 1u64, n - 1u64); @*/
+    }
+}
+
+/*
+In progress potentially-useful functions.
+*/
+
+// edit any character in the initial string to a non-null character
+void edit_at(char *s, size_t buf_len, size_t index, char c)
+/*@
+requires
+    take sIn = String_Buf_At(s, buf_len);
+    index < string_len(sIn);
+    c != 0u8;
+ensures
+    take sOut = String_Buf_At(s, buf_len);
+    // we need some "fix arbitrary i" tactic for the below
+    each (u64 i; i < string_len(sOut)) {
+        i == index
+            ? string_buf_nth(sOut, i) == c
+            : string_buf_nth(sOut, i) == string_buf_nth(sIn, i)
+    };
+@*/
+{
+    size_t sLen = str_buf_len(s, buf_len);
+    /*@ apply string_buf_to_array(s, buf_len, string_len(sIn)); @*/
+    edit_array_at(s, sLen, index, c);
+    /*@ instantiate index; @*/
+    /*@ apply array_to_string_buf(s, buf_len, sLen); @*/
+}
+
+// allocate a string of size n and set the first byte to '\0'
+char *init_string(size_t n)
+/*@
+requires
+    1u64 <= n; // 1 byte is required for null termination
+ensures
+    take sOut = String_Buf_At(return, n);
+    sOut == String_Buf_Nil { empty_buf : n };
+@*/
+{
+    char *s = malloc_str(n);
+    /*@ apply string_buf_to@*/
+    s[0] = '\0';
+    return s;
+}
diff --git a/src/exercises/string/unused.c b/src/exercises/string/unused.c
new file mode 100644
index 00000000..2f9056ed
--- /dev/null
+++ b/src/exercises/string/unused.c
@@ -0,0 +1,83 @@
+#include <stddef.h>
+#include "string_buf.c"
+
+/*
+Not used for current example, but potentially useful.
+*/
+
+/* CN lemmas */
+
+// buffer size for a nonempty string is > 1
+void nonempty_buf_size(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+    !is_nil_string_buf(sIn);
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    n > 1u64;
+@*/
+{
+    char c = s[0];
+    /*@ split_case (c == 0u8); @*/
+}
+
+// empty string has length 0
+void nil_string_len(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+    is_nil_string_buf(sIn);
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    string_len(sOut) == 0u64;
+@*/
+{
+    /*@ unfold string_len(sIn); @*/
+}
+
+/* Trusted lemmas */
+
+/*@
+lemma array_owned_shift_one_r(pointer s, u64 tail_owned_len) //TODO
+
+requires
+    take all = each (u64 i; i < 1u64 + tail_owned_len) {
+        RW<char>(array_shift<char>(s, i))};
+    tail_owned_len < 18446744073709551615u64;
+ensures
+    take first = RW<char>(s);
+    take rest = each (u64 i; i < tail_owned_len) {
+        RW<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
+@*/
+
+/*@
+lemma array_blocked_shift_one_r(pointer s, u64 tail_low, u64 tail_high) //TODO
+
+requires
+    take blockedIn = each (u64 i; tail_low + 1u64 < i && i < 1u64 + tail_high) {
+        W<char>(array_shift<char>(s, i))};
+    tail_high < 18446744073709551615u64;
+ensures
+    take blockedOut = each (u64 i; tail_low < i && i < tail_high) {
+        W<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
+@*/
+
+/*@
+lemma nonzero_shift_one_r(pointer s, size_t tail_len)
+
+requires
+    take sIn = each (u64 i; i < 1u64 + tail_len) {
+        RW<char>(array_shift<char>(s, i))};
+    each (u64 i; i < 1u64 + tail_len) {
+        sIn[i] != 0u8
+    };
+ensures
+    take sOut = each (u64 i; i < 1u64 + tail_len) {
+        RW<char>(array_shift<char>(s, i))};
+    each (u64 i; i < tail_len) {
+        sOut[1u64 + i] != 0u8
+    };
+@*/
\ No newline at end of file

From ce158b95816c9bbbf72d18ccf1d90d41b021d90b Mon Sep 17 00:00:00 2001
From: cassiatorczon <cassiatorczon@gmail.com>
Date: Mon, 5 May 2025 19:34:00 -0400
Subject: [PATCH 5/8] writeup

---
 docs/getting-started/case-studies/strings.md | 125 +++++++++++++++
 src/exercises/string/cn_types.h              |  43 ++---
 src/exercises/string/example.c               |  85 +++++-----
 src/exercises/string/lemmas.c                | 158 +++++++++++++++++--
 src/exercises/string/lemmas.h                |  57 -------
 src/exercises/string/spec_funs.h             |  86 +++++++---
 src/exercises/string/string_buf.c            |  22 +--
 src/exercises/string/trusted.h               |  56 +------
 src/exercises/string/unproven.c              |  27 +++-
 src/exercises/string/unused.c                | 100 +++++++++++-
 src/exercises/string/util.c                  |  59 +++----
 11 files changed, 556 insertions(+), 262 deletions(-)
 create mode 100644 docs/getting-started/case-studies/strings.md
 delete mode 100644 src/exercises/string/lemmas.h

diff --git a/docs/getting-started/case-studies/strings.md b/docs/getting-started/case-studies/strings.md
new file mode 100644
index 00000000..1d90e037
--- /dev/null
+++ b/docs/getting-started/case-studies/strings.md
@@ -0,0 +1,125 @@
+# Null-terminated strings
+
+A null-terminated string is an array of characters where the 0 character,
+`'\0'`, signals the end of the string. (Note that there is no "null" in the
+usual pointer sense, just the byte consisting of all zeros. Note also that this
+is distinct from `'0'`.)
+
+To ensure safety for operations like in-place concatenation, we need to keep
+track of not just the string up to `'\0'`, but the entire buffer allocated for
+the string. This means our logical representation of strings looks like this:
+
+```c title="exercises/string/cn_types.h"
+--8<--
+exercises/string/cn_types.h
+--8<--
+```
+
+In order to facilitate proofs, we define logical string buffers inductively. A
+string buffer represents either the empty string, in which case we have a
+64-bit integer indicating how many unused bytes the buffer has (counting the
+null byte as unused), or a nonempty string, in which case we have a (non-null)
+character followed by another string buffer.
+
+Due to CN restrictions on top-level `if`, we have two mutually-recursive
+predicates. `String_Buf_At(p, buf_len)` asserts that at the input pointer `p`,
+there is a buffer of total size `buf_len` (including the string, the `'\0'`
+terminator, and any extra empty bytes), represented by the logical string that
+`String_Buf_At` returns. (Note that `buf_len` must be at least 1, to have space
+for at least `'\0'`.) `String_Buf_At` reads the first character and, via
+`String_Buf_Aux`, checks if it is `'\0'`. If so, it blocks the rest of the
+bytes, using `W` instead of `RW` because these bytes have no meaningful data
+for us to read yet. If the first byte is not `'\0'`, we recursively call
+`String_Buf_At` on the rest of the buffer.
+
+`spec_funs.h` contains CN functions on the logical representation of string
+buffers. Specifically:
+* `buf_len` gets the length of the entire allocated buffer for the string
+* `string_length` gets the length of the conceptual string, i.e., all the
+characters before `'\0'`
+* `empty_buf_len` gets the number of bytes after the conceptual string, i.e.,
+the number of bytes in the buffer starting with the first `'\0'`
+* `string_buf_concat` performs in-place concatenation of two strings. It
+assumes the destination string has sufficient space
+* `string_buf_nth` returns the (0-indexed) nth character of a string,
+defaulting to `'\0'` if n is greater than or equal to the length of the
+conceptual string
+* `is_nil_string_buf` checks if a string buffer represents the empty string
+* `string_equal` checks if two string buffers contain equal conceptual strings,
+i.e., the buffers may have different total size, but they should contain the
+same characters up to and including the first `'\0'`
+
+`string_buf.c` contains specifications for string functions in the C standard
+library. The functions we would like to have available are `malloc`, `free`,
+`strlen`, `strcpy`, `strcmp`, and `strcat`. However, to work with our
+`String_Buf` type and ensure memory safety, we add additional arguments to
+keep track of the lengths of all of the strings' buffers.
+
+`trusted.h` and `lemmas.c` both contain lemmas about the functions in
+`spec_funs.h` and `string_buf.c`. The lemmas in `trusted.h` are trusted,
+i.e., not proven in CN, while the ones in `lemmas.c` are proven in CN.
+These will be useful for the example function in `example.c`.
+
+`example.c` contains a toy function designed to use every function in
+`string_buf.c` together. It takes a pointer to an input string, the length of
+the buffer containing that string, the number of bytes we will allocate for
+a second string, and two characters. To make the later copies and comparisons
+interesting, we require the input string to be nonempty and the characters
+distinct and non-null. We will also later concatenate the strings, so we want
+enough space in the buffer we will allocate to fit the input string twice (with
+room for a terminating `'\0'` also). We specify this with the constraint
+`string_len(sIn) + string_len(sIn) < n2`, and we require the input string to be
+sufficiently small that this statement is meaningful, i.e., the `+` is not
+wrapping around.
+
+In the body of our function, we first allocate the second string using
+`malloc_str`. Like `malloc`, this does not initialize the bytes in the string to
+any specific value.
+
+Next, we copy the input string into the second string's buffer. Thanks to our
+preconditions, we know we have enough space for this.
+
+After that, we compare the two strings. Because we just copied the first into
+the second, the result should be 0; we confirm with `assert` that it is.
+
+We would now like to edit the first character of each string. We have a safe
+wrapper for array edits, `edit_array_at`. This ensures not only that we do
+not write beyond the bounds of our array, but also that our edit is meaningful:
+we must edit a character within the current defined string, not the empty
+buffer space. (If we wanted to extend the string, we would use
+`string_buf_cat`.) However, in order to do this, we need to switch from our
+`String_Buf` representation of strings to an array representation of strings.
+
+Luckily, we have a lemma for this, `string_buf_to_array`. When we go to edit
+the first array, however, we will need to know that the index at which we are
+writing is less than the string length. We are writing at index `0`, so the
+lemma that tells us this is `nonempty_string_len`, which asserts that nonempty
+strings have positive length. This lemma is stated in terms of our
+`String_Buf_At` predicate, so we need to apply it before applying
+`string_buf_to_array`.
+
+This allows us to edit the array, but when we go to convert it back to a
+`String_Buf`, we will need additional information. In order for an array to
+be a valid string buffer, it must start with some number (potentially 0) of
+non-null characters, in this case `s1Len - 1` of them, followed by the null
+character, followed by 0 or more write-only bytes. We have a lemma stating
+that the first `s1Len - 1` characters of the array are non-null,
+`nonzero_up_to_len`, but again, it is stated in terms of `String_Buf` and
+`String_Buf_At`, so we must apply it before `string_buf_to_array`.
+
+We now wish to edit the first character of the second string. Again, we will
+need `nonzero_up_to_len` for the conversion back to a `String_Buf`. Before
+that, though, how do we know that the length of this second string is positive?
+We previously compared it to the first string and got `0`, so we know the two
+strings were equal at that point, and we showed that the first string has
+nonzero length. That means we can apply `string_equal_impl_equal_len` before
+editing the first string to assert that the second string has nonzero length
+as well.
+
+Next, we concatenate the two strings. We know from the lemmas we just applied
+and the precondition that the sum of the two strings' lengths is less than
+the number of bytes in the second string's buffer, so the in-place
+concatenation will not write beyond the end of the buffer.
+
+Finally, we free the two strings. The only precondition for this is ownership,
+so there is nothing to prove.
\ No newline at end of file
diff --git a/src/exercises/string/cn_types.h b/src/exercises/string/cn_types.h
index 3c8305be..ba386b4f 100644
--- a/src/exercises/string/cn_types.h
+++ b/src/exercises/string/cn_types.h
@@ -1,40 +1,41 @@
-/*@
-
-datatype String {
-    String_Nil {},
-    String_Cons { u8 head, datatype String tail}
-}
-
-@*/
+/*
+CN string buffer type and predicate.
+*/
 
 /*@
 // null-terminated strings with (potentially) extra buffer space
 
 datatype String_Buf {
-    String_Buf {
-        datatype String chars,
-        size_t buf_len // full buffer length, including chars
+    String_Buf_Nil {
+        u64 empty_buf // empty buffer space remaining, including null char
+    },
+    String_Buf_Cons {
+        u8 head, // should not be 0u8
+        datatype String_Buf tail
     }
 }
 
-predicate (datatype String_Buf) String_Buf_At(pointer p, size_t buf_len) {
-    assert (buf_len >= 1u64);
+// p: pointer to string buffer
+// buf_len: length of *entire* buffer, including string
+predicate (datatype String_Buf) String_Buf_At(pointer p, u64 buf_len) {
     take h = RW<char>(p);
-    take s = String_Aux(p, buf_len, h);
-    return String_Buf { chars : s, buf_len : buf_len};
+    take s = String_Buf_Aux(p, buf_len, h);
+    assert (buf_len >= 1u64); // there must be space for at least the null char
+    return s;
 }
 
 // p: pointer to h
-// buf_len: length of buffer including h
-// h: first character of string starting at p
-predicate (datatype String) String_Aux(pointer p, size_t buf_len, u8 h) {
+// buf_len: length of buffer *including* h
+// h: first character of string pointed to by p
+predicate (datatype String_Buf) String_Buf_Aux(pointer p, u64 buf_len, u8 h) {
     if (h == 0u8) {
-        take rem = each (size_t i; 0u64 < i && i < buf_len - 1u64) {
+        // everything after h can be write-only
+        take rem = each (u64 i; 0u64 < i && i < buf_len) {
             W<char>( array_shift<char>(p, i)) };
-        return String_Nil {};
+        return String_Buf_Nil { empty_buf : buf_len };
     } else {
         take tl_buf = String_Buf_At(array_shift<char>(p, 1u64), buf_len - 1u64);
-        return String_Cons {head : h, tail : chars(tl_buf)};
+        return String_Buf_Cons {head : h, tail : tl_buf};
     }
 }
 
diff --git a/src/exercises/string/example.c b/src/exercises/string/example.c
index a0770209..48a48270 100644
--- a/src/exercises/string/example.c
+++ b/src/exercises/string/example.c
@@ -1,49 +1,52 @@
 #include "util.c"
 
-void simple_ex(char *s, unsigned long long n)
+/*
+Example using string library functions.
+*/
+
+void simple_ex(char *s1, size_t n1, size_t n2, char c1, char c2)
 /*@
     requires
-        take sIn = String_Buf_At(s, n);
-        n < 3u64;
+        take sIn = String_Buf_At(s1, n1);
+        !is_nil_string_buf(sIn);
+        (u128) string_len(sIn) + (u128) string_len(sIn) < (u128) n2; // so it fits in allocated buffer twice
+        // string_len(sIn) < 9223372036854775808u64; // n1 + n1 < maximum u64
+        c1 != c2;
+        c1 != 0u8;
+        c2 != 0u8;
     ensures
         true;
 @*/
 {
-    char *sb = malloc_str(5);
-    unsigned long long m = str_buf_len(sb, 5);
-    // m == 0
-
-    /*@ apply len_lt_buf_size(s, n); @*/
-    sb = str_buf_cpy(sb, s, 5, n);
-
-    m = str_buf_len(sb, 5);
-    // m == n
-
-    int j = str_buf_cmp(s, sb, n, 5);
-    // j == 0
-
-    /*@ apply string_buf_to_array(s, n); @*/
-    /*@ focus RW<char>, 0u64; @*/
-    write(s, n, 0, 'c');
-    /*@ apply array_to_string_buf(s, n); @*/
-    /*@ apply string_buf_to_array(sb, 5u64); @*/
-    /*@ focus RW<char>, 0u64; @*/
-    write(sb, 5, 0, 'g');
-    /*@ apply array_to_string_buf(sb, 5u64); @*/
-
-    j = str_buf_cmp(s, sb, n, 5);
-    // j != 0
-
-    /*@
-    unfold string_buf_len(sIn);
-    assert (string_buf_len(sIn) <= 1u64);
-    @*/
-    sb = str_buf_cat(sb, s, 5, n);
-    m = str_buf_len(sb, 5);
-    // m == 2 * n
-
-    free_str(sb, 5);
-    free_str(s, n);
-}
-
-// parser and printer of pairs of numbers
\ No newline at end of file
+    // allocate second string
+    char *s2 = malloc_str(n2);
+
+    // copy s1 into s2
+    s2 = str_buf_cpy(s2, s1, n2, n1);
+
+    // compare s1 and s2
+    int j = str_buf_cmp(s1, s2, n1, n2);
+    /*@ assert (j == 0i64); @*/
+
+    // edit s1
+    size_t s1Len = str_buf_len(s1, n1);
+    size_t s2Len = str_buf_len(s2, n2);
+    nonzero_up_to_len(s1, n1);
+    nonempty_string_len(s1, n1);
+    string_equal_impl_equal_len(s1, n1, s2, n2);
+    /*@ apply string_buf_to_array(s1, n1, s1Len); @*/
+    edit_array_at(s1, s1Len, 0, c1);
+    /*@ apply array_to_string_buf(s1, n1, s1Len); @*/
+
+    // edit s2 differently
+    s2Len = str_buf_len(s2, n2);
+    nonzero_up_to_len(s2, n2);
+    /*@ apply string_buf_to_array(s2, n2, s2Len); @*/
+    edit_array_at(s2, s2Len, 0, c2);
+    /*@ apply array_to_string_buf(s2, n2, s2Len); @*/
+
+    s2 = str_buf_cat(s2, s1, n2, n1);
+
+    free_str(s1, n1);
+    free_str(s2, n2);
+}
\ No newline at end of file
diff --git a/src/exercises/string/lemmas.c b/src/exercises/string/lemmas.c
index 2bfc3ea8..c55ea464 100644
--- a/src/exercises/string/lemmas.c
+++ b/src/exercises/string/lemmas.c
@@ -24,7 +24,7 @@ ensures
     }
     else
     {
-        len_lt_buf_size(&s[1], n - (unsigned long long)1);
+        len_lt_buf_size(&s[1], n - (size_t)1);
         /*@ unfold string_len(sIn);@*/
     }
 }
@@ -85,18 +85,11 @@ ensures
 @*/
 {
     char c = s[0];
-    if (c == '\0')
-    {
-        /* impossible */
-        /*@ assert (false); @*/
-    }
-    else
-    {
-        string_len_not_max(&s[1], n - (unsigned long long)1);
-        len_lt_buf_size(&s[1], n - (unsigned long long)1);
-        plus_one_gt_zero(str_buf_len(&s[1], n - (unsigned long long)1));
-        one_plus_string_len(s, n);
-    }
+    /*@ split_case (c == 0u8); @*/
+    string_len_not_max(&s[1], n - (size_t)1);
+    len_lt_buf_size(&s[1], n - (size_t)1);
+    plus_one_gt_zero(str_buf_len(&s[1], n - (size_t)1));
+    one_plus_string_len(s, n);
 }
 
 // equal strings have the same length
@@ -125,10 +118,10 @@ ensures
     else
     {
         /*@ unfold string_equal(s1In, s2In); @*/
-        /*@ split_case (c2 == 0u8); @*/
         /*@ unfold string_len(s1In); @*/
         /*@ unfold string_len(s2In); @*/
-        string_equal_impl_equal_len(&s1[1], n1 - (unsigned long long)1, &s2[1], n2 - (unsigned long long)1);
+        /*@ split_case (c2 == 0u8); @*/
+        string_equal_impl_equal_len(&s1[1], n1 - (size_t)1, &s2[1], n2 - (size_t)1);
     }
 }
 
@@ -152,7 +145,140 @@ ensures
     else
     {
         /*@ unfold string_buf_nth(sIn, 0u64); @*/
-        nonzero_up_to_len(&s[1], n - (unsigned long long)1);
+        nonzero_up_to_len(&s[1], n - (size_t)1);
         /*@ apply nonzero_up_to_len_step(s, n); @*/
     }
+}
+
+void update_empty_buf_preserves_string(char *s, size_t n, size_t new_empty_buf)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    string_equal(sIn, update_empty_buf(sIn, new_empty_buf));
+@*/
+{
+    char c = s[0];
+    if (c == '\0')
+    {
+        /*@ unfold update_empty_buf(sIn, new_empty_buf); @*/
+        /*@ unfold string_equal(sIn, update_empty_buf(sIn, new_empty_buf)); @*/
+    }
+    else
+    {
+        update_empty_buf_preserves_string(&s[1], n - (size_t)1, new_empty_buf);
+        /*@ unfold update_empty_buf(sIn, new_empty_buf); @*/
+        /*@ unfold string_equal(sIn, update_empty_buf(sIn, new_empty_buf)); @*/
+    }
+}
+
+void update_empty_buf_preserves_len(char *s, size_t n, size_t new_empty_buf)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    string_len(sIn) == string_len(update_empty_buf(sIn, new_empty_buf));
+@*/
+{
+    char c = s[0];
+    if (c == '\0')
+    {
+        /*@ unfold update_empty_buf(sIn, new_empty_buf); @*/
+        /*@ unfold string_len(update_empty_buf(sIn, new_empty_buf)); @*/
+        /*@ unfold string_len(sIn); @*/
+    }
+    else
+    {
+        update_empty_buf_preserves_len(&s[1], n - (size_t)1, new_empty_buf);
+        /*@ unfold update_empty_buf(sIn, new_empty_buf); @*/
+        /*@ unfold string_len(update_empty_buf(sIn, new_empty_buf)); @*/
+        /*@ unfold string_len(sIn); @*/
+    }
+}
+
+// void concat_nil_len(char *dest, char *src, size_t dest_size, size_t src_size)
+// /*@
+// requires
+//     take srcIn = String_Buf_At(src, src_size);
+//     take destIn = String_Buf_At(dest, dest_size);
+//     is_nil_string_buf(destIn);
+//     string_len(srcIn) + string_len(destIn) < dest_size;
+// ensures
+//     take srcOut = String_Buf_At(src, src_size);
+//     take destOut = String_Buf_At(dest, dest_size);
+//     srcIn == srcOut;
+//     destIn == destOut;
+//     string_len(string_buf_concat(destIn, srcIn)) == string_len(srcIn);
+// @*/
+// {
+//     // char c = src[0];
+//     // if (c == '\0')
+//     // {
+//     //     /*@ unfold string_len(srcIn); @*/
+//     //     /*@ unfold string_len(destIn); @*/
+//     //     /*@ unfold string_buf_concat(destIn, srcIn); @*/
+//     //     /*@ unfold string_len(string_buf_concat(destIn, srcIn)); @*/
+//     // }
+//     // else
+//     // {
+//     //     nonempty_string_len(src, src_size);
+//     //     /*@ unfold string_len(destIn); @*/
+//     //     /*@ assert (dest_size > 1u64); @*/
+//     //     concat_nil_len(&dest[1], &src[1], dest_size - (size_t)1, src_size - (size_t)1);
+//     // }
+// }
+
+/*
+// in-place string concat
+// assumes destination buffer has enough space for source string
+function [rec] (datatype String_Buf) string_buf_concat(String_Buf dest, String_Buf src) {
+    match dest {
+        String_Buf_Nil { empty_buf : nDest } => {
+            // string_len(src) should be strictly less than nDest
+            update_empty_buf(src, nDest - string_len(src))
+        }
+        String_Buf_Cons { head : h , tail : tl } => {
+            String_Buf_Cons { head : h, tail : string_buf_concat(tl, src) }
+        }
+    }
+}
+
+        }*/
+
+void concat_len(char *dest, char *src, size_t dest_size, size_t src_size)
+/*@
+requires
+    take srcIn = String_Buf_At(src, src_size);
+    take destIn = String_Buf_At(dest, dest_size);
+    let len_sum = string_len(srcIn) + string_len(destIn);
+    string_len(srcIn) + string_len(destIn) < dest_size;
+ensures
+    take srcOut = String_Buf_At(src, src_size);
+    take destOut = String_Buf_At(dest, dest_size);
+    srcIn == srcOut;
+    destIn == destOut;
+    string_len(string_buf_concat(destIn, srcIn)) == string_len(srcIn) + string_len(destIn);
+@*/
+{
+    char c = dest[0];
+    if (c == '\0')
+    {
+        update_empty_buf_preserves_len(src, src_size, dest_size - str_buf_len(src, src_size));
+        /*@ unfold string_len(srcIn); @*/
+        /*@ unfold string_len(destIn); @*/
+        /*@ unfold string_buf_concat(destIn, srcIn); @*/
+        /*@ unfold string_len(string_buf_concat(destIn, srcIn)); @*/
+    }
+    else
+    {
+        /*@ unfold string_len(destIn); @*/
+        concat_len(&dest[1], src, dest_size - (size_t)1, src_size);
+        /*@ unfold string_len(srcIn); @*/
+        /*@ unfold string_buf_concat(destIn, srcIn); @*/
+        /*@ unfold string_len(string_buf_concat(destIn, srcIn)); @*/
+    }
 }
\ No newline at end of file
diff --git a/src/exercises/string/lemmas.h b/src/exercises/string/lemmas.h
deleted file mode 100644
index 43c966b7..00000000
--- a/src/exercises/string/lemmas.h
+++ /dev/null
@@ -1,57 +0,0 @@
-#include "util.c"
-
-/*@
-// conversion to and from arrays
-
-lemma array_to_string_buf(pointer s, size_t n)
-    requires
-        take sArray = each(u64 i; i < n) {
-            RW<char>( array_shift<char>(s, i)) };
-    ensures
-        take sBuf = String_Buf_At(s, n);
-        each (u64 i; i < string_buf_len(sBuf)) {
-            string_buf_nth(sBuf, i) == sArray[i]
-        };
-
-lemma string_buf_to_array(pointer s, size_t n)
-    requires
-        take sBuf = String_Buf_At(s, n);
-    ensures
-        take sArray = each(u64 i; i < n) {
-            RW<char>( array_shift<char>(s, i)) };
-        each (u64 i; i < string_buf_len(sBuf)) {
-            string_buf_nth(sBuf, i) == sArray[i]
-        };
-
-@*/
-
-/*@
-// length lemmas
-
-lemma len_lt_buf_size (pointer s, size_t n)
-    requires
-        take sIn = String_Buf_At(s, n);
-    ensures
-        take sOut = String_Buf_At(s, n);
-        sIn == sOut;
-        match sOut {
-            String_Buf { chars : cs, buf_len : n0 } => {
-                (string_buf_len(sOut) < n0) && (n == n0)
-            }
-        };
-
-lemma lt_len_impl_nonzero (pointer s, size_t n)
-    requires
-        take sBuf = String_Buf_At(s, n);
-    ensures
-        take sArray = each(u64 i; i < n) {
-            RW<char>( array_shift<char>(s, i)) };
-        each (u64 i; i < string_buf_len(sBuf)) {
-            string_buf_nth(sBuf, i) == sArray[i]
-        };
-        each (u64 i; i < string_buf_len(sBuf)) {
-            sArray[i] != 0u8
-        };
-
-
-@*/
diff --git a/src/exercises/string/spec_funs.h b/src/exercises/string/spec_funs.h
index 771ed871..462e5494 100644
--- a/src/exercises/string/spec_funs.h
+++ b/src/exercises/string/spec_funs.h
@@ -1,53 +1,95 @@
 #include "cn_types.h"
 
+/*
+Logical string functions for use in specifications.
+*/
+
 /*@
-function (datatype String) chars(String_Buf s) {
+// the length of the *entire* buffer, including the string
+function [rec] (u64) buf_len(String_Buf s) {
     match s {
-        String_Buf { chars : cs, buf_len : n } => { cs }
+        String_Buf_Nil { empty_buf : n } => { n }
+        String_Buf_Cons { head : h, tail : tl } => { 1u64 + buf_len(tl) }
     }
 }
 
-function (u64) buf_len(String_Buf s) {
+// the length of just the string
+function [rec] (u64) string_len(String_Buf s) {
     match s {
-        String_Buf { chars : cs, buf_len : n } => { n }
+      String_Buf_Nil { empty_buf : n } => { 0u64 }
+      String_Buf_Cons { head : h , tail : tl } => { 1u64 + string_len(tl) }
     }
 }
 
-function [rec] (u64) string_len(String s) {
+// the length of the buffer space *after* the string, including the null
+function [rec] (u64) empty_buf_len(String_Buf s) {
     match s {
-      String_Nil {} => { 0u64 }
-      String_Cons { head : h , tail : tl } => { 1u64 + string_len(tl) }
+        String_Buf_Nil { empty_buf : n } => { n }
+        String_Buf_Cons { head : h, tail : tl } => { empty_buf_len(tl) }
     }
 }
 
-function [rec] (u64) string_buf_len(String_Buf sb) {
-    match sb {
-      String_Buf { chars : cs, buf_len : n } => { string_len(cs) }
+// updates the number of empty bytes
+function [rec] (datatype String_Buf) update_empty_buf(String_Buf s, u64 new_empty_buf)
+{
+    match s {
+        String_Buf_Nil { empty_buf : nDest } => { String_Buf_Nil { empty_buf : new_empty_buf } }
+        String_Buf_Cons { head : h, tail : tl } => {
+            String_Buf_Cons { head : h, tail : update_empty_buf(tl, new_empty_buf) }
+        }
     }
 }
 
-function [rec] (datatype String) string_concat(String s1, String s2) {
-    match s1 {
-        String_Nil {} => { s2 }
-        String_Cons { head : h , tail : tl } => {
-        String_Cons { head : h, tail : string_concat(tl, s2) }
+// in-place string concat
+// assumes destination buffer has enough space for source string
+function [rec] (datatype String_Buf) string_buf_concat(String_Buf dest, String_Buf src) {
+    match dest {
+        String_Buf_Nil { empty_buf : nDest } => {
+            // string_len(src) should be strictly less than nDest
+            update_empty_buf(src, nDest - string_len(src))
+        }
+        String_Buf_Cons { head : h , tail : tl } => {
+            String_Buf_Cons { head : h, tail : string_buf_concat(tl, src) }
         }
     }
 }
 
 // defaults to \0
-function [rec] (u8) string_nth(String s, u64 n) {
+function [rec] (u8) string_buf_nth(String_Buf s, u64 n) {
     match s {
-        String_Nil {} => { 0u8 }
-        String_Cons { head : h , tail : tl } => {
-            n == 0u64 ? h : string_nth(tl, n - 1u64)
+        String_Buf_Nil { empty_buf : nS } => { 0u8 }
+        String_Buf_Cons { head : h , tail : tl } => {
+            n == 0u64 ? h : string_buf_nth(tl, n - 1u64)
         }
     }
 }
 
-function [rec] (u8) string_buf_nth(String_Buf sb, u64 n) {
-    match sb {
-        String_Buf { chars : cs, buf_len : n0 } => { string_nth(cs, n) }
+// checks if input buffer represents the empty string
+function (boolean) is_nil_string_buf(String_Buf s) {
+    match s {
+        String_Buf_Nil {empty_buf : n } => { true }
+        String_Buf_Cons { head : h , tail : tl } => { false }
     }
 }
+
+// compares strings contained in two buffers; does not compare buffer size
+function [rec] (boolean) string_equal(String_Buf s1, String_Buf s2) {
+    match s1 {
+        String_Buf_Nil { empty_buf : n1 } => {
+            match s2 {
+                String_Buf_Nil { empty_buf : n2 } => { true }
+                String_Buf_Cons { head : h2, tail : tl2 } => { false }
+            }
+        }
+        String_Buf_Cons { head : h1, tail : tl1 } => {
+            match s2 {
+                String_Buf_Nil { empty_buf : n2 } => { false }
+                String_Buf_Cons { head : h2, tail : tl2 } => {
+                    h1 == h2 && string_equal(tl1, tl2)
+                }
+            }
+        }
+    }
+}
+
 @*/
\ No newline at end of file
diff --git a/src/exercises/string/string_buf.c b/src/exercises/string/string_buf.c
index 38a5092b..47ca9e2c 100644
--- a/src/exercises/string/string_buf.c
+++ b/src/exercises/string/string_buf.c
@@ -1,10 +1,12 @@
 #include <stddef.h>
 #include "spec_funs.h"
 
-// /* NULL-TERMINATED STRING STANDARD LIBRARY FUNCTIONS */
+/*
+Specifications for external standard library functions for null-terminated strings.
+*/
 
 extern char *malloc_str(size_t n);
-/*@ spec malloc_str(size_t n);
+/*@ spec malloc_str(u64 n);
     requires
       1u64 <= n; // 1 byte is required for null termination
     ensures
@@ -27,7 +29,7 @@ extern size_t str_buf_len(const char *s, size_t n);
     ensures
       take sOut = String_Buf_At(s, n);
       sIn == sOut;
-      return == string_buf_len(sIn);
+      return == string_len(sIn);
 @*/
 
 // buffer version of strcpy
@@ -36,12 +38,13 @@ extern char *str_buf_cpy(char *dest, const char *src, size_t dest_size, size_t s
     requires
       take srcIn = String_Buf_At(src, src_size);
       take destIn = String_Buf_At(dest, dest_size);
-      string_buf_len(srcIn) < dest_size; // < to leave room for the null
+      string_len(srcIn) < dest_size; // < to leave room for the null
     ensures
       take srcOut = String_Buf_At(src, src_size);
       take destOut = String_Buf_At(dest, dest_size);
       srcIn == srcOut;
-      destOut == String_Buf { chars : chars(srcIn), buf_len : dest_size };
+      string_equal(srcOut, destOut);
+      buf_len(destIn) == buf_len(destOut);
       ptr_eq(return, dest);
 @*/
 
@@ -56,7 +59,7 @@ extern int str_buf_cmp(char *s1, char *s2, size_t n1, size_t n2);
       take s2Out = String_Buf_At(s2, n2);
       s1In == s1Out;
       s2In == s2Out;
-      (return == 0i32) ? s1In == s2In : s1In != s2In;
+      (return == 0i32) == string_equal(s1In, s2In);
 @*/
 
 // buffer version of strcat
@@ -65,10 +68,11 @@ extern char *str_buf_cat(char *dest, const char *src, size_t dest_size, size_t s
     requires
       take srcIn = String_Buf_At(src, src_size);
       take destIn = String_Buf_At(dest, dest_size);
-      string_buf_len(srcIn) + string_buf_len(destIn) < dest_size; // < to leave room for the null
+      (u128) string_len(srcIn) + (u128) string_len(destIn) < (u128) dest_size; // < to leave room for the null
     ensures
       take srcOut = String_Buf_At(src, src_size);
       take destOut = String_Buf_At(dest, dest_size);
       srcIn == srcOut;
-      destOut == String_Buf { chars : string_concat( chars(srcIn), chars(destIn)), buf_len : dest_size};
-@*/
\ No newline at end of file
+      destOut == string_buf_concat(destIn, srcIn);
+      ptr_eq(return, dest);
+@*/
diff --git a/src/exercises/string/trusted.h b/src/exercises/string/trusted.h
index 7879d246..e9af0986 100644
--- a/src/exercises/string/trusted.h
+++ b/src/exercises/string/trusted.h
@@ -4,60 +4,6 @@
 Trusted string lemmas.
 */
 
-/*@
-lemma array_owned_shift_one_l(pointer s, u64 tail_owned_len) //TODO
-
-requires
-    take first = RW<char>(s);
-    take rest = each (u64 i; i < tail_owned_len) {
-        RW<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
-    tail_owned_len < 18446744073709551615u64;
-ensures
-    take all = each (u64 i; i < 1u64 + tail_owned_len) {
-        RW<char>(array_shift<char>(s, i))};
-@*/
-
-/*@
-lemma array_blocked_shift_one_l(pointer s, u64 tail_low, u64 tail_high) //TODO
-
-requires
-    take blockedIn = each (u64 i; tail_low < i && i < tail_high) {
-        W<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
-    tail_high < 18446744073709551615u64;
-ensures
-    take blockedOut = each (u64 i; tail_low + 1u64 < i && i < 1u64 + tail_high) {
-        W<char>(array_shift<char>(s, i))};
-@*/
-
-/*@
-lemma array_shift_one_r(pointer s, size_t tail_string_len, size_t tail_buf_len)
-
-requires
-    take ownedIn = each (u64 i; i < 1u64 + tail_string_len) {
-        RW<char>(array_shift<char>(s, i))};
-    take blockedIn = each (u64 i; tail_string_len + 1u64 < i && i < 1u64 + tail_buf_len) {
-        W<char>(array_shift<char>(s, i))};
-    tail_string_len < tail_buf_len;
-    tail_buf_len < 18446744073709551615u64;
-    take nullIn = RW<char>(array_shift<char>(s, 1u64 + tail_string_len));
-    nullIn == 0u8;
-    each (u64 i; i < 1u64 + tail_string_len) {
-        ownedIn[i] != 0u8
-    };
-ensures
-    take first = RW<char>(s);
-    first != 0u8;
-    take ownedOut = each (u64 i; i < tail_string_len) {
-        RW<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
-    take blockedOut = each (u64 i; tail_string_len < i && i < tail_buf_len) {
-        W<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
-    take nullOut = RW<char>(array_shift<char>(array_shift<char>(s, 1u64), tail_string_len));
-    nullOut == 0u8;
-    each (u64 i; i < tail_string_len) {
-        ownedOut[i] != 0u8
-    };
-@*/
-
 /*@
 lemma array_to_string_buf(pointer s, u64 n, u64 string_len)
 requires
@@ -100,7 +46,7 @@ ensures
 @*/
 
 /*@
-lemma nonzero_up_to_len_step(pointer s, size_t n)
+lemma nonzero_up_to_len_step(pointer s, u64 n)
 
 requires
     n > 1u64;
diff --git a/src/exercises/string/unproven.c b/src/exercises/string/unproven.c
index dab57776..b7dabff4 100644
--- a/src/exercises/string/unproven.c
+++ b/src/exercises/string/unproven.c
@@ -32,7 +32,7 @@ ensures
     /*@ focus RW<char>, 0u64; @*/
     char c = s[0];
     /*@split_case (c == 0u8); @*/
-    if (string_len == (unsigned long long)0)
+    if (string_len == (size_t)0)
     {
         if (c == '\0')
         {
@@ -48,7 +48,7 @@ ensures
     else
     {
         /*@ apply array_shift_one_r(s, string_len - 1u64, n - 1u64); @*/
-        array_to_string_buf_c(&s[1], string_len - (unsigned long long)1, n - (unsigned long long)1);
+        array_to_string_buf_c(&s[1], string_len - (size_t)1, n - (size_t)1);
         one_plus_string_len(s, n);
     }
 }
@@ -64,12 +64,12 @@ ensures
         RW<char>( array_shift<char>(s, i) ) };
     take sRem = each (u64 i; string_len(sBuf) < i && i < n) {
         W<char>( array_shift<char>(s, i) ) };
+    take sNull = RW<char>(array_shift<char>(s, string_len(sBuf)));
+    sNull == 0u8;
     // we need some "fix arbitrary i" tactic for the below
     each (u64 i; i < string_len(sBuf)) {
         string_buf_nth(sBuf, i) == sArray[i]
     };
-    take sNull = RW<char>(array_shift<char>(s, string_len(sBuf)));
-    sNull == 0u8;
 @*/
 {
     char c = s[0];
@@ -80,13 +80,30 @@ ensures
     else
     {
         char c1 = s[1];
-        string_buf_to_array_c(&s[1], n - (unsigned long long)1);
+        string_buf_to_array_c(&s[1], n - (size_t)1);
         /*@ unfold string_len(sBuf); @*/
         /*@ apply array_owned_shift_one_l(s, string_len(sBuf) - 1u64); @*/
         /*@ apply array_blocked_shift_one_l(s, string_len(sBuf) - 1u64, n - 1u64); @*/
     }
 }
 
+void nonzero_up_to_len_step(char *s, size_t n)
+/*@
+requires
+    n > 1u64;
+    take sHead = RW<char>(s);
+    take sTail = String_Buf_At(array_shift<char>(s, 1u64), n - 1u64);
+    each (u64 i; i < string_len(sTail)) {
+        string_buf_nth(sTail, i) != 0u8 };
+ensures
+    take sOut = String_Buf_At(s, n);
+    sOut == String_Buf_Cons { head : sHead, tail : sTail };
+    each (u64 i; i < string_len(sOut)) {
+        string_buf_nth(sOut, i) != 0u8 };
+@*/
+{
+}
+
 /*
 In progress potentially-useful functions.
 */
diff --git a/src/exercises/string/unused.c b/src/exercises/string/unused.c
index 2f9056ed..f1545260 100644
--- a/src/exercises/string/unused.c
+++ b/src/exercises/string/unused.c
@@ -2,7 +2,7 @@
 #include "string_buf.c"
 
 /*
-Not used for current example, but potentially useful.
+Not used for current example, but potentially useful, including for `unproven.c`.
 */
 
 /* CN lemmas */
@@ -38,6 +38,32 @@ ensures
     /*@ unfold string_len(sIn); @*/
 }
 
+void sum_string_parts(char *s, size_t n)
+/*@
+requires
+    take sIn = String_Buf_At(s, n);
+ensures
+    take sOut = String_Buf_At(s, n);
+    sIn == sOut;
+    string_len(sIn) + empty_buf_len(sIn) == buf_len(sIn);
+@*/
+{
+    char c = s[0];
+    if (c == '\0')
+    {
+        /*@ unfold string_len(sIn); @*/
+        /*@ unfold empty_buf_len(sIn); @*/
+        /*@ unfold buf_len(sIn); @*/
+    }
+    else
+    {
+        sum_string_parts(&s[1], n - (size_t)1);
+        /*@ unfold string_len(sIn); @*/
+        /*@ unfold empty_buf_len(sIn); @*/
+        /*@ unfold buf_len(sIn); @*/
+    }
+}
+
 /* Trusted lemmas */
 
 /*@
@@ -80,4 +106,76 @@ ensures
     each (u64 i; i < tail_len) {
         sOut[1u64 + i] != 0u8
     };
+@*/
+
+/*@
+lemma array_owned_shift_one_l(pointer s, u64 tail_owned_len)
+
+requires
+    take first = RW<char>(s);
+    take rest = each (u64 i; i < tail_owned_len) {
+        RW<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
+    tail_owned_len < 18446744073709551615u64;
+ensures
+    take all = each (u64 i; i < 1u64 + tail_owned_len) {
+        RW<char>(array_shift<char>(s, i))};
+@*/
+
+/*@
+lemma array_blocked_shift_one_l(pointer s, u64 tail_low, u64 tail_high) //TODO
+
+requires
+    take blockedIn = each (u64 i; tail_low < i && i < tail_high) {
+        W<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
+    tail_high < 18446744073709551615u64;
+ensures
+    take blockedOut = each (u64 i; tail_low + 1u64 < i && i < 1u64 + tail_high) {
+        W<char>(array_shift<char>(s, i))};
+@*/
+
+/*@
+lemma array_shift_one_r(pointer s, size_t tail_string_len, size_t tail_buf_len)
+
+requires
+    take ownedIn = each (u64 i; i < 1u64 + tail_string_len) {
+        RW<char>(array_shift<char>(s, i))};
+    take blockedIn = each (u64 i; tail_string_len + 1u64 < i && i < 1u64 + tail_buf_len) {
+        W<char>(array_shift<char>(s, i))};
+    tail_string_len < tail_buf_len;
+    tail_buf_len < 18446744073709551615u64;
+    take nullIn = RW<char>(array_shift<char>(s, 1u64 + tail_string_len));
+    nullIn == 0u8;
+    each (u64 i; i < 1u64 + tail_string_len) {
+        ownedIn[i] != 0u8
+    };
+ensures
+    take first = RW<char>(s);
+    first != 0u8;
+    take ownedOut = each (u64 i; i < tail_string_len) {
+        RW<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
+    take blockedOut = each (u64 i; tail_string_len < i && i < tail_buf_len) {
+        W<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
+    take nullOut = RW<char>(array_shift<char>(array_shift<char>(s, 1u64), tail_string_len));
+    nullOut == 0u8;
+    each (u64 i; i < tail_string_len) {
+        ownedOut[i] != 0u8
+    };
+@*/
+
+/*@
+lemma convert_to_write_only(pointer s, size_t n, size_t string_len, size_t index)
+
+requires
+    n >= 1u64;
+    string_len < n;
+    index <= string_len;
+    take rwIn = each (u64 i; i <= string_len) {
+        RW<char>(array_shift<char>(s, i)) };
+    take wIn = each (u64 i; string_len < i && i < n) {
+        W<char>(array_shift<char>(s, i)) };
+ensures
+    take rwOut = each (u64 i; i < index) {
+        RW<char>(array_shift<char>(s, i)) };
+    take wOut = each (u64 i; index <= i && i < n) {
+        W<char>(array_shift<char>(s, i)) };
 @*/
\ No newline at end of file
diff --git a/src/exercises/string/util.c b/src/exercises/string/util.c
index b4fea416..77cdc73b 100644
--- a/src/exercises/string/util.c
+++ b/src/exercises/string/util.c
@@ -1,43 +1,32 @@
-#include "string_buf.c"
+#include <stddef.h>
+#include "lemmas.c"
 
-// UTILITIES
+/*
+Library functions for null-terminated strings.
+*/
 
-void nonempty_buf_size(char *s, size_t n)
+// edit any character up to (not including) string_len
+void edit_array_at(char *s, size_t string_len, size_t index, char c)
 /*@
 requires
-    take sIn = String_Buf_At(s, n);
-    chars(sIn) != String_Nil{};
+    take sIn = each (u64 i; i < string_len) {
+            RW<char>(array_shift(s, i))
+        };
+    take sNullIn = RW<char>(array_shift(s, string_len));
+    index < string_len;
 ensures
-    take sOut = String_Buf_At(s, n);
-    sIn == sOut;
-    n > 1u64;
+    take sOut = each (u64 i; i < string_len) {
+        RW<char>(array_shift(s, i))
+    };
+    each (u64 i; i < string_len) {
+        i == index
+            ? sOut[i] == c
+            : sOut[i] == sIn[i]
+    };
+    take sNullOut = RW<char>(array_shift(s, string_len));
+    sNullOut == sNullIn;
 @*/
 {
-    char c = s[0];
-    /*@ split_case (c == 0u8); @*/
-}
-
-void len_lt_buf_size(char *s, size_t n)
-/*@
-requires
-    take sIn = String_Buf_At(s, n);
-ensures
-    take sOut = String_Buf_At(s, n);
-    sIn == sOut;
-    string_buf_len(sOut) < n;
-@*/
-{
-    char c = s[0];
-
-    if (c == '\0')
-    {
-        /*@ unfold string_buf_len(String_Buf {buf_len: n, chars: String_Nil {}}); @*/
-        /*@ unfold string_len(String_Nil{});@*/
-    }
-    else
-    {
-        char c1 = s[1];
-        nonempty_buf_size(s, n);
-        len_lt_buf_size(&c1, n - (unsigned long long)1);
-    }
+    /*@ focus RW<char>, index; @*/
+    s[index] = c;
 }
\ No newline at end of file

From f0f1358cb9a54c1ecd71d35996cade9fd65d187f Mon Sep 17 00:00:00 2001
From: cassiatorczon <cassiatorczon@gmail.com>
Date: Tue, 6 May 2025 04:41:42 -0400
Subject: [PATCH 6/8] cleanup

---
 src/exercises/string/example.c |   3 +-
 src/exercises/string/lemmas.c  | 108 +++++----------------------------
 src/exercises/string/unused.c  |  10 +--
 3 files changed, 20 insertions(+), 101 deletions(-)

diff --git a/src/exercises/string/example.c b/src/exercises/string/example.c
index 48a48270..d9208632 100644
--- a/src/exercises/string/example.c
+++ b/src/exercises/string/example.c
@@ -10,7 +10,6 @@ void simple_ex(char *s1, size_t n1, size_t n2, char c1, char c2)
         take sIn = String_Buf_At(s1, n1);
         !is_nil_string_buf(sIn);
         (u128) string_len(sIn) + (u128) string_len(sIn) < (u128) n2; // so it fits in allocated buffer twice
-        // string_len(sIn) < 9223372036854775808u64; // n1 + n1 < maximum u64
         c1 != c2;
         c1 != 0u8;
         c2 != 0u8;
@@ -26,7 +25,7 @@ void simple_ex(char *s1, size_t n1, size_t n2, char c1, char c2)
 
     // compare s1 and s2
     int j = str_buf_cmp(s1, s2, n1, n2);
-    /*@ assert (j == 0i64); @*/
+    /*@ assert (j == 0i32); @*/
 
     // edit s1
     size_t s1Len = str_buf_len(s1, n1);
diff --git a/src/exercises/string/lemmas.c b/src/exercises/string/lemmas.c
index c55ea464..1d20d992 100644
--- a/src/exercises/string/lemmas.c
+++ b/src/exercises/string/lemmas.c
@@ -33,18 +33,21 @@ ensures
 void one_plus_string_len(char *s, size_t n)
 /*@
 requires
-    take sIn = String_Buf_At(s, n);
-    !is_nil_string_buf(sIn);
+    n > 1u64;
+    take hIn = RW<char>(s);
+    hIn != 0u8;
+    take tlIn = String_Buf_At(array_shift<char>(s, 1u64), n - 1u64);
 ensures
-    take h = RW<char>(s);
-    take tl = String_Buf_At(array_shift<char>(s, 1u64), n - 1u64);
-    sIn == String_Buf_Cons { head : h, tail : tl };
-    string_len(sIn) == 1u64 + string_len(tl);
+    take hOut = RW<char>(s);
+    hOut != 0u8;
+    take tlOut = String_Buf_At(array_shift<char>(s, 1u64), n - 1u64);
+    hIn == hOut;
+    tlIn == tlOut;
+    string_len(String_Buf_Cons { head : hIn, tail : tlIn }) == 1u64 + string_len(tlIn);
 @*/
 {
-    char c = s[0];
-    /*@ split_case (c == 0u8); @*/
-    /*@ unfold string_len(sIn); @*/
+    /*@ split_case (hIn == 0u8); @*/
+    /*@ unfold string_len(String_Buf_Cons { head : hIn, tail : tlIn }); @*/
 }
 
 // string length is less than max u64
@@ -55,7 +58,7 @@ requires
 ensures
     take sOut = String_Buf_At(s, n);
     sIn == sOut;
-    string_len(sIn) < 18446744073709551615u64;
+    string_len(sIn) < MAXu64();
 @*/
 {
     len_lt_buf_size(s, n);
@@ -65,7 +68,7 @@ ensures
 void plus_one_gt_zero(size_t n)
 /*@
 requires
-    n < 18446744073709551615u64;
+    n < MAXu64();
 ensures
     1u64 + n > 0u64;
 @*/
@@ -198,87 +201,4 @@ ensures
         /*@ unfold string_len(update_empty_buf(sIn, new_empty_buf)); @*/
         /*@ unfold string_len(sIn); @*/
     }
-}
-
-// void concat_nil_len(char *dest, char *src, size_t dest_size, size_t src_size)
-// /*@
-// requires
-//     take srcIn = String_Buf_At(src, src_size);
-//     take destIn = String_Buf_At(dest, dest_size);
-//     is_nil_string_buf(destIn);
-//     string_len(srcIn) + string_len(destIn) < dest_size;
-// ensures
-//     take srcOut = String_Buf_At(src, src_size);
-//     take destOut = String_Buf_At(dest, dest_size);
-//     srcIn == srcOut;
-//     destIn == destOut;
-//     string_len(string_buf_concat(destIn, srcIn)) == string_len(srcIn);
-// @*/
-// {
-//     // char c = src[0];
-//     // if (c == '\0')
-//     // {
-//     //     /*@ unfold string_len(srcIn); @*/
-//     //     /*@ unfold string_len(destIn); @*/
-//     //     /*@ unfold string_buf_concat(destIn, srcIn); @*/
-//     //     /*@ unfold string_len(string_buf_concat(destIn, srcIn)); @*/
-//     // }
-//     // else
-//     // {
-//     //     nonempty_string_len(src, src_size);
-//     //     /*@ unfold string_len(destIn); @*/
-//     //     /*@ assert (dest_size > 1u64); @*/
-//     //     concat_nil_len(&dest[1], &src[1], dest_size - (size_t)1, src_size - (size_t)1);
-//     // }
-// }
-
-/*
-// in-place string concat
-// assumes destination buffer has enough space for source string
-function [rec] (datatype String_Buf) string_buf_concat(String_Buf dest, String_Buf src) {
-    match dest {
-        String_Buf_Nil { empty_buf : nDest } => {
-            // string_len(src) should be strictly less than nDest
-            update_empty_buf(src, nDest - string_len(src))
-        }
-        String_Buf_Cons { head : h , tail : tl } => {
-            String_Buf_Cons { head : h, tail : string_buf_concat(tl, src) }
-        }
-    }
-}
-
-        }*/
-
-void concat_len(char *dest, char *src, size_t dest_size, size_t src_size)
-/*@
-requires
-    take srcIn = String_Buf_At(src, src_size);
-    take destIn = String_Buf_At(dest, dest_size);
-    let len_sum = string_len(srcIn) + string_len(destIn);
-    string_len(srcIn) + string_len(destIn) < dest_size;
-ensures
-    take srcOut = String_Buf_At(src, src_size);
-    take destOut = String_Buf_At(dest, dest_size);
-    srcIn == srcOut;
-    destIn == destOut;
-    string_len(string_buf_concat(destIn, srcIn)) == string_len(srcIn) + string_len(destIn);
-@*/
-{
-    char c = dest[0];
-    if (c == '\0')
-    {
-        update_empty_buf_preserves_len(src, src_size, dest_size - str_buf_len(src, src_size));
-        /*@ unfold string_len(srcIn); @*/
-        /*@ unfold string_len(destIn); @*/
-        /*@ unfold string_buf_concat(destIn, srcIn); @*/
-        /*@ unfold string_len(string_buf_concat(destIn, srcIn)); @*/
-    }
-    else
-    {
-        /*@ unfold string_len(destIn); @*/
-        concat_len(&dest[1], src, dest_size - (size_t)1, src_size);
-        /*@ unfold string_len(srcIn); @*/
-        /*@ unfold string_buf_concat(destIn, srcIn); @*/
-        /*@ unfold string_len(string_buf_concat(destIn, srcIn)); @*/
-    }
 }
\ No newline at end of file
diff --git a/src/exercises/string/unused.c b/src/exercises/string/unused.c
index f1545260..a2123c73 100644
--- a/src/exercises/string/unused.c
+++ b/src/exercises/string/unused.c
@@ -72,7 +72,7 @@ lemma array_owned_shift_one_r(pointer s, u64 tail_owned_len) //TODO
 requires
     take all = each (u64 i; i < 1u64 + tail_owned_len) {
         RW<char>(array_shift<char>(s, i))};
-    tail_owned_len < 18446744073709551615u64;
+    tail_owned_len < MAXu64();
 ensures
     take first = RW<char>(s);
     take rest = each (u64 i; i < tail_owned_len) {
@@ -85,7 +85,7 @@ lemma array_blocked_shift_one_r(pointer s, u64 tail_low, u64 tail_high) //TODO
 requires
     take blockedIn = each (u64 i; tail_low + 1u64 < i && i < 1u64 + tail_high) {
         W<char>(array_shift<char>(s, i))};
-    tail_high < 18446744073709551615u64;
+    tail_high < MAXu64();
 ensures
     take blockedOut = each (u64 i; tail_low < i && i < tail_high) {
         W<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
@@ -115,7 +115,7 @@ requires
     take first = RW<char>(s);
     take rest = each (u64 i; i < tail_owned_len) {
         RW<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
-    tail_owned_len < 18446744073709551615u64;
+    tail_owned_len < MAXu64();
 ensures
     take all = each (u64 i; i < 1u64 + tail_owned_len) {
         RW<char>(array_shift<char>(s, i))};
@@ -127,7 +127,7 @@ lemma array_blocked_shift_one_l(pointer s, u64 tail_low, u64 tail_high) //TODO
 requires
     take blockedIn = each (u64 i; tail_low < i && i < tail_high) {
         W<char>(array_shift<char>(array_shift<char>(s, 1u64), i))};
-    tail_high < 18446744073709551615u64;
+    tail_high < MAXu64();
 ensures
     take blockedOut = each (u64 i; tail_low + 1u64 < i && i < 1u64 + tail_high) {
         W<char>(array_shift<char>(s, i))};
@@ -142,7 +142,7 @@ requires
     take blockedIn = each (u64 i; tail_string_len + 1u64 < i && i < 1u64 + tail_buf_len) {
         W<char>(array_shift<char>(s, i))};
     tail_string_len < tail_buf_len;
-    tail_buf_len < 18446744073709551615u64;
+    tail_buf_len < MAXu64();
     take nullIn = RW<char>(array_shift<char>(s, 1u64 + tail_string_len));
     nullIn == 0u8;
     each (u64 i; i < 1u64 + tail_string_len) {

From 7bb77496a39c58a6b964caf8710ab3a4b0597779 Mon Sep 17 00:00:00 2001
From: cassiatorczon <cassiatorczon@gmail.com>
Date: Tue, 6 May 2025 04:50:21 -0400
Subject: [PATCH 7/8] marked unproven as broken

---
 .../{unproven.c => more_lemmas.broken.c}      | 38 ++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)
 rename src/exercises/string/{unproven.c => more_lemmas.broken.c} (75%)

diff --git a/src/exercises/string/unproven.c b/src/exercises/string/more_lemmas.broken.c
similarity index 75%
rename from src/exercises/string/unproven.c
rename to src/exercises/string/more_lemmas.broken.c
index b7dabff4..7fbdf971 100644
--- a/src/exercises/string/unproven.c
+++ b/src/exercises/string/more_lemmas.broken.c
@@ -1,5 +1,5 @@
 #include <stddef.h>
-#include "string_buf.c"
+#include "lemmas.c"
 
 /*
 In progress CN versions of trusted lemmas.
@@ -147,3 +147,39 @@ ensures
     s[0] = '\0';
     return s;
 }
+
+void concat_len(char *dest, char *src, size_t dest_size, size_t src_size)
+/*@
+requires
+    take srcIn = String_Buf_At(src, src_size);
+    take destIn = String_Buf_At(dest, dest_size);
+    (u128) string_len(srcIn) + (u128) string_len(destIn) < (u128) dest_size;
+ensures
+    take srcOut = String_Buf_At(src, src_size);
+    take destOut = String_Buf_At(dest, dest_size);
+    srcIn == srcOut;
+    destIn == destOut;
+    string_len(string_buf_concat(destIn, srcIn)) == string_len(srcIn) + string_len(destIn);
+@*/
+{
+    char c = dest[0];
+    if (c == '\0')
+    {
+        update_empty_buf_preserves_len(src, src_size, dest_size - str_buf_len(src, src_size));
+        /*@ unfold string_len(srcIn); @*/
+        /*@ unfold string_len(destIn); @*/
+        /*@ unfold string_buf_concat(destIn, srcIn); @*/
+        /*@ unfold string_len(string_buf_concat(destIn, srcIn)); @*/
+    }
+    else
+    {
+        /*@ split_case (c == 0u8); @*/
+        /*@ unfold string_len(destIn); @*/
+        /*@ assert (string_len(destIn) > 0u64); @*/
+        one_plus_string_len(dest, dest_size);
+        concat_len(&dest[1], src, dest_size - (size_t)1, src_size);
+        /*@ unfold string_len(srcIn); @*/
+        /*@ unfold string_buf_concat(destIn, srcIn); @*/
+        /*@ unfold string_len(string_buf_concat(destIn, srcIn)); @*/
+    }
+}
\ No newline at end of file

From 149433b78ef7205e9859f9fbb87974e12b17963a Mon Sep 17 00:00:00 2001
From: cassiatorczon <cassiatorczon@gmail.com>
Date: Tue, 6 May 2025 04:52:51 -0400
Subject: [PATCH 8/8] updated comment

---
 src/exercises/string/unused.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/exercises/string/unused.c b/src/exercises/string/unused.c
index a2123c73..505b04c7 100644
--- a/src/exercises/string/unused.c
+++ b/src/exercises/string/unused.c
@@ -2,7 +2,7 @@
 #include "string_buf.c"
 
 /*
-Not used for current example, but potentially useful, including for `unproven.c`.
+Not used for current example, but potentially useful, including for `more_lemmas.broken.c`.
 */
 
 /* CN lemmas */