@@ -26,6 +26,7 @@

 #include <sys/time.h>

 #include <stdlib.h>

 #include "bytecode.h"

+#include "bytecode_priv.h"

 #include "clamav.h"

 #include "shared/optparser.h"

 #include "shared/misc.h"

@@ -141,6 +142,7 @@ int main(int argc, char *argv[])

 	fprintf(stderr,"Out of memory\n");

 	exit(3);

     }

+    ctx->trace_mask = BC_TRACE_ALL;

     if (opts->filename[1]) {

 	funcid = atoi(opts->filename[1]);

@@ -52,6 +52,13 @@ struct cli_bc_ctx *cli_bytecode_context_alloc(void)

     ctx->outfd = -1;

     ctx->tempfile = NULL;

     ctx->written = 0;

+    ctx->trace_mask = 0;

+    ctx->scope = NULL;

+    ctx->scopeid = 0;

+    ctx->file = NULL;

+    ctx->directory = NULL;

+    ctx->lastline = 0;

+    ctx->lastcol = 0;

     return ctx;

 }

@@ -108,6 +108,7 @@ extern "C" {

 #endif

 void cli_bytecode_debug(int argc, char **argv);

+void cli_bytecode_debug_printsrc(const struct cli_bc_ctx *ctx);

 int bytecode_init(void);

 #ifdef __cplusplus

@@ -98,6 +98,10 @@ uint32_t cli_bcapi_disasm_x86(struct cli_bc_ctx *ctx, struct DISASM_RESULT *res,

     //TODO: call disasm_x86_wrap, which outputs a MARIO struct

 }

+/* TODO: field in ctx, id of last bytecode that called magicscandesc, reset

+ * after hooks/other bytecodes are run. TODO: need a more generic solution

+ * to avoid uselessly recursing on bytecode-unpacked files, but also a way to

+ * override the limit if we need it in a special situation */

 int32_t cli_bcapi_write(struct cli_bc_ctx *ctx, uint8_t*data, int32_t len)

 {

     int32_t res;

@@ -128,4 +132,101 @@ int32_t cli_bcapi_write(struct cli_bc_ctx *ctx, uint8_t*data, int32_t len)

     return res;

 }

+uint32_t cli_bcapi_trace_scope(struct cli_bc_ctx *ctx, const const uint8_t *scope, uint32_t scopeid)

+{

+    if (LIKELY(!ctx->trace_mask))

+	return 0;

+    if ((ctx->trace_mask&BC_TRACE_FUNC) && (scope != ctx->scope)) {

+	ctx->scope = scope;

+	ctx->trace_mask |= BC_TRACE_TMP_FUNC;

+    }

+    if ((ctx->trace_mask&BC_TRACE_SCOPE) && (scopeid != ctx->scopeid)) {

+	ctx->scopeid = scopeid;

+	ctx->trace_mask |= BC_TRACE_TMP_SCOPE;

+    }

+}

+

+uint32_t cli_bcapi_trace_source(struct cli_bc_ctx *ctx, const const uint8_t *file, uint32_t line)

+{

+    if (LIKELY(!ctx->trace_mask))

+	return 0;

+    if (ctx->trace_mask&BC_TRACE_TMP_FUNC) {

+	cli_dbgmsg("[trace] %s:%u:%u -> %s:%u\t Entering function %s\n",

+		   ctx->file ? ctx->file : "??", ctx->lastline,

+		   ctx->lastcol, file ? file : "??", line,

+		   ctx->scope);

+	ctx->file = file;

+	ctx->lastline = line;

+	cli_bytecode_debug_printsrc(ctx);

+    } else if (ctx->trace_mask&BC_TRACE_TMP_SCOPE) {

+	cli_dbgmsg("[trace] %s:%u:%u -> %s:%u\t entering scope\n",

+		   ctx->file ? ctx->file : "??", ctx->lastline,

+		   ctx->lastcol, file ? file : "??", line,

+		   ctx->scope);

+	ctx->file = file;

+	ctx->lastline = line;

+	cli_bytecode_debug_printsrc(ctx);

+    } else {

+	if (ctx->file != file || ctx->lastline != line) {

+	    ctx->file = file;

+	    ctx->lastline = line;

+	    if (ctx->trace_mask&BC_TRACE_LINE)

+		ctx->trace_mask |= BC_TRACE_TMP_SRC;

+	}

+    }

+    ctx->trace_mask &= ~(BC_TRACE_TMP_FUNC|BC_TRACE_TMP_SCOPE);

+    return 0;

+}

+

+uint32_t cli_bcapi_trace_op(struct cli_bc_ctx *ctx, const const uint8_t *op, uint32_t col)

+{

+    if (LIKELY(!ctx->trace_mask))

+	return 0;

+    if (ctx->lastcol != col) {

+	ctx->lastcol = col;

+	if (ctx->trace_mask&BC_TRACE_COL)

+	    ctx->trace_mask |= BC_TRACE_TMP_SRC;

+    }

+    if ((ctx->trace_mask&BC_TRACE_OP) && op) {

+	if (ctx->trace_mask&BC_TRACE_TMP_SRC) {

+	    cli_dbgmsg("[trace] %s:%u:%u\t %s\n",

+		       ctx->file ? ctx->file : "??", ctx->lastline, col,

+		       op);

+	    cli_bytecode_debug_printsrc(ctx);

+	    ctx->trace_mask &= ~BC_TRACE_TMP_SRC;

+	} else

+	    cli_dbgmsg("[trace] %s\n", op);

+    }

+    return 0;

+}

+

+uint32_t cli_bcapi_trace_value(struct cli_bc_ctx *ctx, const const uint8_t* name, uint32_t value)

+{

+    if (LIKELY(!ctx->trace_mask))

+	return 0;

+    if ((ctx->trace_mask&BC_TRACE_VAL) && name) {

+	if (ctx->trace_mask&BC_TRACE_TMP_SRC) {

+	    cli_dbgmsg("[trace] %s:%u:%u\t %s = %u\n",

+		       ctx->file ? ctx->file : "??",

+		       ctx->lastline, ctx->lastcol,

+		       name, value);

+	    cli_bytecode_debug_printsrc(ctx);

+	} else {

+	    cli_dbgmsg("[trace]\t %s = %u\n", name, value);

+	}

+    } else if (ctx->trace_mask&BC_TRACE_TMP_SRC) {

+	cli_dbgmsg("[trace] %s:%u:%u\n",

+		   ctx->file ? ctx->file : "??",

+		   ctx->lastline, ctx->lastcol);

+	cli_bytecode_debug_printsrc(ctx);

+    }

+    ctx->trace_mask &= ~BC_TRACE_TMP_SRC;

+    return 0;

+}

+uint32_t cli_bcapi_trace_directory(struct cli_bc_ctx *ctx, const const uint8_t* dir, uint32_t dummy)

+{

+    if (LIKELY(!ctx->trace_mask))

+	return 0;

+    ctx->directory = dir;

+}

@@ -155,5 +155,15 @@ uint32_t debug_print_uint(uint32_t a, uint32_t b);

  *  \sa DisassembleAt

  * */

 uint32_t disasm_x86(struct DISASM_RESULT* result, uint32_t len);

+

+/* tracing API */

+

+/* a scope: lexical block, function, or compile unit */

+uint32_t trace_directory(const uint8_t* directory, uint32_t dummy);

+uint32_t trace_scope(const uint8_t* newscope, uint32_t scopeid);

+uint32_t trace_source(const uint8_t* srcfile, uint32_t line);

+uint32_t trace_op(const uint8_t* opname, uint32_t column);

+uint32_t trace_value(const uint8_t* name, uint32_t v);

+

 #endif

 #endif

@@ -42,6 +42,11 @@ uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx *ctx, const const uint8_t*, ui

 uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

 uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t, uint32_t);

 uint32_t cli_bcapi_disasm_x86(struct cli_bc_ctx *ctx, struct DISASM_RESULT*, uint32_t);

+uint32_t cli_bcapi_trace_directory(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

+uint32_t cli_bcapi_trace_scope(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

+uint32_t cli_bcapi_trace_source(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

+uint32_t cli_bcapi_trace_op(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

+uint32_t cli_bcapi_trace_value(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

 const struct cli_apiglobal cli_globals[] = {

 /* Bytecode globals BEGIN */

@@ -70,14 +75,14 @@ static uint16_t cli_tmp10[]={80, 32, 32, 16};

 static uint16_t cli_tmp11[]={81};

 static uint16_t cli_tmp12[]={32, 32, 32, 32, 32, 32, 32, 32, 32};

 static uint16_t cli_tmp13[]={32};

-static uint16_t cli_tmp14[]={32, 84, 32};

-static uint16_t cli_tmp15[]={85};

-static uint16_t cli_tmp16[]={16, 8, 8, 8, 87, 86};

-static uint16_t cli_tmp17[]={8};

-static uint16_t cli_tmp18[]={88};

-static uint16_t cli_tmp19[]={8};

-static uint16_t cli_tmp20[]={32, 32, 32};

-static uint16_t cli_tmp21[]={32, 65, 32};

+static uint16_t cli_tmp14[]={32, 65, 32};

+static uint16_t cli_tmp15[]={32, 85, 32};

+static uint16_t cli_tmp16[]={86};

+static uint16_t cli_tmp17[]={16, 8, 8, 8, 88, 87};

+static uint16_t cli_tmp18[]={8};

+static uint16_t cli_tmp19[]={89};

+static uint16_t cli_tmp20[]={8};

+static uint16_t cli_tmp21[]={32, 32, 32};

 static uint16_t cli_tmp22[]={32, 92, 32};

 static uint16_t cli_tmp23[]={93};

 static uint16_t cli_tmp24[]={92};

@@ -98,12 +103,12 @@ const struct cli_bc_type cli_apicall_types[]={

 	{DStructType, cli_tmp12, 9, 0, 0},

 	{DArrayType, cli_tmp13, 64, 0, 0},

 	{DFunctionType, cli_tmp14, 3, 0, 0},

-	{DPointerType, cli_tmp15, 1, 0, 0},

-	{DStructType, cli_tmp16, 6, 0, 0},

-	{DArrayType, cli_tmp17, 29, 0, 0},

-	{DArrayType, cli_tmp18, 10, 0, 0},

-	{DArrayType, cli_tmp19, 3, 0, 0},

-	{DFunctionType, cli_tmp20, 3, 0, 0},

+	{DFunctionType, cli_tmp15, 3, 0, 0},

+	{DPointerType, cli_tmp16, 1, 0, 0},

+	{DStructType, cli_tmp17, 6, 0, 0},

+	{DArrayType, cli_tmp18, 29, 0, 0},

+	{DArrayType, cli_tmp19, 10, 0, 0},

+	{DArrayType, cli_tmp20, 3, 0, 0},

 	{DFunctionType, cli_tmp21, 3, 0, 0},

 	{DFunctionType, cli_tmp22, 3, 0, 0},

 	{DPointerType, cli_tmp23, 1, 0, 0},

@@ -114,14 +119,19 @@ const unsigned cli_apicall_maxtypes=sizeof(cli_apicall_types)/sizeof(cli_apicall

 const struct cli_apicall cli_apicalls[]={

 /* Bytecode APIcalls BEGIN */

 	{"test0", 22, 0, 1},

-	{"test1", 20, 0, 0},

-	{"read", 21, 1, 1},

-	{"write", 21, 2, 1},

-	{"seek", 20, 1, 0},

-	{"setvirusname", 21, 3, 1},

-	{"debug_print_str", 21, 4, 1},

-	{"debug_print_uint", 20, 2, 0},

-	{"disasm_x86", 14, 5, 1}

+	{"test1", 21, 0, 0},

+	{"read", 14, 1, 1},

+	{"write", 14, 2, 1},

+	{"seek", 21, 1, 0},

+	{"setvirusname", 14, 3, 1},

+	{"debug_print_str", 14, 4, 1},

+	{"debug_print_uint", 21, 2, 0},

+	{"disasm_x86", 15, 5, 1},

+	{"trace_directory", 14, 6, 1},

+	{"trace_scope", 14, 7, 1},

+	{"trace_source", 14, 8, 1},

+	{"trace_op", 14, 9, 1},

+	{"trace_value", 14, 10, 1}

 /* Bytecode APIcalls END */

 };

 const cli_apicall_int2 cli_apicalls0[] = {

@@ -135,6 +145,11 @@ const cli_apicall_pointer cli_apicalls1[] = {

 	(cli_apicall_pointer)cli_bcapi_write,

 	(cli_apicall_pointer)cli_bcapi_setvirusname,

 	(cli_apicall_pointer)cli_bcapi_debug_print_str,

-	(cli_apicall_pointer)cli_bcapi_disasm_x86

+	(cli_apicall_pointer)cli_bcapi_disasm_x86,

+	(cli_apicall_pointer)cli_bcapi_trace_directory,

+	(cli_apicall_pointer)cli_bcapi_trace_scope,

+	(cli_apicall_pointer)cli_bcapi_trace_source,

+	(cli_apicall_pointer)cli_bcapi_trace_op,

+	(cli_apicall_pointer)cli_bcapi_trace_value

 };

 const unsigned cli_apicall_maxapi = sizeof(cli_apicalls)/sizeof(cli_apicalls[0]);

@@ -39,5 +39,10 @@ uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx *ctx, const const uint8_t*, ui

 uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

 uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t, uint32_t);

 uint32_t cli_bcapi_disasm_x86(struct cli_bc_ctx *ctx, struct DISASM_RESULT*, uint32_t);

+uint32_t cli_bcapi_trace_directory(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

+uint32_t cli_bcapi_trace_scope(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

+uint32_t cli_bcapi_trace_source(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

+uint32_t cli_bcapi_trace_op(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

+uint32_t cli_bcapi_trace_value(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

 #endif

@@ -66,4 +66,7 @@ int bytecode_init(void)

     return 0;

 }

+void cli_bytecode_debug_printsrc(const struct cli_bc_ctx *ctx) {

+    // Empty

+}

 int have_clamjit=0;

@@ -103,6 +103,18 @@ struct cli_bc_dbgnode {

 };

 #define MAX_OP ~0u

+#define BC_TRACE_FUNC  0x1

+#define BC_TRACE_SCOPE 0x2

+#define BC_TRACE_LINE  0x4

+#define BC_TRACE_COL   0x8

+#define BC_TRACE_OP    0x10

+#define BC_TRACE_VAL   0x20

+#define BC_TRACE_TMP_FUNC  0x40

+#define BC_TRACE_TMP_SCOPE 0x80

+#define BC_TRACE_TMP_SRC  0x100

+#define BC_TRACE_SHOW_SOURCE 0x200

+#define BC_TRACE_ALL (BC_TRACE_FUNC | BC_TRACE_SCOPE | BC_TRACE_LINE | BC_TRACE_COL | BC_TRACE_OP | BC_TRACE_VAL | BC_TRACE_SHOW_SOURCE)

+

 struct cli_bc_ctx {

     /* id and params of toplevel function called */

     const struct cli_bc *bc;

@@ -122,6 +134,13 @@ struct cli_bc_ctx {

     char *tempfile;

     void *ctx;

     unsigned written;

+    unsigned trace_mask;

+    const char *scope;

+    uint32_t scopeid;

+    const char *file;

+    const char *directory;

+    unsigned lastline;

+    unsigned lastcol;

 };

 struct cli_all_bc;

 int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct cli_bc_func *func, const struct cli_bc_inst *inst);

@@ -22,6 +22,7 @@

 #define DEBUG_TYPE "clamavjit"

 #include "llvm/ADT/DenseMap.h"

 #include "llvm/ADT/BitVector.h"

+#include "llvm/ADT/StringMap.h"

 #include "llvm/CallingConv.h"

 #include "llvm/DerivedTypes.h"

 #include "llvm/Function.h"

@@ -37,10 +38,13 @@

 #include "llvm/Support/CommandLine.h"

 #include "llvm/Support/ErrorHandling.h"

 #include "llvm/Support/ManagedStatic.h"

+#include "llvm/Support/MemoryBuffer.h"

 #include "llvm/Support/raw_ostream.h"

+#include "llvm/Support/SourceMgr.h"

 #include "llvm/Support/IRBuilder.h"

 #include "llvm/Support/PrettyStackTrace.h"

 #include "llvm/System/DataTypes.h"

+#include "llvm/System/Mutex.h"

 #include "llvm/System/Signals.h"

 #include "llvm/System/Threading.h"

 #include "llvm/Target/TargetSelect.h"

@@ -264,6 +268,8 @@ private:

 	    operand &= 0x7fffffff;

 	    assert(operand < globals.size() && "Global index out of range");

 	    // Global

+	    if (!operand)

+		return ConstantPointerNull::get(PointerType::getUnqual(Type::getInt8Ty(Context)));

 	    if (GlobalVariable *GV = dyn_cast<GlobalVariable>(globals[operand])) {

 		if (ConstantExpr *CE = dyn_cast<ConstantExpr>(GV->getInitializer())) {

 		    return CE;

@@ -328,14 +334,22 @@ private:

     Constant *buildConstant(const Type *Ty, uint64_t *components, unsigned &c)

     {

-        if (isa<PointerType>(Ty)) {

-          Constant *idxs[2] = {

+        if (const PointerType *PTy = dyn_cast<PointerType>(Ty)) {

+          Value *idxs[2] = {

 	      ConstantInt::get(Type::getInt32Ty(Context), 0),

 	      ConstantInt::get(Type::getInt32Ty(Context), components[c++])

 	  };

 	  unsigned idx = components[c++];

+	  if (!idx)

+	      return ConstantPointerNull::get(PTy);

 	  assert(idx < globals.size());

 	  GlobalVariable *GV = cast<GlobalVariable>(globals[idx]);

+	  const Type *GTy = GetElementPtrInst::getIndexedType(GV->getType(), idxs, 2);

+	  if (!GTy || GTy != PTy->getElementType()) {

+	      errs() << "Type mismatch for GEP: " << *PTy->getElementType() << " != " << *GTy

+		  << "; base is " << *GV << "\n";

+	      llvm_report_error("(libclamav) Type mismatch converting constant");

+	  }

 	  return ConstantExpr::getInBoundsGetElementPtr(GV, idxs, 2);

         }

 	if (isa<IntegerType>(Ty)) {

@@ -517,8 +531,8 @@ public:

 	globals.reserve(bc->num_globals);

 	BitVector FakeGVs;

-	FakeGVs.resize(bc->num_globals);

-

+	FakeGVs.resize(bc->num_globals+1);

+	globals.push_back(0);

 	for (unsigned i=0;i<bc->num_globals;i++) {

 	    const Type *Ty = mapType(bc->globaltys[i]);

@@ -528,7 +542,7 @@ public:

 	    if (isa<PointerType>(Ty)) {

 		unsigned g = bc->globals[i][1];

 		if (GVoffsetMap.count(g)) {

-		    FakeGVs.set(i);

+		    FakeGVs.set(i+1);

 		    globals.push_back(0);

 		    continue;

 		}

@@ -596,7 +610,7 @@ public:

 		Argument *Ctx = F->arg_begin();

 		struct cli_bc_ctx *N = 0;

 		for (unsigned i=0;i<bc->num_globals;i++) {

-		    if (!FakeGVs[i])

+		    if (!FakeGVs[i+1])

 			continue;

 		    unsigned g = bc->globals[i][1];

 		    unsigned offset = GVoffsetMap[g];

@@ -1207,4 +1221,67 @@ void cli_bytecode_debug(int argc, char **argv)

   cl::ParseCommandLineOptions(argc, argv);

 }

+struct lines {

+    MemoryBuffer *buffer;

+    std::vector<const char*> lines;

+};

+

+static struct lineprinter {

+    StringMap<struct lines*> files;

+} LinePrinter;

+

+void cli_bytecode_debug_printsrc(const struct cli_bc_ctx *ctx)

+{

+    if (!ctx->file || !ctx->directory || !ctx->lastline) {

+	errs() << (ctx->directory ? "d":"null") << ":" << (ctx->file ? "f" : "null")<< ":" << ctx->lastline << "\n";

+	return;

+    }

+    // acquire a mutex here

+    sys::Mutex mtx(false);

+    sys::SmartScopedLock<false> lock(mtx);

+

+    std::string path = std::string(ctx->directory) + "/" + std::string(ctx->file);

+    StringMap<struct lines*>::iterator I = LinePrinter.files.find(path);

+    struct lines *lines;

+    if (I == LinePrinter.files.end()) {

+	lines = new struct lines;

+	std::string ErrorMessage;

+	lines->buffer = MemoryBuffer::getFile(path, &ErrorMessage);

+	if (!lines->buffer) {

+	    errs() << "Unable to open file '" << path << "'\n";

+	    return ;

+	}

+	LinePrinter.files[path] = lines;

+    } else {

+	lines = I->getValue();

+    }

+    const char *linestart;

+    while (lines->lines.size() <= ctx->lastline+1) {

+	const char *p;

+	if (lines->lines.empty()) {

+	    p = lines->buffer->getBufferStart();

+	    lines->lines.push_back(p);

+	} else {

+	    p = lines->lines.back();

+	    if (p == lines->buffer->getBufferEnd())

+		break;

+	    p = strchr(p, '\n');

+	    if (!p) {

+		p = lines->buffer->getBufferEnd();

+		lines->lines.push_back(p);

+	    } else

+		lines->lines.push_back(p+1);

+	}

+    }

+    if (ctx->lastline >= lines->lines.size()) {

+	errs() << "Line number " << ctx->lastline << "out of file\n";

+	return;

+    }

+    assert(ctx->lastline < lines->lines.size());

+    SMDiagnostic diag(ctx->file, ctx->lastline ? ctx->lastline : -1,

+		 ctx->lastcol ? ctx->lastcol-1 : -1,

+		 "", std::string(lines->lines[ctx->lastline-1], lines->lines[ctx->lastline]-1));

+    diag.Print("[trace]", errs());

+}

+

 int have_clamjit=1;

@@ -353,8 +353,10 @@ void cli_errmsg(const char *str, ...);

  * such as debug paths, and error paths */

 #if (__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 2)

 #define UNLIKELY(cond) __builtin_expect(!!(cond), 0)

+#define LIKELY(cond) __builtin_expect(!!(cond), 1)

 #else

 #define UNLIKELY(cond) (cond)

+#define LIKELY(cond) (cond)

 #endif

 #ifdef __GNUC__

@@ -1949,6 +1949,7 @@ int cli_scanpe(cli_ctx *ctx)

 	    return CL_EREAD;

 	}

+	cli_dbgmsg("%d,%d,%d,%d\n", nsections-1, e_lfanew, ecx, offset);

 	CLI_UNPTEMP("yC",(spinned,exe_sections,0));

 	CLI_UNPRESULTS("yC",(yc_decrypt(spinned, fsize, exe_sections, nsections-1, e_lfanew, ndesc, ecx, offset)),0,(spinned,0));

 	}

@@ -2,10 +2,10 @@ ClamBCaa`|``c``a```|`bjaabp`clamcoincidencejb

 Trojan.Foo.{A,B};Target:1;(((0|1|2)=42,2)|(3=10));EP+0:aabb;ffff;aaccee;f00d;dead

 Tedebieebheebgeebfeebeeebdeebbeebaeebadebcdaaa`aacb`bbadb`bdb`db`bcajbadbcebadbcebadbcebadbcebadbcecaab`bdagahdaeahdajahdabbaddabahdakah

 Eafaaafb`e|amcgefdgfgifbgegcgnfafmfef``

-Gd```hbhabieBdeBbgBofBjfBafBnfBnbBfdBofBof@`bheBad@`bheBbd@`bge@Aa@Ab`b`aAa`b`aC``a`bfeBedB`eBkbB`cBjcBafBafBbfBbf@`beeBffBffBffBff@`beeBffB`cB`cBdf@`bdeBafBafBcfBcfBefBef@`beeBdfBefBafBdf@`bbe@Af@@AgAa@AhAc@AiAb@AjAd`bad@Aa`bad@Ab`bad@Af`bad@Ag`bad@Ah`bad@Ai`bad@Aj`bcdAdD```h`bcdAcD```h`bcdAbD```h`bcdAaD```h`bcd@D```h`

+Gd```hbhabieBdeBbgBofBjfBafBnfBnbBfdBofBof@`bheBad@`bheBbd@`bge@Ab@Ac`b`aAa`b`aC``a`bfeBedB`eBkbB`cBjcBafBafBbfBbf@`beeBffBffBffBff@`beeBffB`cB`cBdf@`bdeBafBafBcfBcfBefBef@`beeBdfBefBafBdf@`bbe@Ag@@AhAa@AiAc@AjAb@AkAd`bad@Ab`bad@Ac`bad@Ag`bad@Ah`bad@Ai`bad@Aj`bad@Ak`bcdAdD```h`bcdAcD```h`bcdAbD```h`bcdAaD```h`bcd@D```h`

 A`b`bLaeb`b`aa`aa`bad`b`b`Fahac

-Bb`b`gbBca`aaaagab`b`AadTaaaaaaab

-Baaabeab`b`AbdbadacoaabAl`Am`b`badabbafac@dTcab`b@d

+Bb`b`gbBda`aaaagab`b`AadTaaaaaaab

+Baaabeab`b`AbdbadacoaabAm`An`b`badabbafac@dTcab`b@d

 BTcab`b@dE

 A`aaLbcab`b`b`b`b`b`b`b`b`b`aa`aa`aa`aa`b`b`b`b`b`b`b`b`b`b`aa`aa`b`b`aa`aa`Fbdaaa

-Bb`b`gbBga`b`baagbBfa`b`babgbBea`b`baca`aa`b`bada`acabaaaeeab`badBjbdaaaffab`bab@daaagfab`baa@daaahfab`b`@db`bai`aafb`baj`aagb`bak`aahb`bala`ajakb`bama`alaiaaaneab`bamAbdaaaok`anaeb`bb`agbBda`aabaaeab`bb`aAjdaabbal`aobaaTcaaabbaE

+Bb`b`gbBha`b`baagbBga`b`babgbBfa`b`baca`aa`b`bada`acabaaaeeab`badBjbdaaaffab`bab@daaagfab`baa@daaahfab`b`@db`bai`aafb`baj`aagb`bak`aahb`bala`ajakb`bama`alaiaaaneab`bamAbdaaaok`anaeb`bb`agbBea`aabaaeab`bb`aAjdaabbal`aobaaTcaaabbaE