java -ea -Xmx8000000000 -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc ../../../trunk/examples/toolchains/AutomizerC.xml -s ../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf -i ../../../trunk/examples/svcomp/ssh/s3_srvr.blast.12_false-unreach-call.i.cil.c -------------------------------------------------------------------------------- This is Ultimate 0.1.23-18e5b2d-m [2018-11-18 21:39:05,559 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-11-18 21:39:05,562 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-11-18 21:39:05,581 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-11-18 21:39:05,581 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-11-18 21:39:05,583 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-11-18 21:39:05,584 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-11-18 21:39:05,587 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-11-18 21:39:05,589 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-11-18 21:39:05,591 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-11-18 21:39:05,592 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-11-18 21:39:05,592 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-11-18 21:39:05,595 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2018-11-18 21:39:05,598 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-11-18 21:39:05,607 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2018-11-18 21:39:05,607 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-11-18 21:39:05,608 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-11-18 21:39:05,611 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-11-18 21:39:05,615 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-11-18 21:39:05,617 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-11-18 21:39:05,619 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-11-18 21:39:05,621 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-11-18 21:39:05,624 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-11-18 21:39:05,625 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-11-18 21:39:05,626 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2018-11-18 21:39:05,626 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-11-18 21:39:05,627 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-11-18 21:39:05,629 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2018-11-18 21:39:05,630 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-11-18 21:39:05,631 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-11-18 21:39:05,631 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-11-18 21:39:05,632 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-11-18 21:39:05,632 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2018-11-18 21:39:05,632 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2018-11-18 21:39:05,635 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-11-18 21:39:05,636 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-11-18 21:39:05,636 INFO L98 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf [2018-11-18 21:39:05,665 INFO L110 SettingsManager]: Loading preferences was successful [2018-11-18 21:39:05,665 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-11-18 21:39:05,666 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-11-18 21:39:05,666 INFO L133 SettingsManager]: * to procedures, called more than once=true [2018-11-18 21:39:05,667 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2018-11-18 21:39:05,667 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2018-11-18 21:39:05,667 INFO L133 SettingsManager]: * Use SBE=true [2018-11-18 21:39:05,667 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-11-18 21:39:05,668 INFO L133 SettingsManager]: * sizeof long=4 [2018-11-18 21:39:05,668 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-11-18 21:39:05,668 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-11-18 21:39:05,668 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2018-11-18 21:39:05,668 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-11-18 21:39:05,668 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2018-11-18 21:39:05,669 INFO L133 SettingsManager]: * Use bitvectors instead of ints=true [2018-11-18 21:39:05,669 INFO L133 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2018-11-18 21:39:05,669 INFO L133 SettingsManager]: * sizeof long double=12 [2018-11-18 21:39:05,669 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2018-11-18 21:39:05,669 INFO L133 SettingsManager]: * Use constant arrays=true [2018-11-18 21:39:05,670 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2018-11-18 21:39:05,670 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-11-18 21:39:05,670 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-11-18 21:39:05,670 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-11-18 21:39:05,670 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-11-18 21:39:05,671 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-18 21:39:05,671 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-11-18 21:39:05,671 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-11-18 21:39:05,671 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-11-18 21:39:05,671 INFO L133 SettingsManager]: * Trace refinement strategy=WOLF [2018-11-18 21:39:05,672 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-11-18 21:39:05,672 INFO L133 SettingsManager]: * Command for external solver=cvc4nyu --tear-down-incremental --rewrite-divk --print-success --lang smt [2018-11-18 21:39:05,672 INFO L133 SettingsManager]: * Logic for external solver=AUFBV [2018-11-18 21:39:05,672 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2018-11-18 21:39:05,720 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-11-18 21:39:05,737 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2018-11-18 21:39:05,741 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2018-11-18 21:39:05,743 INFO L271 PluginConnector]: Initializing CDTParser... [2018-11-18 21:39:05,744 INFO L276 PluginConnector]: CDTParser initialized [2018-11-18 21:39:05,744 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/ssh/s3_srvr.blast.12_false-unreach-call.i.cil.c [2018-11-18 21:39:05,817 INFO L221 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f18d23800/c6e8c41ee1234b98b548bb269d8c6b2b/FLAGca0964436 [2018-11-18 21:39:06,500 INFO L307 CDTParser]: Found 1 translation units. [2018-11-18 21:39:06,500 INFO L161 CDTParser]: Scanning /storage/repos/ultimate/trunk/examples/svcomp/ssh/s3_srvr.blast.12_false-unreach-call.i.cil.c [2018-11-18 21:39:06,523 INFO L355 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f18d23800/c6e8c41ee1234b98b548bb269d8c6b2b/FLAGca0964436 [2018-11-18 21:39:06,683 INFO L363 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f18d23800/c6e8c41ee1234b98b548bb269d8c6b2b [2018-11-18 21:39:06,693 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-11-18 21:39:06,695 INFO L131 ToolchainWalker]: Walking toolchain with 4 elements. [2018-11-18 21:39:06,696 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-11-18 21:39:06,696 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-11-18 21:39:06,701 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-11-18 21:39:06,702 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 09:39:06" (1/1) ... [2018-11-18 21:39:06,705 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@5b6c3365 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 09:39:06, skipping insertion in model container [2018-11-18 21:39:06,706 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 09:39:06" (1/1) ... [2018-11-18 21:39:06,717 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2018-11-18 21:39:06,814 INFO L176 MainTranslator]: Built tables and reachable declarations [2018-11-18 21:39:07,460 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-18 21:39:07,488 INFO L191 MainTranslator]: Completed pre-run [2018-11-18 21:39:07,848 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-18 21:39:07,890 INFO L195 MainTranslator]: Completed translation [2018-11-18 21:39:07,890 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 09:39:07 WrapperNode [2018-11-18 21:39:07,890 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-11-18 21:39:07,891 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-11-18 21:39:07,892 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-11-18 21:39:07,892 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-11-18 21:39:07,908 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 09:39:07" (1/1) ... [2018-11-18 21:39:07,908 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 09:39:07" (1/1) ... [2018-11-18 21:39:07,961 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 09:39:07" (1/1) ... [2018-11-18 21:39:07,961 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 09:39:07" (1/1) ... [2018-11-18 21:39:08,085 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 09:39:07" (1/1) ... [2018-11-18 21:39:08,095 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 09:39:07" (1/1) ... [2018-11-18 21:39:08,100 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 09:39:07" (1/1) ... [2018-11-18 21:39:08,107 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-11-18 21:39:08,108 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-11-18 21:39:08,108 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-11-18 21:39:08,108 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-11-18 21:39:08,109 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 09:39:07" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-18 21:39:08,185 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-11-18 21:39:08,186 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-11-18 21:39:08,186 INFO L138 BoogieDeclarations]: Found implementation of procedure ssl3_get_server_method [2018-11-18 21:39:08,186 INFO L138 BoogieDeclarations]: Found implementation of procedure SSLv3_server_method [2018-11-18 21:39:08,187 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2018-11-18 21:39:08,187 INFO L138 BoogieDeclarations]: Found implementation of procedure ssl3_accept [2018-11-18 21:39:08,187 INFO L138 BoogieDeclarations]: Found implementation of procedure sslv3_base_method [2018-11-18 21:39:08,187 INFO L138 BoogieDeclarations]: Found implementation of procedure #Ultimate.meminit [2018-11-18 21:39:08,187 INFO L138 BoogieDeclarations]: Found implementation of procedure #Ultimate.C_memcpy [2018-11-18 21:39:08,188 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_error [2018-11-18 21:39:08,188 INFO L130 BoogieDeclarations]: Found specification of procedure malloc [2018-11-18 21:39:08,188 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_char [2018-11-18 21:39:08,188 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_int [2018-11-18 21:39:08,188 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_long [2018-11-18 21:39:08,189 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_pointer [2018-11-18 21:39:08,189 INFO L130 BoogieDeclarations]: Found specification of procedure memcpy [2018-11-18 21:39:08,189 INFO L130 BoogieDeclarations]: Found specification of procedure SSLv3_server_method [2018-11-18 21:39:08,189 INFO L130 BoogieDeclarations]: Found specification of procedure sslv3_base_method [2018-11-18 21:39:08,189 INFO L130 BoogieDeclarations]: Found specification of procedure ssl3_accept [2018-11-18 21:39:08,190 INFO L130 BoogieDeclarations]: Found specification of procedure ssl3_get_server_method [2018-11-18 21:39:08,190 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.C_memcpy [2018-11-18 21:39:08,190 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2018-11-18 21:39:08,191 INFO L130 BoogieDeclarations]: Found specification of procedure main [2018-11-18 21:39:08,191 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-11-18 21:39:08,191 INFO L130 BoogieDeclarations]: Found specification of procedure write~intINTTYPE4 [2018-11-18 21:39:08,191 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2018-11-18 21:39:08,191 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE4 [2018-11-18 21:39:08,191 INFO L130 BoogieDeclarations]: Found specification of procedure calloc [2018-11-18 21:39:08,192 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.meminit [2018-11-18 21:39:08,192 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-11-18 21:39:08,192 INFO L130 BoogieDeclarations]: Found specification of procedure write~unchecked~intINTTYPE4 [2018-11-18 21:39:08,192 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-11-18 21:39:08,192 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2018-11-18 21:39:08,828 WARN L687 $ProcedureCfgBuilder]: Two Gotos in a row! There was dead code [2018-11-18 21:39:08,828 WARN L652 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2018-11-18 21:39:13,853 INFO L280 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-11-18 21:39:13,853 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 09:39:13 BoogieIcfgContainer [2018-11-18 21:39:13,854 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-11-18 21:39:13,855 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2018-11-18 21:39:13,855 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2018-11-18 21:39:13,858 INFO L276 PluginConnector]: TraceAbstraction initialized [2018-11-18 21:39:13,859 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 18.11 09:39:06" (1/3) ... [2018-11-18 21:39:13,860 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7d13e21a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 18.11 09:39:13, skipping insertion in model container [2018-11-18 21:39:13,860 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 09:39:07" (2/3) ... [2018-11-18 21:39:13,860 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7d13e21a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 18.11 09:39:13, skipping insertion in model container [2018-11-18 21:39:13,860 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 09:39:13" (3/3) ... [2018-11-18 21:39:13,862 INFO L112 eAbstractionObserver]: Analyzing ICFG s3_srvr.blast.12_false-unreach-call.i.cil.c [2018-11-18 21:39:13,873 INFO L136 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2018-11-18 21:39:13,882 INFO L148 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2018-11-18 21:39:13,900 INFO L257 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2018-11-18 21:39:13,935 INFO L133 ementStrategyFactory]: Using default assertion order modulation [2018-11-18 21:39:13,936 INFO L382 AbstractCegarLoop]: Interprodecural is true [2018-11-18 21:39:13,936 INFO L383 AbstractCegarLoop]: Hoare is true [2018-11-18 21:39:13,936 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2018-11-18 21:39:13,937 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2018-11-18 21:39:13,937 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2018-11-18 21:39:13,937 INFO L387 AbstractCegarLoop]: Difference is false [2018-11-18 21:39:13,937 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2018-11-18 21:39:13,937 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2018-11-18 21:39:13,960 INFO L276 IsEmpty]: Start isEmpty. Operand 160 states. [2018-11-18 21:39:13,972 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2018-11-18 21:39:13,972 INFO L367 BasicCegarLoop]: Found error trace [2018-11-18 21:39:13,973 INFO L375 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-18 21:39:13,976 INFO L423 AbstractCegarLoop]: === Iteration 1 === [ssl3_acceptErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-18 21:39:13,983 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-18 21:39:13,984 INFO L82 PathProgramCache]: Analyzing trace with hash 2051881967, now seen corresponding path program 1 times [2018-11-18 21:39:13,990 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-18 21:39:13,991 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-18 21:39:14,010 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-18 21:39:14,228 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:39:14,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:39:14,322 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-18 21:39:14,688 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 20 [2018-11-18 21:39:14,716 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 23 [2018-11-18 21:39:14,801 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:14,826 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 33 [2018-11-18 21:39:14,925 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:14,977 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 27 [2018-11-18 21:39:15,006 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-18 21:39:15,123 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:15,164 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:15,176 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:15,193 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:15,194 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:27, output treesize:13 [2018-11-18 21:39:15,211 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:39:15,490 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:15,491 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 38 [2018-11-18 21:39:15,521 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:15,534 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:15,535 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 35 [2018-11-18 21:39:15,586 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:39:15,672 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:15,762 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:15,763 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:34, output treesize:13 [2018-11-18 21:39:17,790 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:39:18,013 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-18 21:39:18,028 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-18 21:39:18,030 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:39:18,063 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:18,075 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:18,075 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-18 21:39:18,078 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:39:18,132 INFO L256 TraceCheckUtils]: 0: Hoare triple {163#true} call ULTIMATE.init(); {163#true} is VALID [2018-11-18 21:39:18,135 INFO L273 TraceCheckUtils]: 1: Hoare triple {163#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];~init~0 := 1bv32;call ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset := #Ultimate.alloc(100bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32); {163#true} is VALID [2018-11-18 21:39:18,137 INFO L273 TraceCheckUtils]: 2: Hoare triple {163#true} assume true; {163#true} is VALID [2018-11-18 21:39:18,137 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {163#true} {163#true} #692#return; {163#true} is VALID [2018-11-18 21:39:18,137 INFO L256 TraceCheckUtils]: 4: Hoare triple {163#true} call #t~ret138 := main(); {163#true} is VALID [2018-11-18 21:39:18,144 INFO L273 TraceCheckUtils]: 5: Hoare triple {163#true} havoc ~s~0.base, ~s~0.offset;havoc ~tmp~2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(248bv32);~s~0.base, ~s~0.offset := #t~malloc3.base, #t~malloc3.offset;call #t~malloc4.base, #t~malloc4.offset := #Ultimate.alloc(899bv32);call write~$Pointer$(#t~malloc4.base, #t~malloc4.offset, ~s~0.base, ~bvadd32(84bv32, ~s~0.offset), 4bv32);call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(232bv32);call write~$Pointer$(#t~malloc5.base, #t~malloc5.offset, ~s~0.base, ~bvadd32(204bv32, ~s~0.offset), 4bv32);call #t~malloc6.base, #t~malloc6.offset := #Ultimate.alloc(200bv32);call write~$Pointer$(#t~malloc6.base, #t~malloc6.offset, ~s~0.base, ~bvadd32(176bv32, ~s~0.offset), 4bv32); {183#(= main_~s~0.offset (_ bv0 32))} is VALID [2018-11-18 21:39:18,154 INFO L256 TraceCheckUtils]: 6: Hoare triple {183#(= main_~s~0.offset (_ bv0 32))} call #t~ret7 := ssl3_accept(~s~0.base, ~s~0.offset); {187#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} is VALID [2018-11-18 21:39:18,157 INFO L273 TraceCheckUtils]: 7: Hoare triple {187#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} ~s.base, ~s.offset := #in~s.base, #in~s.offset;havoc ~buf~0.base, ~buf~0.offset;havoc ~l~0;havoc ~Time~0;havoc ~tmp~3;havoc ~cb~0.base, ~cb~0.offset;havoc ~num1~0;havoc ~ret~0;havoc ~new_state~0;havoc ~state~0;havoc ~skip~0;havoc ~got_new_session~0;~tmp___1~0 := #t~nondet8;havoc #t~nondet8;~tmp___2~0 := #t~nondet9;havoc #t~nondet9;~tmp___3~0 := #t~nondet10;havoc #t~nondet10;~tmp___4~0 := #t~nondet11;havoc #t~nondet11;~tmp___5~0 := #t~nondet12;havoc #t~nondet12;~tmp___6~0 := #t~nondet13;havoc #t~nondet13;havoc ~tmp___7~0;~tmp___8~0 := #t~nondet14;havoc #t~nondet14;~tmp___9~0 := #t~nondet15;havoc #t~nondet15;~tmp___10~0 := #t~nondet16;havoc #t~nondet16;havoc ~blastFlag~0;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~blastFlag~0 := 0bv32;call write~intINTTYPE4(#t~nondet17, ~s.base, ~bvadd32(92bv32, ~s.offset), 4bv32);havoc #t~nondet17;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~tmp~3 := #t~nondet18;havoc #t~nondet18;~Time~0 := ~tmp~3;~cb~0.base, ~cb~0.offset := 0bv32, 0bv32;~ret~0 := 4294967295bv32;~skip~0 := 0bv32;~got_new_session~0 := 0bv32;call #t~mem19.base, #t~mem19.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,176 INFO L273 TraceCheckUtils]: 8: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume 0bv32 != ~bvadd32(#t~mem19.base, #t~mem19.offset);havoc #t~mem19.base, #t~mem19.offset;call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32);~cb~0.base, ~cb~0.offset := #t~mem20.base, #t~mem20.offset;havoc #t~mem20.base, #t~mem20.offset; {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,178 INFO L273 TraceCheckUtils]: 9: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem21 := read~intINTTYPE4(~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem21), ~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);havoc #t~mem21; {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,179 INFO L273 TraceCheckUtils]: 10: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 != ~bvand32(12288bv32, ~tmp___1~0)); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,181 INFO L273 TraceCheckUtils]: 11: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~s.base, ~bvadd32(136bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,182 INFO L273 TraceCheckUtils]: 12: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 == ~bvadd32(#t~mem22.base, #t~mem22.offset));havoc #t~mem22.base, #t~mem22.offset; {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,183 INFO L273 TraceCheckUtils]: 13: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume true; {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,185 INFO L273 TraceCheckUtils]: 14: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !false; {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,198 INFO L273 TraceCheckUtils]: 15: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,203 INFO L273 TraceCheckUtils]: 16: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,204 INFO L273 TraceCheckUtils]: 17: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,205 INFO L273 TraceCheckUtils]: 18: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,207 INFO L273 TraceCheckUtils]: 19: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,208 INFO L273 TraceCheckUtils]: 20: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,213 INFO L273 TraceCheckUtils]: 21: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,214 INFO L273 TraceCheckUtils]: 22: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,215 INFO L273 TraceCheckUtils]: 23: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8482bv32 == #t~mem31);havoc #t~mem31;call #t~mem32 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,216 INFO L273 TraceCheckUtils]: 24: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8464bv32 == #t~mem32);havoc #t~mem32;call #t~mem33 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,217 INFO L273 TraceCheckUtils]: 25: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8465bv32 == #t~mem33);havoc #t~mem33;call #t~mem34 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,218 INFO L273 TraceCheckUtils]: 26: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8466bv32 == #t~mem34);havoc #t~mem34;call #t~mem35 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,222 INFO L273 TraceCheckUtils]: 27: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8496bv32 == #t~mem35);havoc #t~mem35;call #t~mem36 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,240 INFO L273 TraceCheckUtils]: 28: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8497bv32 == #t~mem36);havoc #t~mem36;call #t~mem37 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,242 INFO L273 TraceCheckUtils]: 29: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8512bv32 == #t~mem37);havoc #t~mem37;call #t~mem38 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,243 INFO L273 TraceCheckUtils]: 30: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8513bv32 == #t~mem38);havoc #t~mem38;call #t~mem39 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,244 INFO L273 TraceCheckUtils]: 31: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8528bv32 == #t~mem39);havoc #t~mem39;call #t~mem40 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,245 INFO L273 TraceCheckUtils]: 32: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8529bv32 == #t~mem40);havoc #t~mem40;call #t~mem41 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,245 INFO L273 TraceCheckUtils]: 33: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8544bv32 == #t~mem41);havoc #t~mem41;call #t~mem42 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,246 INFO L273 TraceCheckUtils]: 34: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8545bv32 == #t~mem42);havoc #t~mem42;call #t~mem43 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,247 INFO L273 TraceCheckUtils]: 35: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8560bv32 == #t~mem43);havoc #t~mem43;call #t~mem44 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,252 INFO L273 TraceCheckUtils]: 36: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8561bv32 == #t~mem44);havoc #t~mem44;call #t~mem45 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,253 INFO L273 TraceCheckUtils]: 37: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8448bv32 == #t~mem45);havoc #t~mem45;call #t~mem46 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,254 INFO L273 TraceCheckUtils]: 38: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8576bv32 == #t~mem46);havoc #t~mem46;call #t~mem47 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,255 INFO L273 TraceCheckUtils]: 39: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8577bv32 == #t~mem47);havoc #t~mem47;call #t~mem48 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,256 INFO L273 TraceCheckUtils]: 40: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8592bv32 == #t~mem48);havoc #t~mem48;call #t~mem49 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,258 INFO L273 TraceCheckUtils]: 41: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8593bv32 == #t~mem49);havoc #t~mem49;call #t~mem50 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,259 INFO L273 TraceCheckUtils]: 42: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8608bv32 == #t~mem50);havoc #t~mem50;call #t~mem51 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:18,260 INFO L273 TraceCheckUtils]: 43: Hoare triple {191#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8609bv32 == #t~mem51);havoc #t~mem51;call #t~mem52 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {300#(= (bvadd |ssl3_accept_#t~mem52| (_ bv4294958832 32)) (_ bv0 32))} is VALID [2018-11-18 21:39:18,261 INFO L273 TraceCheckUtils]: 44: Hoare triple {300#(= (bvadd |ssl3_accept_#t~mem52| (_ bv4294958832 32)) (_ bv0 32))} assume 8640bv32 == #t~mem52;havoc #t~mem52; {164#false} is VALID [2018-11-18 21:39:18,261 INFO L273 TraceCheckUtils]: 45: Hoare triple {164#false} ~ret~0 := #t~nondet115;havoc #t~nondet115; {164#false} is VALID [2018-11-18 21:39:18,261 INFO L273 TraceCheckUtils]: 46: Hoare triple {164#false} assume !(9bv32 == ~blastFlag~0); {164#false} is VALID [2018-11-18 21:39:18,262 INFO L273 TraceCheckUtils]: 47: Hoare triple {164#false} assume !false; {164#false} is VALID [2018-11-18 21:39:18,277 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-18 21:39:18,277 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-18 21:39:18,284 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-18 21:39:18,284 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-18 21:39:18,293 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 48 [2018-11-18 21:39:18,300 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-18 21:39:18,306 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-18 21:39:18,447 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:39:18,447 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-18 21:39:18,456 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-18 21:39:18,457 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2018-11-18 21:39:18,459 INFO L87 Difference]: Start difference. First operand 160 states. Second operand 6 states. [2018-11-18 21:39:35,815 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:39:35,815 INFO L93 Difference]: Finished difference Result 419 states and 707 transitions. [2018-11-18 21:39:35,816 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2018-11-18 21:39:35,816 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 48 [2018-11-18 21:39:35,816 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-18 21:39:35,818 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:39:35,844 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 707 transitions. [2018-11-18 21:39:35,844 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:39:35,859 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 707 transitions. [2018-11-18 21:39:35,859 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 707 transitions. [2018-11-18 21:39:37,664 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 707 edges. 707 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:39:37,691 INFO L225 Difference]: With dead ends: 419 [2018-11-18 21:39:37,691 INFO L226 Difference]: Without dead ends: 247 [2018-11-18 21:39:37,696 INFO L604 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 43 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2018-11-18 21:39:37,716 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 247 states. [2018-11-18 21:39:37,857 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 247 to 176. [2018-11-18 21:39:37,857 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-18 21:39:37,858 INFO L82 GeneralOperation]: Start isEquivalent. First operand 247 states. Second operand 176 states. [2018-11-18 21:39:37,858 INFO L74 IsIncluded]: Start isIncluded. First operand 247 states. Second operand 176 states. [2018-11-18 21:39:37,859 INFO L87 Difference]: Start difference. First operand 247 states. Second operand 176 states. [2018-11-18 21:39:37,875 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:39:37,876 INFO L93 Difference]: Finished difference Result 247 states and 376 transitions. [2018-11-18 21:39:37,876 INFO L276 IsEmpty]: Start isEmpty. Operand 247 states and 376 transitions. [2018-11-18 21:39:37,879 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:39:37,879 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:39:37,879 INFO L74 IsIncluded]: Start isIncluded. First operand 176 states. Second operand 247 states. [2018-11-18 21:39:37,879 INFO L87 Difference]: Start difference. First operand 176 states. Second operand 247 states. [2018-11-18 21:39:37,895 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:39:37,895 INFO L93 Difference]: Finished difference Result 247 states and 376 transitions. [2018-11-18 21:39:37,895 INFO L276 IsEmpty]: Start isEmpty. Operand 247 states and 376 transitions. [2018-11-18 21:39:37,897 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:39:37,897 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:39:37,897 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-18 21:39:37,898 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-18 21:39:37,898 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 176 states. [2018-11-18 21:39:37,907 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 176 states to 176 states and 278 transitions. [2018-11-18 21:39:37,909 INFO L78 Accepts]: Start accepts. Automaton has 176 states and 278 transitions. Word has length 48 [2018-11-18 21:39:37,910 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-18 21:39:37,910 INFO L480 AbstractCegarLoop]: Abstraction has 176 states and 278 transitions. [2018-11-18 21:39:37,910 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-18 21:39:37,910 INFO L276 IsEmpty]: Start isEmpty. Operand 176 states and 278 transitions. [2018-11-18 21:39:37,912 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 50 [2018-11-18 21:39:37,912 INFO L367 BasicCegarLoop]: Found error trace [2018-11-18 21:39:37,913 INFO L375 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-18 21:39:37,913 INFO L423 AbstractCegarLoop]: === Iteration 2 === [ssl3_acceptErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-18 21:39:37,913 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-18 21:39:37,913 INFO L82 PathProgramCache]: Analyzing trace with hash -823922151, now seen corresponding path program 1 times [2018-11-18 21:39:37,914 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-18 21:39:37,914 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-18 21:39:37,940 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-18 21:39:38,094 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:39:38,145 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:39:38,148 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-18 21:39:38,225 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 20 [2018-11-18 21:39:38,230 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 23 [2018-11-18 21:39:38,243 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:38,247 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 33 [2018-11-18 21:39:38,254 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:38,262 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 27 [2018-11-18 21:39:38,271 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-18 21:39:38,281 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:38,290 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:38,329 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:38,347 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:38,348 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:27, output treesize:13 [2018-11-18 21:39:38,364 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:39:38,399 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:38,400 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 38 [2018-11-18 21:39:38,408 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:38,414 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:38,420 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 35 [2018-11-18 21:39:38,466 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:39:38,473 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:38,485 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:38,486 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:34, output treesize:13 [2018-11-18 21:39:40,500 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:39:40,635 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-18 21:39:40,645 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-18 21:39:40,651 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:39:40,653 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:40,655 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:40,656 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-18 21:39:40,658 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:39:40,668 INFO L256 TraceCheckUtils]: 0: Hoare triple {1517#true} call ULTIMATE.init(); {1517#true} is VALID [2018-11-18 21:39:40,669 INFO L273 TraceCheckUtils]: 1: Hoare triple {1517#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];~init~0 := 1bv32;call ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset := #Ultimate.alloc(100bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32); {1517#true} is VALID [2018-11-18 21:39:40,669 INFO L273 TraceCheckUtils]: 2: Hoare triple {1517#true} assume true; {1517#true} is VALID [2018-11-18 21:39:40,670 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1517#true} {1517#true} #692#return; {1517#true} is VALID [2018-11-18 21:39:40,670 INFO L256 TraceCheckUtils]: 4: Hoare triple {1517#true} call #t~ret138 := main(); {1517#true} is VALID [2018-11-18 21:39:40,674 INFO L273 TraceCheckUtils]: 5: Hoare triple {1517#true} havoc ~s~0.base, ~s~0.offset;havoc ~tmp~2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(248bv32);~s~0.base, ~s~0.offset := #t~malloc3.base, #t~malloc3.offset;call #t~malloc4.base, #t~malloc4.offset := #Ultimate.alloc(899bv32);call write~$Pointer$(#t~malloc4.base, #t~malloc4.offset, ~s~0.base, ~bvadd32(84bv32, ~s~0.offset), 4bv32);call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(232bv32);call write~$Pointer$(#t~malloc5.base, #t~malloc5.offset, ~s~0.base, ~bvadd32(204bv32, ~s~0.offset), 4bv32);call #t~malloc6.base, #t~malloc6.offset := #Ultimate.alloc(200bv32);call write~$Pointer$(#t~malloc6.base, #t~malloc6.offset, ~s~0.base, ~bvadd32(176bv32, ~s~0.offset), 4bv32); {1537#(= main_~s~0.offset (_ bv0 32))} is VALID [2018-11-18 21:39:40,676 INFO L256 TraceCheckUtils]: 6: Hoare triple {1537#(= main_~s~0.offset (_ bv0 32))} call #t~ret7 := ssl3_accept(~s~0.base, ~s~0.offset); {1541#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} is VALID [2018-11-18 21:39:40,678 INFO L273 TraceCheckUtils]: 7: Hoare triple {1541#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} ~s.base, ~s.offset := #in~s.base, #in~s.offset;havoc ~buf~0.base, ~buf~0.offset;havoc ~l~0;havoc ~Time~0;havoc ~tmp~3;havoc ~cb~0.base, ~cb~0.offset;havoc ~num1~0;havoc ~ret~0;havoc ~new_state~0;havoc ~state~0;havoc ~skip~0;havoc ~got_new_session~0;~tmp___1~0 := #t~nondet8;havoc #t~nondet8;~tmp___2~0 := #t~nondet9;havoc #t~nondet9;~tmp___3~0 := #t~nondet10;havoc #t~nondet10;~tmp___4~0 := #t~nondet11;havoc #t~nondet11;~tmp___5~0 := #t~nondet12;havoc #t~nondet12;~tmp___6~0 := #t~nondet13;havoc #t~nondet13;havoc ~tmp___7~0;~tmp___8~0 := #t~nondet14;havoc #t~nondet14;~tmp___9~0 := #t~nondet15;havoc #t~nondet15;~tmp___10~0 := #t~nondet16;havoc #t~nondet16;havoc ~blastFlag~0;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~blastFlag~0 := 0bv32;call write~intINTTYPE4(#t~nondet17, ~s.base, ~bvadd32(92bv32, ~s.offset), 4bv32);havoc #t~nondet17;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~tmp~3 := #t~nondet18;havoc #t~nondet18;~Time~0 := ~tmp~3;~cb~0.base, ~cb~0.offset := 0bv32, 0bv32;~ret~0 := 4294967295bv32;~skip~0 := 0bv32;~got_new_session~0 := 0bv32;call #t~mem19.base, #t~mem19.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,679 INFO L273 TraceCheckUtils]: 8: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume 0bv32 != ~bvadd32(#t~mem19.base, #t~mem19.offset);havoc #t~mem19.base, #t~mem19.offset;call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32);~cb~0.base, ~cb~0.offset := #t~mem20.base, #t~mem20.offset;havoc #t~mem20.base, #t~mem20.offset; {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,681 INFO L273 TraceCheckUtils]: 9: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem21 := read~intINTTYPE4(~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem21), ~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);havoc #t~mem21; {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,682 INFO L273 TraceCheckUtils]: 10: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 != ~bvand32(12288bv32, ~tmp___1~0)); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,683 INFO L273 TraceCheckUtils]: 11: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~s.base, ~bvadd32(136bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,684 INFO L273 TraceCheckUtils]: 12: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 == ~bvadd32(#t~mem22.base, #t~mem22.offset));havoc #t~mem22.base, #t~mem22.offset; {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,685 INFO L273 TraceCheckUtils]: 13: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume true; {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,688 INFO L273 TraceCheckUtils]: 14: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !false; {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,689 INFO L273 TraceCheckUtils]: 15: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,690 INFO L273 TraceCheckUtils]: 16: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,691 INFO L273 TraceCheckUtils]: 17: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,697 INFO L273 TraceCheckUtils]: 18: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,699 INFO L273 TraceCheckUtils]: 19: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,699 INFO L273 TraceCheckUtils]: 20: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,700 INFO L273 TraceCheckUtils]: 21: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,701 INFO L273 TraceCheckUtils]: 22: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,701 INFO L273 TraceCheckUtils]: 23: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8482bv32 == #t~mem31);havoc #t~mem31;call #t~mem32 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,702 INFO L273 TraceCheckUtils]: 24: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8464bv32 == #t~mem32);havoc #t~mem32;call #t~mem33 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,703 INFO L273 TraceCheckUtils]: 25: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8465bv32 == #t~mem33);havoc #t~mem33;call #t~mem34 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,704 INFO L273 TraceCheckUtils]: 26: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8466bv32 == #t~mem34);havoc #t~mem34;call #t~mem35 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,711 INFO L273 TraceCheckUtils]: 27: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8496bv32 == #t~mem35);havoc #t~mem35;call #t~mem36 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,719 INFO L273 TraceCheckUtils]: 28: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8497bv32 == #t~mem36);havoc #t~mem36;call #t~mem37 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,720 INFO L273 TraceCheckUtils]: 29: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8512bv32 == #t~mem37);havoc #t~mem37;call #t~mem38 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,722 INFO L273 TraceCheckUtils]: 30: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8513bv32 == #t~mem38);havoc #t~mem38;call #t~mem39 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,723 INFO L273 TraceCheckUtils]: 31: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8528bv32 == #t~mem39);havoc #t~mem39;call #t~mem40 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,723 INFO L273 TraceCheckUtils]: 32: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8529bv32 == #t~mem40);havoc #t~mem40;call #t~mem41 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,724 INFO L273 TraceCheckUtils]: 33: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8544bv32 == #t~mem41);havoc #t~mem41;call #t~mem42 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,725 INFO L273 TraceCheckUtils]: 34: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8545bv32 == #t~mem42);havoc #t~mem42;call #t~mem43 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,726 INFO L273 TraceCheckUtils]: 35: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8560bv32 == #t~mem43);havoc #t~mem43;call #t~mem44 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,727 INFO L273 TraceCheckUtils]: 36: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8561bv32 == #t~mem44);havoc #t~mem44;call #t~mem45 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,728 INFO L273 TraceCheckUtils]: 37: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8448bv32 == #t~mem45);havoc #t~mem45;call #t~mem46 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,737 INFO L273 TraceCheckUtils]: 38: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8576bv32 == #t~mem46);havoc #t~mem46;call #t~mem47 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,742 INFO L273 TraceCheckUtils]: 39: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8577bv32 == #t~mem47);havoc #t~mem47;call #t~mem48 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,742 INFO L273 TraceCheckUtils]: 40: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8592bv32 == #t~mem48);havoc #t~mem48;call #t~mem49 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,746 INFO L273 TraceCheckUtils]: 41: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8593bv32 == #t~mem49);havoc #t~mem49;call #t~mem50 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,747 INFO L273 TraceCheckUtils]: 42: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8608bv32 == #t~mem50);havoc #t~mem50;call #t~mem51 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,747 INFO L273 TraceCheckUtils]: 43: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8609bv32 == #t~mem51);havoc #t~mem51;call #t~mem52 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:39:40,748 INFO L273 TraceCheckUtils]: 44: Hoare triple {1545#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8640bv32 == #t~mem52);havoc #t~mem52;call #t~mem53 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {1657#(= (_ bv8464 32) |ssl3_accept_#t~mem53|)} is VALID [2018-11-18 21:39:40,749 INFO L273 TraceCheckUtils]: 45: Hoare triple {1657#(= (_ bv8464 32) |ssl3_accept_#t~mem53|)} assume 8641bv32 == #t~mem53;havoc #t~mem53; {1518#false} is VALID [2018-11-18 21:39:40,749 INFO L273 TraceCheckUtils]: 46: Hoare triple {1518#false} ~ret~0 := #t~nondet115;havoc #t~nondet115; {1518#false} is VALID [2018-11-18 21:39:40,749 INFO L273 TraceCheckUtils]: 47: Hoare triple {1518#false} assume !(9bv32 == ~blastFlag~0); {1518#false} is VALID [2018-11-18 21:39:40,749 INFO L273 TraceCheckUtils]: 48: Hoare triple {1518#false} assume !false; {1518#false} is VALID [2018-11-18 21:39:40,755 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-18 21:39:40,755 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-18 21:39:40,757 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-18 21:39:40,757 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-18 21:39:40,759 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 49 [2018-11-18 21:39:40,760 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-18 21:39:40,760 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-18 21:39:40,943 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 49 edges. 49 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:39:40,943 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-18 21:39:40,944 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-18 21:39:40,944 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2018-11-18 21:39:40,944 INFO L87 Difference]: Start difference. First operand 176 states and 278 transitions. Second operand 6 states. [2018-11-18 21:39:56,743 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:39:56,743 INFO L93 Difference]: Finished difference Result 371 states and 570 transitions. [2018-11-18 21:39:56,743 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2018-11-18 21:39:56,743 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 49 [2018-11-18 21:39:56,744 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-18 21:39:56,744 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:39:56,751 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 570 transitions. [2018-11-18 21:39:56,751 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:39:56,757 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 570 transitions. [2018-11-18 21:39:56,757 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 570 transitions. [2018-11-18 21:39:57,838 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 570 edges. 570 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:39:57,849 INFO L225 Difference]: With dead ends: 371 [2018-11-18 21:39:57,849 INFO L226 Difference]: Without dead ends: 241 [2018-11-18 21:39:57,850 INFO L604 BasicCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 44 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2018-11-18 21:39:57,851 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 241 states. [2018-11-18 21:39:57,967 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 241 to 177. [2018-11-18 21:39:57,968 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-18 21:39:57,968 INFO L82 GeneralOperation]: Start isEquivalent. First operand 241 states. Second operand 177 states. [2018-11-18 21:39:57,968 INFO L74 IsIncluded]: Start isIncluded. First operand 241 states. Second operand 177 states. [2018-11-18 21:39:57,969 INFO L87 Difference]: Start difference. First operand 241 states. Second operand 177 states. [2018-11-18 21:39:57,979 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:39:57,979 INFO L93 Difference]: Finished difference Result 241 states and 368 transitions. [2018-11-18 21:39:57,979 INFO L276 IsEmpty]: Start isEmpty. Operand 241 states and 368 transitions. [2018-11-18 21:39:57,980 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:39:57,980 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:39:57,980 INFO L74 IsIncluded]: Start isIncluded. First operand 177 states. Second operand 241 states. [2018-11-18 21:39:57,981 INFO L87 Difference]: Start difference. First operand 177 states. Second operand 241 states. [2018-11-18 21:39:57,990 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:39:57,991 INFO L93 Difference]: Finished difference Result 241 states and 368 transitions. [2018-11-18 21:39:57,991 INFO L276 IsEmpty]: Start isEmpty. Operand 241 states and 368 transitions. [2018-11-18 21:39:57,992 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:39:57,992 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:39:57,992 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-18 21:39:57,992 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-18 21:39:57,992 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 177 states. [2018-11-18 21:39:57,999 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 177 states to 177 states and 279 transitions. [2018-11-18 21:39:57,999 INFO L78 Accepts]: Start accepts. Automaton has 177 states and 279 transitions. Word has length 49 [2018-11-18 21:39:57,999 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-18 21:39:58,000 INFO L480 AbstractCegarLoop]: Abstraction has 177 states and 279 transitions. [2018-11-18 21:39:58,000 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-18 21:39:58,000 INFO L276 IsEmpty]: Start isEmpty. Operand 177 states and 279 transitions. [2018-11-18 21:39:58,001 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2018-11-18 21:39:58,001 INFO L367 BasicCegarLoop]: Found error trace [2018-11-18 21:39:58,002 INFO L375 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-18 21:39:58,002 INFO L423 AbstractCegarLoop]: === Iteration 3 === [ssl3_acceptErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-18 21:39:58,002 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-18 21:39:58,002 INFO L82 PathProgramCache]: Analyzing trace with hash -310476271, now seen corresponding path program 1 times [2018-11-18 21:39:58,003 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-18 21:39:58,003 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-18 21:39:58,034 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-18 21:39:58,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:39:58,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:39:58,340 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-18 21:39:58,401 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 20 [2018-11-18 21:39:58,407 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 23 [2018-11-18 21:39:58,414 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:58,418 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 33 [2018-11-18 21:39:58,427 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:58,433 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 27 [2018-11-18 21:39:58,436 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-18 21:39:58,448 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:58,463 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:58,471 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:58,486 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:58,486 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:27, output treesize:13 [2018-11-18 21:39:58,502 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:39:58,552 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:58,553 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 38 [2018-11-18 21:39:58,564 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:58,575 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:39:58,577 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 35 [2018-11-18 21:39:58,582 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:39:58,589 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:58,597 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:39:58,598 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:34, output treesize:13 [2018-11-18 21:40:00,619 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:40:00,652 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-18 21:40:00,657 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-18 21:40:00,659 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:40:00,661 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:00,663 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:00,664 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-18 21:40:00,667 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:40:00,711 INFO L256 TraceCheckUtils]: 0: Hoare triple {2804#true} call ULTIMATE.init(); {2804#true} is VALID [2018-11-18 21:40:00,711 INFO L273 TraceCheckUtils]: 1: Hoare triple {2804#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];~init~0 := 1bv32;call ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset := #Ultimate.alloc(100bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32); {2804#true} is VALID [2018-11-18 21:40:00,712 INFO L273 TraceCheckUtils]: 2: Hoare triple {2804#true} assume true; {2804#true} is VALID [2018-11-18 21:40:00,712 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2804#true} {2804#true} #692#return; {2804#true} is VALID [2018-11-18 21:40:00,712 INFO L256 TraceCheckUtils]: 4: Hoare triple {2804#true} call #t~ret138 := main(); {2804#true} is VALID [2018-11-18 21:40:00,714 INFO L273 TraceCheckUtils]: 5: Hoare triple {2804#true} havoc ~s~0.base, ~s~0.offset;havoc ~tmp~2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(248bv32);~s~0.base, ~s~0.offset := #t~malloc3.base, #t~malloc3.offset;call #t~malloc4.base, #t~malloc4.offset := #Ultimate.alloc(899bv32);call write~$Pointer$(#t~malloc4.base, #t~malloc4.offset, ~s~0.base, ~bvadd32(84bv32, ~s~0.offset), 4bv32);call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(232bv32);call write~$Pointer$(#t~malloc5.base, #t~malloc5.offset, ~s~0.base, ~bvadd32(204bv32, ~s~0.offset), 4bv32);call #t~malloc6.base, #t~malloc6.offset := #Ultimate.alloc(200bv32);call write~$Pointer$(#t~malloc6.base, #t~malloc6.offset, ~s~0.base, ~bvadd32(176bv32, ~s~0.offset), 4bv32); {2824#(= main_~s~0.offset (_ bv0 32))} is VALID [2018-11-18 21:40:00,714 INFO L256 TraceCheckUtils]: 6: Hoare triple {2824#(= main_~s~0.offset (_ bv0 32))} call #t~ret7 := ssl3_accept(~s~0.base, ~s~0.offset); {2828#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} is VALID [2018-11-18 21:40:00,718 INFO L273 TraceCheckUtils]: 7: Hoare triple {2828#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} ~s.base, ~s.offset := #in~s.base, #in~s.offset;havoc ~buf~0.base, ~buf~0.offset;havoc ~l~0;havoc ~Time~0;havoc ~tmp~3;havoc ~cb~0.base, ~cb~0.offset;havoc ~num1~0;havoc ~ret~0;havoc ~new_state~0;havoc ~state~0;havoc ~skip~0;havoc ~got_new_session~0;~tmp___1~0 := #t~nondet8;havoc #t~nondet8;~tmp___2~0 := #t~nondet9;havoc #t~nondet9;~tmp___3~0 := #t~nondet10;havoc #t~nondet10;~tmp___4~0 := #t~nondet11;havoc #t~nondet11;~tmp___5~0 := #t~nondet12;havoc #t~nondet12;~tmp___6~0 := #t~nondet13;havoc #t~nondet13;havoc ~tmp___7~0;~tmp___8~0 := #t~nondet14;havoc #t~nondet14;~tmp___9~0 := #t~nondet15;havoc #t~nondet15;~tmp___10~0 := #t~nondet16;havoc #t~nondet16;havoc ~blastFlag~0;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~blastFlag~0 := 0bv32;call write~intINTTYPE4(#t~nondet17, ~s.base, ~bvadd32(92bv32, ~s.offset), 4bv32);havoc #t~nondet17;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~tmp~3 := #t~nondet18;havoc #t~nondet18;~Time~0 := ~tmp~3;~cb~0.base, ~cb~0.offset := 0bv32, 0bv32;~ret~0 := 4294967295bv32;~skip~0 := 0bv32;~got_new_session~0 := 0bv32;call #t~mem19.base, #t~mem19.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32); {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,719 INFO L273 TraceCheckUtils]: 8: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume 0bv32 != ~bvadd32(#t~mem19.base, #t~mem19.offset);havoc #t~mem19.base, #t~mem19.offset;call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32);~cb~0.base, ~cb~0.offset := #t~mem20.base, #t~mem20.offset;havoc #t~mem20.base, #t~mem20.offset; {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,725 INFO L273 TraceCheckUtils]: 9: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem21 := read~intINTTYPE4(~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem21), ~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);havoc #t~mem21; {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,726 INFO L273 TraceCheckUtils]: 10: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 != ~bvand32(12288bv32, ~tmp___1~0)); {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,726 INFO L273 TraceCheckUtils]: 11: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~s.base, ~bvadd32(136bv32, ~s.offset), 4bv32); {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,729 INFO L273 TraceCheckUtils]: 12: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 == ~bvadd32(#t~mem22.base, #t~mem22.offset));havoc #t~mem22.base, #t~mem22.offset; {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,729 INFO L273 TraceCheckUtils]: 13: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume true; {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,730 INFO L273 TraceCheckUtils]: 14: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !false; {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,732 INFO L273 TraceCheckUtils]: 15: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,733 INFO L273 TraceCheckUtils]: 16: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,734 INFO L273 TraceCheckUtils]: 17: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,735 INFO L273 TraceCheckUtils]: 18: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,736 INFO L273 TraceCheckUtils]: 19: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:00,737 INFO L273 TraceCheckUtils]: 20: Hoare triple {2832#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2872#(= (bvadd |ssl3_accept_#t~mem29| (_ bv4294958832 32)) (_ bv0 32))} is VALID [2018-11-18 21:40:00,737 INFO L273 TraceCheckUtils]: 21: Hoare triple {2872#(= (bvadd |ssl3_accept_#t~mem29| (_ bv4294958832 32)) (_ bv0 32))} assume 8480bv32 == #t~mem29;havoc #t~mem29; {2805#false} is VALID [2018-11-18 21:40:00,738 INFO L273 TraceCheckUtils]: 22: Hoare triple {2805#false} call write~intINTTYPE4(0bv32, ~s.base, ~bvadd32(48bv32, ~s.offset), 4bv32);~ret~0 := #t~nondet67;havoc #t~nondet67; {2805#false} is VALID [2018-11-18 21:40:00,738 INFO L273 TraceCheckUtils]: 23: Hoare triple {2805#false} assume !~bvsle32(~ret~0, 0bv32);call #t~mem68.base, #t~mem68.offset := read~$Pointer$(~s.base, ~bvadd32(84bv32, ~s.offset), 4bv32);call write~intINTTYPE4(8482bv32, #t~mem68.base, ~bvadd32(844bv32, #t~mem68.offset), 4bv32);havoc #t~mem68.base, #t~mem68.offset;call write~intINTTYPE4(8448bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);call write~intINTTYPE4(0bv32, ~s.base, ~bvadd32(64bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,739 INFO L273 TraceCheckUtils]: 24: Hoare triple {2805#false} call #t~mem127.base, #t~mem127.offset := read~$Pointer$(~s.base, ~bvadd32(84bv32, ~s.offset), 4bv32);call #t~mem128 := read~intINTTYPE4(#t~mem127.base, ~bvadd32(848bv32, #t~mem127.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,739 INFO L273 TraceCheckUtils]: 25: Hoare triple {2805#false} assume !(0bv32 == #t~mem128);havoc #t~mem127.base, #t~mem127.offset;havoc #t~mem128; {2805#false} is VALID [2018-11-18 21:40:00,739 INFO L273 TraceCheckUtils]: 26: Hoare triple {2805#false} ~skip~0 := 0bv32; {2805#false} is VALID [2018-11-18 21:40:00,740 INFO L273 TraceCheckUtils]: 27: Hoare triple {2805#false} assume true; {2805#false} is VALID [2018-11-18 21:40:00,740 INFO L273 TraceCheckUtils]: 28: Hoare triple {2805#false} assume !false; {2805#false} is VALID [2018-11-18 21:40:00,741 INFO L273 TraceCheckUtils]: 29: Hoare triple {2805#false} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,741 INFO L273 TraceCheckUtils]: 30: Hoare triple {2805#false} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,741 INFO L273 TraceCheckUtils]: 31: Hoare triple {2805#false} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,741 INFO L273 TraceCheckUtils]: 32: Hoare triple {2805#false} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,742 INFO L273 TraceCheckUtils]: 33: Hoare triple {2805#false} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,742 INFO L273 TraceCheckUtils]: 34: Hoare triple {2805#false} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,742 INFO L273 TraceCheckUtils]: 35: Hoare triple {2805#false} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,742 INFO L273 TraceCheckUtils]: 36: Hoare triple {2805#false} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,743 INFO L273 TraceCheckUtils]: 37: Hoare triple {2805#false} assume !(8482bv32 == #t~mem31);havoc #t~mem31;call #t~mem32 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,743 INFO L273 TraceCheckUtils]: 38: Hoare triple {2805#false} assume !(8464bv32 == #t~mem32);havoc #t~mem32;call #t~mem33 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,743 INFO L273 TraceCheckUtils]: 39: Hoare triple {2805#false} assume !(8465bv32 == #t~mem33);havoc #t~mem33;call #t~mem34 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,743 INFO L273 TraceCheckUtils]: 40: Hoare triple {2805#false} assume !(8466bv32 == #t~mem34);havoc #t~mem34;call #t~mem35 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,744 INFO L273 TraceCheckUtils]: 41: Hoare triple {2805#false} assume !(8496bv32 == #t~mem35);havoc #t~mem35;call #t~mem36 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,744 INFO L273 TraceCheckUtils]: 42: Hoare triple {2805#false} assume !(8497bv32 == #t~mem36);havoc #t~mem36;call #t~mem37 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,744 INFO L273 TraceCheckUtils]: 43: Hoare triple {2805#false} assume !(8512bv32 == #t~mem37);havoc #t~mem37;call #t~mem38 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,744 INFO L273 TraceCheckUtils]: 44: Hoare triple {2805#false} assume !(8513bv32 == #t~mem38);havoc #t~mem38;call #t~mem39 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,744 INFO L273 TraceCheckUtils]: 45: Hoare triple {2805#false} assume !(8528bv32 == #t~mem39);havoc #t~mem39;call #t~mem40 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,745 INFO L273 TraceCheckUtils]: 46: Hoare triple {2805#false} assume !(8529bv32 == #t~mem40);havoc #t~mem40;call #t~mem41 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,745 INFO L273 TraceCheckUtils]: 47: Hoare triple {2805#false} assume !(8544bv32 == #t~mem41);havoc #t~mem41;call #t~mem42 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,745 INFO L273 TraceCheckUtils]: 48: Hoare triple {2805#false} assume !(8545bv32 == #t~mem42);havoc #t~mem42;call #t~mem43 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,745 INFO L273 TraceCheckUtils]: 49: Hoare triple {2805#false} assume !(8560bv32 == #t~mem43);havoc #t~mem43;call #t~mem44 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,746 INFO L273 TraceCheckUtils]: 50: Hoare triple {2805#false} assume !(8561bv32 == #t~mem44);havoc #t~mem44;call #t~mem45 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,746 INFO L273 TraceCheckUtils]: 51: Hoare triple {2805#false} assume !(8448bv32 == #t~mem45);havoc #t~mem45;call #t~mem46 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,746 INFO L273 TraceCheckUtils]: 52: Hoare triple {2805#false} assume !(8576bv32 == #t~mem46);havoc #t~mem46;call #t~mem47 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,747 INFO L273 TraceCheckUtils]: 53: Hoare triple {2805#false} assume !(8577bv32 == #t~mem47);havoc #t~mem47;call #t~mem48 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,747 INFO L273 TraceCheckUtils]: 54: Hoare triple {2805#false} assume !(8592bv32 == #t~mem48);havoc #t~mem48;call #t~mem49 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,747 INFO L273 TraceCheckUtils]: 55: Hoare triple {2805#false} assume !(8593bv32 == #t~mem49);havoc #t~mem49;call #t~mem50 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,747 INFO L273 TraceCheckUtils]: 56: Hoare triple {2805#false} assume !(8608bv32 == #t~mem50);havoc #t~mem50;call #t~mem51 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,748 INFO L273 TraceCheckUtils]: 57: Hoare triple {2805#false} assume !(8609bv32 == #t~mem51);havoc #t~mem51;call #t~mem52 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {2805#false} is VALID [2018-11-18 21:40:00,748 INFO L273 TraceCheckUtils]: 58: Hoare triple {2805#false} assume 8640bv32 == #t~mem52;havoc #t~mem52; {2805#false} is VALID [2018-11-18 21:40:00,748 INFO L273 TraceCheckUtils]: 59: Hoare triple {2805#false} ~ret~0 := #t~nondet115;havoc #t~nondet115; {2805#false} is VALID [2018-11-18 21:40:00,749 INFO L273 TraceCheckUtils]: 60: Hoare triple {2805#false} assume !(9bv32 == ~blastFlag~0); {2805#false} is VALID [2018-11-18 21:40:00,749 INFO L273 TraceCheckUtils]: 61: Hoare triple {2805#false} assume !false; {2805#false} is VALID [2018-11-18 21:40:00,758 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 9 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-18 21:40:00,758 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-18 21:40:00,766 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-18 21:40:00,766 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-18 21:40:00,766 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 62 [2018-11-18 21:40:00,767 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-18 21:40:00,767 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-18 21:40:00,910 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 62 edges. 62 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:40:00,910 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-18 21:40:00,910 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-18 21:40:00,910 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2018-11-18 21:40:00,910 INFO L87 Difference]: Start difference. First operand 177 states and 279 transitions. Second operand 6 states. [2018-11-18 21:40:16,787 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:40:16,788 INFO L93 Difference]: Finished difference Result 371 states and 569 transitions. [2018-11-18 21:40:16,788 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2018-11-18 21:40:16,788 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 62 [2018-11-18 21:40:16,788 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-18 21:40:16,788 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:40:16,795 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 569 transitions. [2018-11-18 21:40:16,795 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:40:16,801 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 569 transitions. [2018-11-18 21:40:16,802 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 569 transitions. [2018-11-18 21:40:17,706 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 569 edges. 569 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:40:17,712 INFO L225 Difference]: With dead ends: 371 [2018-11-18 21:40:17,712 INFO L226 Difference]: Without dead ends: 241 [2018-11-18 21:40:17,713 INFO L604 BasicCegarLoop]: 0 DeclaredPredicates, 63 GetRequests, 57 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2018-11-18 21:40:17,714 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 241 states. [2018-11-18 21:40:17,847 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 241 to 177. [2018-11-18 21:40:17,847 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-18 21:40:17,847 INFO L82 GeneralOperation]: Start isEquivalent. First operand 241 states. Second operand 177 states. [2018-11-18 21:40:17,848 INFO L74 IsIncluded]: Start isIncluded. First operand 241 states. Second operand 177 states. [2018-11-18 21:40:17,848 INFO L87 Difference]: Start difference. First operand 241 states. Second operand 177 states. [2018-11-18 21:40:17,857 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:40:17,857 INFO L93 Difference]: Finished difference Result 241 states and 367 transitions. [2018-11-18 21:40:17,857 INFO L276 IsEmpty]: Start isEmpty. Operand 241 states and 367 transitions. [2018-11-18 21:40:17,858 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:40:17,858 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:40:17,858 INFO L74 IsIncluded]: Start isIncluded. First operand 177 states. Second operand 241 states. [2018-11-18 21:40:17,858 INFO L87 Difference]: Start difference. First operand 177 states. Second operand 241 states. [2018-11-18 21:40:17,868 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:40:17,868 INFO L93 Difference]: Finished difference Result 241 states and 367 transitions. [2018-11-18 21:40:17,868 INFO L276 IsEmpty]: Start isEmpty. Operand 241 states and 367 transitions. [2018-11-18 21:40:17,869 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:40:17,869 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:40:17,869 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-18 21:40:17,869 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-18 21:40:17,869 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 177 states. [2018-11-18 21:40:17,875 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 177 states to 177 states and 278 transitions. [2018-11-18 21:40:17,875 INFO L78 Accepts]: Start accepts. Automaton has 177 states and 278 transitions. Word has length 62 [2018-11-18 21:40:17,876 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-18 21:40:17,876 INFO L480 AbstractCegarLoop]: Abstraction has 177 states and 278 transitions. [2018-11-18 21:40:17,876 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-18 21:40:17,876 INFO L276 IsEmpty]: Start isEmpty. Operand 177 states and 278 transitions. [2018-11-18 21:40:17,877 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 64 [2018-11-18 21:40:17,877 INFO L367 BasicCegarLoop]: Found error trace [2018-11-18 21:40:17,877 INFO L375 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-18 21:40:17,877 INFO L423 AbstractCegarLoop]: === Iteration 4 === [ssl3_acceptErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-18 21:40:17,878 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-18 21:40:17,878 INFO L82 PathProgramCache]: Analyzing trace with hash 310343339, now seen corresponding path program 1 times [2018-11-18 21:40:17,878 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-18 21:40:17,879 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-18 21:40:17,899 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-18 21:40:18,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:40:18,118 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:40:18,121 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-18 21:40:18,298 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:40:18,300 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 109 treesize of output 74 [2018-11-18 21:40:18,313 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:40:18,315 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 61 treesize of output 30 [2018-11-18 21:40:18,349 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:40:18,360 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-18 21:40:18,367 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-18 21:40:18,372 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-18 21:40:18,375 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:18,380 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:18,391 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:18,391 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 3 variables, input treesize:109, output treesize:9 [2018-11-18 21:40:20,831 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:40:20,927 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 15 [2018-11-18 21:40:20,932 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 3 [2018-11-18 21:40:20,933 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:40:20,935 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:20,937 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:20,938 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:19, output treesize:3 [2018-11-18 21:40:20,947 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:40:20,958 INFO L256 TraceCheckUtils]: 0: Hoare triple {4130#true} call ULTIMATE.init(); {4130#true} is VALID [2018-11-18 21:40:20,958 INFO L273 TraceCheckUtils]: 1: Hoare triple {4130#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];~init~0 := 1bv32;call ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset := #Ultimate.alloc(100bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32); {4130#true} is VALID [2018-11-18 21:40:20,959 INFO L273 TraceCheckUtils]: 2: Hoare triple {4130#true} assume true; {4130#true} is VALID [2018-11-18 21:40:20,959 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {4130#true} {4130#true} #692#return; {4130#true} is VALID [2018-11-18 21:40:20,959 INFO L256 TraceCheckUtils]: 4: Hoare triple {4130#true} call #t~ret138 := main(); {4130#true} is VALID [2018-11-18 21:40:20,959 INFO L273 TraceCheckUtils]: 5: Hoare triple {4130#true} havoc ~s~0.base, ~s~0.offset;havoc ~tmp~2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(248bv32);~s~0.base, ~s~0.offset := #t~malloc3.base, #t~malloc3.offset;call #t~malloc4.base, #t~malloc4.offset := #Ultimate.alloc(899bv32);call write~$Pointer$(#t~malloc4.base, #t~malloc4.offset, ~s~0.base, ~bvadd32(84bv32, ~s~0.offset), 4bv32);call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(232bv32);call write~$Pointer$(#t~malloc5.base, #t~malloc5.offset, ~s~0.base, ~bvadd32(204bv32, ~s~0.offset), 4bv32);call #t~malloc6.base, #t~malloc6.offset := #Ultimate.alloc(200bv32);call write~$Pointer$(#t~malloc6.base, #t~malloc6.offset, ~s~0.base, ~bvadd32(176bv32, ~s~0.offset), 4bv32); {4130#true} is VALID [2018-11-18 21:40:20,959 INFO L256 TraceCheckUtils]: 6: Hoare triple {4130#true} call #t~ret7 := ssl3_accept(~s~0.base, ~s~0.offset); {4130#true} is VALID [2018-11-18 21:40:20,960 INFO L273 TraceCheckUtils]: 7: Hoare triple {4130#true} ~s.base, ~s.offset := #in~s.base, #in~s.offset;havoc ~buf~0.base, ~buf~0.offset;havoc ~l~0;havoc ~Time~0;havoc ~tmp~3;havoc ~cb~0.base, ~cb~0.offset;havoc ~num1~0;havoc ~ret~0;havoc ~new_state~0;havoc ~state~0;havoc ~skip~0;havoc ~got_new_session~0;~tmp___1~0 := #t~nondet8;havoc #t~nondet8;~tmp___2~0 := #t~nondet9;havoc #t~nondet9;~tmp___3~0 := #t~nondet10;havoc #t~nondet10;~tmp___4~0 := #t~nondet11;havoc #t~nondet11;~tmp___5~0 := #t~nondet12;havoc #t~nondet12;~tmp___6~0 := #t~nondet13;havoc #t~nondet13;havoc ~tmp___7~0;~tmp___8~0 := #t~nondet14;havoc #t~nondet14;~tmp___9~0 := #t~nondet15;havoc #t~nondet15;~tmp___10~0 := #t~nondet16;havoc #t~nondet16;havoc ~blastFlag~0;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~blastFlag~0 := 0bv32;call write~intINTTYPE4(#t~nondet17, ~s.base, ~bvadd32(92bv32, ~s.offset), 4bv32);havoc #t~nondet17;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~tmp~3 := #t~nondet18;havoc #t~nondet18;~Time~0 := ~tmp~3;~cb~0.base, ~cb~0.offset := 0bv32, 0bv32;~ret~0 := 4294967295bv32;~skip~0 := 0bv32;~got_new_session~0 := 0bv32;call #t~mem19.base, #t~mem19.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32); {4130#true} is VALID [2018-11-18 21:40:20,960 INFO L273 TraceCheckUtils]: 8: Hoare triple {4130#true} assume 0bv32 != ~bvadd32(#t~mem19.base, #t~mem19.offset);havoc #t~mem19.base, #t~mem19.offset;call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32);~cb~0.base, ~cb~0.offset := #t~mem20.base, #t~mem20.offset;havoc #t~mem20.base, #t~mem20.offset; {4130#true} is VALID [2018-11-18 21:40:20,960 INFO L273 TraceCheckUtils]: 9: Hoare triple {4130#true} call #t~mem21 := read~intINTTYPE4(~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem21), ~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);havoc #t~mem21; {4130#true} is VALID [2018-11-18 21:40:20,960 INFO L273 TraceCheckUtils]: 10: Hoare triple {4130#true} assume !(0bv32 != ~bvand32(12288bv32, ~tmp___1~0)); {4130#true} is VALID [2018-11-18 21:40:20,960 INFO L273 TraceCheckUtils]: 11: Hoare triple {4130#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~s.base, ~bvadd32(136bv32, ~s.offset), 4bv32); {4130#true} is VALID [2018-11-18 21:40:20,960 INFO L273 TraceCheckUtils]: 12: Hoare triple {4130#true} assume !(0bv32 == ~bvadd32(#t~mem22.base, #t~mem22.offset));havoc #t~mem22.base, #t~mem22.offset; {4130#true} is VALID [2018-11-18 21:40:20,960 INFO L273 TraceCheckUtils]: 13: Hoare triple {4130#true} assume true; {4130#true} is VALID [2018-11-18 21:40:20,961 INFO L273 TraceCheckUtils]: 14: Hoare triple {4130#true} assume !false; {4130#true} is VALID [2018-11-18 21:40:20,961 INFO L273 TraceCheckUtils]: 15: Hoare triple {4130#true} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4130#true} is VALID [2018-11-18 21:40:20,961 INFO L273 TraceCheckUtils]: 16: Hoare triple {4130#true} assume 12292bv32 == #t~mem24;havoc #t~mem24; {4130#true} is VALID [2018-11-18 21:40:20,961 INFO L273 TraceCheckUtils]: 17: Hoare triple {4130#true} call write~intINTTYPE4(1bv32, ~s.base, ~bvadd32(40bv32, ~s.offset), 4bv32); {4130#true} is VALID [2018-11-18 21:40:20,962 INFO L273 TraceCheckUtils]: 18: Hoare triple {4130#true} call write~intINTTYPE4(1bv32, ~s.base, ~bvadd32(36bv32, ~s.offset), 4bv32); {4130#true} is VALID [2018-11-18 21:40:20,962 INFO L273 TraceCheckUtils]: 19: Hoare triple {4130#true} assume 0bv32 != ~bvadd32(~cb~0.base, ~cb~0.offset); {4130#true} is VALID [2018-11-18 21:40:20,962 INFO L273 TraceCheckUtils]: 20: Hoare triple {4130#true} call #t~mem59 := read~intINTTYPE4(~s.base, ~s.offset, 4bv32); {4130#true} is VALID [2018-11-18 21:40:20,962 INFO L273 TraceCheckUtils]: 21: Hoare triple {4130#true} assume !(3bv32 != ~bvashr32(#t~mem59, 8bv32));havoc #t~mem59;call write~intINTTYPE4(8192bv32, ~s.base, ~bvadd32(4bv32, ~s.offset), 4bv32);call #t~mem60.base, #t~mem60.offset := read~$Pointer$(~s.base, ~bvadd32(60bv32, ~s.offset), 4bv32); {4130#true} is VALID [2018-11-18 21:40:20,963 INFO L273 TraceCheckUtils]: 22: Hoare triple {4130#true} assume !(0bv32 == ~bvadd32(#t~mem60.base, #t~mem60.offset));havoc #t~mem60.base, #t~mem60.offset; {4130#true} is VALID [2018-11-18 21:40:20,963 INFO L273 TraceCheckUtils]: 23: Hoare triple {4130#true} assume !(0bv32 == ~tmp___4~0);call write~intINTTYPE4(0bv32, ~s.base, ~bvadd32(64bv32, ~s.offset), 4bv32);call #t~mem62 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4130#true} is VALID [2018-11-18 21:40:20,980 INFO L273 TraceCheckUtils]: 24: Hoare triple {4130#true} assume !(12292bv32 != #t~mem62);havoc #t~mem62;call #t~mem65.base, #t~mem65.offset := read~$Pointer$(~s.base, ~bvadd32(204bv32, ~s.offset), 4bv32);call #t~mem66 := read~intINTTYPE4(#t~mem65.base, ~bvadd32(76bv32, #t~mem65.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem66), #t~mem65.base, ~bvadd32(76bv32, #t~mem65.offset), 4bv32);havoc #t~mem65.base, #t~mem65.offset;havoc #t~mem66;call write~intINTTYPE4(8480bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:20,995 INFO L273 TraceCheckUtils]: 25: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} call #t~mem127.base, #t~mem127.offset := read~$Pointer$(~s.base, ~bvadd32(84bv32, ~s.offset), 4bv32);call #t~mem128 := read~intINTTYPE4(#t~mem127.base, ~bvadd32(848bv32, #t~mem127.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,004 INFO L273 TraceCheckUtils]: 26: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(0bv32 == #t~mem128);havoc #t~mem127.base, #t~mem127.offset;havoc #t~mem128; {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,017 INFO L273 TraceCheckUtils]: 27: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} ~skip~0 := 0bv32; {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,021 INFO L273 TraceCheckUtils]: 28: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume true; {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,023 INFO L273 TraceCheckUtils]: 29: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !false; {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,024 INFO L273 TraceCheckUtils]: 30: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,026 INFO L273 TraceCheckUtils]: 31: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,026 INFO L273 TraceCheckUtils]: 32: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,031 INFO L273 TraceCheckUtils]: 33: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,031 INFO L273 TraceCheckUtils]: 34: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,040 INFO L273 TraceCheckUtils]: 35: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,046 INFO L273 TraceCheckUtils]: 36: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,056 INFO L273 TraceCheckUtils]: 37: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,070 INFO L273 TraceCheckUtils]: 38: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8482bv32 == #t~mem31);havoc #t~mem31;call #t~mem32 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,079 INFO L273 TraceCheckUtils]: 39: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8464bv32 == #t~mem32);havoc #t~mem32;call #t~mem33 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,093 INFO L273 TraceCheckUtils]: 40: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8465bv32 == #t~mem33);havoc #t~mem33;call #t~mem34 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,102 INFO L273 TraceCheckUtils]: 41: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8466bv32 == #t~mem34);havoc #t~mem34;call #t~mem35 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,117 INFO L273 TraceCheckUtils]: 42: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8496bv32 == #t~mem35);havoc #t~mem35;call #t~mem36 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,126 INFO L273 TraceCheckUtils]: 43: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8497bv32 == #t~mem36);havoc #t~mem36;call #t~mem37 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,139 INFO L273 TraceCheckUtils]: 44: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8512bv32 == #t~mem37);havoc #t~mem37;call #t~mem38 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,148 INFO L273 TraceCheckUtils]: 45: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8513bv32 == #t~mem38);havoc #t~mem38;call #t~mem39 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,161 INFO L273 TraceCheckUtils]: 46: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8528bv32 == #t~mem39);havoc #t~mem39;call #t~mem40 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,173 INFO L273 TraceCheckUtils]: 47: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8529bv32 == #t~mem40);havoc #t~mem40;call #t~mem41 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,186 INFO L273 TraceCheckUtils]: 48: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8544bv32 == #t~mem41);havoc #t~mem41;call #t~mem42 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,199 INFO L273 TraceCheckUtils]: 49: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8545bv32 == #t~mem42);havoc #t~mem42;call #t~mem43 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,212 INFO L273 TraceCheckUtils]: 50: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8560bv32 == #t~mem43);havoc #t~mem43;call #t~mem44 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,227 INFO L273 TraceCheckUtils]: 51: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8561bv32 == #t~mem44);havoc #t~mem44;call #t~mem45 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,236 INFO L273 TraceCheckUtils]: 52: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8448bv32 == #t~mem45);havoc #t~mem45;call #t~mem46 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,248 INFO L273 TraceCheckUtils]: 53: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8576bv32 == #t~mem46);havoc #t~mem46;call #t~mem47 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,261 INFO L273 TraceCheckUtils]: 54: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8577bv32 == #t~mem47);havoc #t~mem47;call #t~mem48 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,274 INFO L273 TraceCheckUtils]: 55: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8592bv32 == #t~mem48);havoc #t~mem48;call #t~mem49 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,286 INFO L273 TraceCheckUtils]: 56: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8593bv32 == #t~mem49);havoc #t~mem49;call #t~mem50 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,299 INFO L273 TraceCheckUtils]: 57: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8608bv32 == #t~mem50);havoc #t~mem50;call #t~mem51 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:21,312 INFO L273 TraceCheckUtils]: 58: Hoare triple {4207#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8609bv32 == #t~mem51);havoc #t~mem51;call #t~mem52 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {4310#(= (bvadd |ssl3_accept_#t~mem52| (_ bv4294958816 32)) (_ bv0 32))} is VALID [2018-11-18 21:40:21,325 INFO L273 TraceCheckUtils]: 59: Hoare triple {4310#(= (bvadd |ssl3_accept_#t~mem52| (_ bv4294958816 32)) (_ bv0 32))} assume 8640bv32 == #t~mem52;havoc #t~mem52; {4131#false} is VALID [2018-11-18 21:40:21,325 INFO L273 TraceCheckUtils]: 60: Hoare triple {4131#false} ~ret~0 := #t~nondet115;havoc #t~nondet115; {4131#false} is VALID [2018-11-18 21:40:21,325 INFO L273 TraceCheckUtils]: 61: Hoare triple {4131#false} assume !(9bv32 == ~blastFlag~0); {4131#false} is VALID [2018-11-18 21:40:21,326 INFO L273 TraceCheckUtils]: 62: Hoare triple {4131#false} assume !false; {4131#false} is VALID [2018-11-18 21:40:21,334 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-18 21:40:21,334 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-18 21:40:21,337 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-18 21:40:21,337 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2018-11-18 21:40:21,338 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 63 [2018-11-18 21:40:21,338 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-18 21:40:21,338 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2018-11-18 21:40:21,550 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 63 edges. 63 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:40:21,551 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2018-11-18 21:40:21,551 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2018-11-18 21:40:21,551 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2018-11-18 21:40:21,551 INFO L87 Difference]: Start difference. First operand 177 states and 278 transitions. Second operand 4 states. [2018-11-18 21:40:33,349 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:40:33,350 INFO L93 Difference]: Finished difference Result 418 states and 651 transitions. [2018-11-18 21:40:33,350 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2018-11-18 21:40:33,350 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 63 [2018-11-18 21:40:33,350 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-18 21:40:33,350 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-18 21:40:33,356 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 591 transitions. [2018-11-18 21:40:33,356 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-18 21:40:33,360 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 591 transitions. [2018-11-18 21:40:33,360 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 591 transitions. [2018-11-18 21:40:34,330 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 591 edges. 591 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:40:34,340 INFO L225 Difference]: With dead ends: 418 [2018-11-18 21:40:34,340 INFO L226 Difference]: Without dead ends: 288 [2018-11-18 21:40:34,341 INFO L604 BasicCegarLoop]: 0 DeclaredPredicates, 63 GetRequests, 60 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2018-11-18 21:40:34,342 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 288 states. [2018-11-18 21:40:34,821 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 288 to 217. [2018-11-18 21:40:34,821 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-18 21:40:34,821 INFO L82 GeneralOperation]: Start isEquivalent. First operand 288 states. Second operand 217 states. [2018-11-18 21:40:34,821 INFO L74 IsIncluded]: Start isIncluded. First operand 288 states. Second operand 217 states. [2018-11-18 21:40:34,821 INFO L87 Difference]: Start difference. First operand 288 states. Second operand 217 states. [2018-11-18 21:40:34,830 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:40:34,831 INFO L93 Difference]: Finished difference Result 288 states and 449 transitions. [2018-11-18 21:40:34,831 INFO L276 IsEmpty]: Start isEmpty. Operand 288 states and 449 transitions. [2018-11-18 21:40:34,832 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:40:34,832 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:40:34,832 INFO L74 IsIncluded]: Start isIncluded. First operand 217 states. Second operand 288 states. [2018-11-18 21:40:34,832 INFO L87 Difference]: Start difference. First operand 217 states. Second operand 288 states. [2018-11-18 21:40:34,840 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:40:34,841 INFO L93 Difference]: Finished difference Result 288 states and 449 transitions. [2018-11-18 21:40:34,841 INFO L276 IsEmpty]: Start isEmpty. Operand 288 states and 449 transitions. [2018-11-18 21:40:34,842 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:40:34,842 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:40:34,842 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-18 21:40:34,842 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-18 21:40:34,843 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 217 states. [2018-11-18 21:40:34,848 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 217 states to 217 states and 351 transitions. [2018-11-18 21:40:34,848 INFO L78 Accepts]: Start accepts. Automaton has 217 states and 351 transitions. Word has length 63 [2018-11-18 21:40:34,849 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-18 21:40:34,849 INFO L480 AbstractCegarLoop]: Abstraction has 217 states and 351 transitions. [2018-11-18 21:40:34,849 INFO L481 AbstractCegarLoop]: Interpolant automaton has 4 states. [2018-11-18 21:40:34,849 INFO L276 IsEmpty]: Start isEmpty. Operand 217 states and 351 transitions. [2018-11-18 21:40:34,850 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 64 [2018-11-18 21:40:34,850 INFO L367 BasicCegarLoop]: Found error trace [2018-11-18 21:40:34,850 INFO L375 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-18 21:40:34,851 INFO L423 AbstractCegarLoop]: === Iteration 5 === [ssl3_acceptErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-18 21:40:34,851 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-18 21:40:34,851 INFO L82 PathProgramCache]: Analyzing trace with hash 1931199808, now seen corresponding path program 1 times [2018-11-18 21:40:34,852 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-18 21:40:34,852 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-18 21:40:34,888 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-18 21:40:35,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:40:35,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:40:35,292 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-18 21:40:35,469 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 20 [2018-11-18 21:40:35,477 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 23 [2018-11-18 21:40:35,484 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:40:35,488 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 33 [2018-11-18 21:40:35,504 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:40:35,512 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 27 [2018-11-18 21:40:35,515 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-18 21:40:35,527 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:35,537 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:35,547 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:35,562 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:35,562 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:27, output treesize:13 [2018-11-18 21:40:35,579 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:40:35,622 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:40:35,624 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 38 [2018-11-18 21:40:35,649 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:40:35,655 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:40:35,662 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 35 [2018-11-18 21:40:35,689 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:40:35,696 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:35,704 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:35,705 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:34, output treesize:13 [2018-11-18 21:40:37,719 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:40:37,791 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-18 21:40:37,795 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-18 21:40:37,796 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:40:37,799 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:37,802 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:37,802 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-18 21:40:37,804 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:40:37,852 INFO L256 TraceCheckUtils]: 0: Hoare triple {5642#true} call ULTIMATE.init(); {5642#true} is VALID [2018-11-18 21:40:37,852 INFO L273 TraceCheckUtils]: 1: Hoare triple {5642#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];~init~0 := 1bv32;call ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset := #Ultimate.alloc(100bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32); {5642#true} is VALID [2018-11-18 21:40:37,852 INFO L273 TraceCheckUtils]: 2: Hoare triple {5642#true} assume true; {5642#true} is VALID [2018-11-18 21:40:37,852 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {5642#true} {5642#true} #692#return; {5642#true} is VALID [2018-11-18 21:40:37,852 INFO L256 TraceCheckUtils]: 4: Hoare triple {5642#true} call #t~ret138 := main(); {5642#true} is VALID [2018-11-18 21:40:37,853 INFO L273 TraceCheckUtils]: 5: Hoare triple {5642#true} havoc ~s~0.base, ~s~0.offset;havoc ~tmp~2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(248bv32);~s~0.base, ~s~0.offset := #t~malloc3.base, #t~malloc3.offset;call #t~malloc4.base, #t~malloc4.offset := #Ultimate.alloc(899bv32);call write~$Pointer$(#t~malloc4.base, #t~malloc4.offset, ~s~0.base, ~bvadd32(84bv32, ~s~0.offset), 4bv32);call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(232bv32);call write~$Pointer$(#t~malloc5.base, #t~malloc5.offset, ~s~0.base, ~bvadd32(204bv32, ~s~0.offset), 4bv32);call #t~malloc6.base, #t~malloc6.offset := #Ultimate.alloc(200bv32);call write~$Pointer$(#t~malloc6.base, #t~malloc6.offset, ~s~0.base, ~bvadd32(176bv32, ~s~0.offset), 4bv32); {5662#(= main_~s~0.offset (_ bv0 32))} is VALID [2018-11-18 21:40:37,855 INFO L256 TraceCheckUtils]: 6: Hoare triple {5662#(= main_~s~0.offset (_ bv0 32))} call #t~ret7 := ssl3_accept(~s~0.base, ~s~0.offset); {5666#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} is VALID [2018-11-18 21:40:37,858 INFO L273 TraceCheckUtils]: 7: Hoare triple {5666#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} ~s.base, ~s.offset := #in~s.base, #in~s.offset;havoc ~buf~0.base, ~buf~0.offset;havoc ~l~0;havoc ~Time~0;havoc ~tmp~3;havoc ~cb~0.base, ~cb~0.offset;havoc ~num1~0;havoc ~ret~0;havoc ~new_state~0;havoc ~state~0;havoc ~skip~0;havoc ~got_new_session~0;~tmp___1~0 := #t~nondet8;havoc #t~nondet8;~tmp___2~0 := #t~nondet9;havoc #t~nondet9;~tmp___3~0 := #t~nondet10;havoc #t~nondet10;~tmp___4~0 := #t~nondet11;havoc #t~nondet11;~tmp___5~0 := #t~nondet12;havoc #t~nondet12;~tmp___6~0 := #t~nondet13;havoc #t~nondet13;havoc ~tmp___7~0;~tmp___8~0 := #t~nondet14;havoc #t~nondet14;~tmp___9~0 := #t~nondet15;havoc #t~nondet15;~tmp___10~0 := #t~nondet16;havoc #t~nondet16;havoc ~blastFlag~0;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~blastFlag~0 := 0bv32;call write~intINTTYPE4(#t~nondet17, ~s.base, ~bvadd32(92bv32, ~s.offset), 4bv32);havoc #t~nondet17;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~tmp~3 := #t~nondet18;havoc #t~nondet18;~Time~0 := ~tmp~3;~cb~0.base, ~cb~0.offset := 0bv32, 0bv32;~ret~0 := 4294967295bv32;~skip~0 := 0bv32;~got_new_session~0 := 0bv32;call #t~mem19.base, #t~mem19.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32); {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,859 INFO L273 TraceCheckUtils]: 8: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume 0bv32 != ~bvadd32(#t~mem19.base, #t~mem19.offset);havoc #t~mem19.base, #t~mem19.offset;call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32);~cb~0.base, ~cb~0.offset := #t~mem20.base, #t~mem20.offset;havoc #t~mem20.base, #t~mem20.offset; {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,861 INFO L273 TraceCheckUtils]: 9: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem21 := read~intINTTYPE4(~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem21), ~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);havoc #t~mem21; {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,862 INFO L273 TraceCheckUtils]: 10: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 != ~bvand32(12288bv32, ~tmp___1~0)); {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,862 INFO L273 TraceCheckUtils]: 11: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~s.base, ~bvadd32(136bv32, ~s.offset), 4bv32); {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,863 INFO L273 TraceCheckUtils]: 12: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 == ~bvadd32(#t~mem22.base, #t~mem22.offset));havoc #t~mem22.base, #t~mem22.offset; {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,863 INFO L273 TraceCheckUtils]: 13: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume true; {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,864 INFO L273 TraceCheckUtils]: 14: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !false; {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,865 INFO L273 TraceCheckUtils]: 15: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,866 INFO L273 TraceCheckUtils]: 16: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,867 INFO L273 TraceCheckUtils]: 17: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,868 INFO L273 TraceCheckUtils]: 18: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,869 INFO L273 TraceCheckUtils]: 19: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,870 INFO L273 TraceCheckUtils]: 20: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:40:37,870 INFO L273 TraceCheckUtils]: 21: Hoare triple {5670#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5713#(= (_ bv8464 32) |ssl3_accept_#t~mem30|)} is VALID [2018-11-18 21:40:37,871 INFO L273 TraceCheckUtils]: 22: Hoare triple {5713#(= (_ bv8464 32) |ssl3_accept_#t~mem30|)} assume 8481bv32 == #t~mem30;havoc #t~mem30; {5643#false} is VALID [2018-11-18 21:40:37,872 INFO L273 TraceCheckUtils]: 23: Hoare triple {5643#false} call write~intINTTYPE4(0bv32, ~s.base, ~bvadd32(48bv32, ~s.offset), 4bv32);~ret~0 := #t~nondet67;havoc #t~nondet67; {5643#false} is VALID [2018-11-18 21:40:37,872 INFO L273 TraceCheckUtils]: 24: Hoare triple {5643#false} assume !~bvsle32(~ret~0, 0bv32);call #t~mem68.base, #t~mem68.offset := read~$Pointer$(~s.base, ~bvadd32(84bv32, ~s.offset), 4bv32);call write~intINTTYPE4(8482bv32, #t~mem68.base, ~bvadd32(844bv32, #t~mem68.offset), 4bv32);havoc #t~mem68.base, #t~mem68.offset;call write~intINTTYPE4(8448bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);call write~intINTTYPE4(0bv32, ~s.base, ~bvadd32(64bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,872 INFO L273 TraceCheckUtils]: 25: Hoare triple {5643#false} call #t~mem127.base, #t~mem127.offset := read~$Pointer$(~s.base, ~bvadd32(84bv32, ~s.offset), 4bv32);call #t~mem128 := read~intINTTYPE4(#t~mem127.base, ~bvadd32(848bv32, #t~mem127.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,872 INFO L273 TraceCheckUtils]: 26: Hoare triple {5643#false} assume !(0bv32 == #t~mem128);havoc #t~mem127.base, #t~mem127.offset;havoc #t~mem128; {5643#false} is VALID [2018-11-18 21:40:37,873 INFO L273 TraceCheckUtils]: 27: Hoare triple {5643#false} ~skip~0 := 0bv32; {5643#false} is VALID [2018-11-18 21:40:37,873 INFO L273 TraceCheckUtils]: 28: Hoare triple {5643#false} assume true; {5643#false} is VALID [2018-11-18 21:40:37,873 INFO L273 TraceCheckUtils]: 29: Hoare triple {5643#false} assume !false; {5643#false} is VALID [2018-11-18 21:40:37,873 INFO L273 TraceCheckUtils]: 30: Hoare triple {5643#false} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,874 INFO L273 TraceCheckUtils]: 31: Hoare triple {5643#false} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,874 INFO L273 TraceCheckUtils]: 32: Hoare triple {5643#false} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,874 INFO L273 TraceCheckUtils]: 33: Hoare triple {5643#false} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,875 INFO L273 TraceCheckUtils]: 34: Hoare triple {5643#false} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,875 INFO L273 TraceCheckUtils]: 35: Hoare triple {5643#false} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,875 INFO L273 TraceCheckUtils]: 36: Hoare triple {5643#false} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,876 INFO L273 TraceCheckUtils]: 37: Hoare triple {5643#false} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,876 INFO L273 TraceCheckUtils]: 38: Hoare triple {5643#false} assume !(8482bv32 == #t~mem31);havoc #t~mem31;call #t~mem32 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,877 INFO L273 TraceCheckUtils]: 39: Hoare triple {5643#false} assume !(8464bv32 == #t~mem32);havoc #t~mem32;call #t~mem33 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,877 INFO L273 TraceCheckUtils]: 40: Hoare triple {5643#false} assume !(8465bv32 == #t~mem33);havoc #t~mem33;call #t~mem34 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,877 INFO L273 TraceCheckUtils]: 41: Hoare triple {5643#false} assume !(8466bv32 == #t~mem34);havoc #t~mem34;call #t~mem35 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,877 INFO L273 TraceCheckUtils]: 42: Hoare triple {5643#false} assume !(8496bv32 == #t~mem35);havoc #t~mem35;call #t~mem36 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,877 INFO L273 TraceCheckUtils]: 43: Hoare triple {5643#false} assume !(8497bv32 == #t~mem36);havoc #t~mem36;call #t~mem37 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,878 INFO L273 TraceCheckUtils]: 44: Hoare triple {5643#false} assume !(8512bv32 == #t~mem37);havoc #t~mem37;call #t~mem38 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,878 INFO L273 TraceCheckUtils]: 45: Hoare triple {5643#false} assume !(8513bv32 == #t~mem38);havoc #t~mem38;call #t~mem39 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,878 INFO L273 TraceCheckUtils]: 46: Hoare triple {5643#false} assume !(8528bv32 == #t~mem39);havoc #t~mem39;call #t~mem40 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,878 INFO L273 TraceCheckUtils]: 47: Hoare triple {5643#false} assume !(8529bv32 == #t~mem40);havoc #t~mem40;call #t~mem41 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,879 INFO L273 TraceCheckUtils]: 48: Hoare triple {5643#false} assume !(8544bv32 == #t~mem41);havoc #t~mem41;call #t~mem42 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,879 INFO L273 TraceCheckUtils]: 49: Hoare triple {5643#false} assume !(8545bv32 == #t~mem42);havoc #t~mem42;call #t~mem43 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,879 INFO L273 TraceCheckUtils]: 50: Hoare triple {5643#false} assume !(8560bv32 == #t~mem43);havoc #t~mem43;call #t~mem44 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,879 INFO L273 TraceCheckUtils]: 51: Hoare triple {5643#false} assume !(8561bv32 == #t~mem44);havoc #t~mem44;call #t~mem45 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,879 INFO L273 TraceCheckUtils]: 52: Hoare triple {5643#false} assume !(8448bv32 == #t~mem45);havoc #t~mem45;call #t~mem46 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,879 INFO L273 TraceCheckUtils]: 53: Hoare triple {5643#false} assume !(8576bv32 == #t~mem46);havoc #t~mem46;call #t~mem47 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,879 INFO L273 TraceCheckUtils]: 54: Hoare triple {5643#false} assume !(8577bv32 == #t~mem47);havoc #t~mem47;call #t~mem48 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,880 INFO L273 TraceCheckUtils]: 55: Hoare triple {5643#false} assume !(8592bv32 == #t~mem48);havoc #t~mem48;call #t~mem49 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,880 INFO L273 TraceCheckUtils]: 56: Hoare triple {5643#false} assume !(8593bv32 == #t~mem49);havoc #t~mem49;call #t~mem50 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,880 INFO L273 TraceCheckUtils]: 57: Hoare triple {5643#false} assume !(8608bv32 == #t~mem50);havoc #t~mem50;call #t~mem51 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,880 INFO L273 TraceCheckUtils]: 58: Hoare triple {5643#false} assume !(8609bv32 == #t~mem51);havoc #t~mem51;call #t~mem52 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {5643#false} is VALID [2018-11-18 21:40:37,881 INFO L273 TraceCheckUtils]: 59: Hoare triple {5643#false} assume 8640bv32 == #t~mem52;havoc #t~mem52; {5643#false} is VALID [2018-11-18 21:40:37,881 INFO L273 TraceCheckUtils]: 60: Hoare triple {5643#false} ~ret~0 := #t~nondet115;havoc #t~nondet115; {5643#false} is VALID [2018-11-18 21:40:37,881 INFO L273 TraceCheckUtils]: 61: Hoare triple {5643#false} assume !(9bv32 == ~blastFlag~0); {5643#false} is VALID [2018-11-18 21:40:37,881 INFO L273 TraceCheckUtils]: 62: Hoare triple {5643#false} assume !false; {5643#false} is VALID [2018-11-18 21:40:37,886 INFO L134 CoverageAnalysis]: Checked inductivity of 10 backedges. 10 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-18 21:40:37,886 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-18 21:40:37,889 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-18 21:40:37,889 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-18 21:40:37,889 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 63 [2018-11-18 21:40:37,890 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-18 21:40:37,890 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-18 21:40:37,999 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 63 edges. 63 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:40:38,000 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-18 21:40:38,000 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-18 21:40:38,000 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2018-11-18 21:40:38,001 INFO L87 Difference]: Start difference. First operand 217 states and 351 transitions. Second operand 6 states. [2018-11-18 21:40:54,664 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:40:54,665 INFO L93 Difference]: Finished difference Result 449 states and 712 transitions. [2018-11-18 21:40:54,665 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2018-11-18 21:40:54,665 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 63 [2018-11-18 21:40:54,665 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-18 21:40:54,665 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:40:54,670 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 566 transitions. [2018-11-18 21:40:54,670 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:40:54,673 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 566 transitions. [2018-11-18 21:40:54,674 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 566 transitions. [2018-11-18 21:40:56,165 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 566 edges. 566 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:40:56,173 INFO L225 Difference]: With dead ends: 449 [2018-11-18 21:40:56,174 INFO L226 Difference]: Without dead ends: 279 [2018-11-18 21:40:56,175 INFO L604 BasicCegarLoop]: 0 DeclaredPredicates, 64 GetRequests, 58 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2018-11-18 21:40:56,175 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 279 states. [2018-11-18 21:40:56,465 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 279 to 217. [2018-11-18 21:40:56,465 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-18 21:40:56,465 INFO L82 GeneralOperation]: Start isEquivalent. First operand 279 states. Second operand 217 states. [2018-11-18 21:40:56,465 INFO L74 IsIncluded]: Start isIncluded. First operand 279 states. Second operand 217 states. [2018-11-18 21:40:56,465 INFO L87 Difference]: Start difference. First operand 279 states. Second operand 217 states. [2018-11-18 21:40:56,473 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:40:56,473 INFO L93 Difference]: Finished difference Result 279 states and 437 transitions. [2018-11-18 21:40:56,473 INFO L276 IsEmpty]: Start isEmpty. Operand 279 states and 437 transitions. [2018-11-18 21:40:56,474 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:40:56,474 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:40:56,474 INFO L74 IsIncluded]: Start isIncluded. First operand 217 states. Second operand 279 states. [2018-11-18 21:40:56,475 INFO L87 Difference]: Start difference. First operand 217 states. Second operand 279 states. [2018-11-18 21:40:56,482 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:40:56,483 INFO L93 Difference]: Finished difference Result 279 states and 437 transitions. [2018-11-18 21:40:56,483 INFO L276 IsEmpty]: Start isEmpty. Operand 279 states and 437 transitions. [2018-11-18 21:40:56,484 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:40:56,484 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:40:56,484 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-18 21:40:56,484 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-18 21:40:56,484 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 217 states. [2018-11-18 21:40:56,490 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 217 states to 217 states and 350 transitions. [2018-11-18 21:40:56,490 INFO L78 Accepts]: Start accepts. Automaton has 217 states and 350 transitions. Word has length 63 [2018-11-18 21:40:56,490 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-18 21:40:56,490 INFO L480 AbstractCegarLoop]: Abstraction has 217 states and 350 transitions. [2018-11-18 21:40:56,490 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-18 21:40:56,491 INFO L276 IsEmpty]: Start isEmpty. Operand 217 states and 350 transitions. [2018-11-18 21:40:56,492 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 64 [2018-11-18 21:40:56,492 INFO L367 BasicCegarLoop]: Found error trace [2018-11-18 21:40:56,492 INFO L375 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-18 21:40:56,492 INFO L423 AbstractCegarLoop]: === Iteration 6 === [ssl3_acceptErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-18 21:40:56,492 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-18 21:40:56,493 INFO L82 PathProgramCache]: Analyzing trace with hash 2071926495, now seen corresponding path program 1 times [2018-11-18 21:40:56,493 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-18 21:40:56,493 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-18 21:40:56,523 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-18 21:40:56,662 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:40:56,741 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:40:56,743 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-18 21:40:57,167 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-18 21:40:57,173 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-18 21:40:57,174 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:40:57,183 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:57,188 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:57,188 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:13, output treesize:9 [2018-11-18 21:40:57,385 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 15 [2018-11-18 21:40:57,446 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 3 [2018-11-18 21:40:57,471 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:40:57,508 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:57,532 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:40:57,533 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:19, output treesize:3 [2018-11-18 21:40:57,536 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:40:57,545 INFO L256 TraceCheckUtils]: 0: Hoare triple {7170#true} call ULTIMATE.init(); {7170#true} is VALID [2018-11-18 21:40:57,546 INFO L273 TraceCheckUtils]: 1: Hoare triple {7170#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];~init~0 := 1bv32;call ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset := #Ultimate.alloc(100bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,546 INFO L273 TraceCheckUtils]: 2: Hoare triple {7170#true} assume true; {7170#true} is VALID [2018-11-18 21:40:57,546 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {7170#true} {7170#true} #692#return; {7170#true} is VALID [2018-11-18 21:40:57,546 INFO L256 TraceCheckUtils]: 4: Hoare triple {7170#true} call #t~ret138 := main(); {7170#true} is VALID [2018-11-18 21:40:57,547 INFO L273 TraceCheckUtils]: 5: Hoare triple {7170#true} havoc ~s~0.base, ~s~0.offset;havoc ~tmp~2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(248bv32);~s~0.base, ~s~0.offset := #t~malloc3.base, #t~malloc3.offset;call #t~malloc4.base, #t~malloc4.offset := #Ultimate.alloc(899bv32);call write~$Pointer$(#t~malloc4.base, #t~malloc4.offset, ~s~0.base, ~bvadd32(84bv32, ~s~0.offset), 4bv32);call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(232bv32);call write~$Pointer$(#t~malloc5.base, #t~malloc5.offset, ~s~0.base, ~bvadd32(204bv32, ~s~0.offset), 4bv32);call #t~malloc6.base, #t~malloc6.offset := #Ultimate.alloc(200bv32);call write~$Pointer$(#t~malloc6.base, #t~malloc6.offset, ~s~0.base, ~bvadd32(176bv32, ~s~0.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,547 INFO L256 TraceCheckUtils]: 6: Hoare triple {7170#true} call #t~ret7 := ssl3_accept(~s~0.base, ~s~0.offset); {7170#true} is VALID [2018-11-18 21:40:57,547 INFO L273 TraceCheckUtils]: 7: Hoare triple {7170#true} ~s.base, ~s.offset := #in~s.base, #in~s.offset;havoc ~buf~0.base, ~buf~0.offset;havoc ~l~0;havoc ~Time~0;havoc ~tmp~3;havoc ~cb~0.base, ~cb~0.offset;havoc ~num1~0;havoc ~ret~0;havoc ~new_state~0;havoc ~state~0;havoc ~skip~0;havoc ~got_new_session~0;~tmp___1~0 := #t~nondet8;havoc #t~nondet8;~tmp___2~0 := #t~nondet9;havoc #t~nondet9;~tmp___3~0 := #t~nondet10;havoc #t~nondet10;~tmp___4~0 := #t~nondet11;havoc #t~nondet11;~tmp___5~0 := #t~nondet12;havoc #t~nondet12;~tmp___6~0 := #t~nondet13;havoc #t~nondet13;havoc ~tmp___7~0;~tmp___8~0 := #t~nondet14;havoc #t~nondet14;~tmp___9~0 := #t~nondet15;havoc #t~nondet15;~tmp___10~0 := #t~nondet16;havoc #t~nondet16;havoc ~blastFlag~0;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~blastFlag~0 := 0bv32;call write~intINTTYPE4(#t~nondet17, ~s.base, ~bvadd32(92bv32, ~s.offset), 4bv32);havoc #t~nondet17;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~tmp~3 := #t~nondet18;havoc #t~nondet18;~Time~0 := ~tmp~3;~cb~0.base, ~cb~0.offset := 0bv32, 0bv32;~ret~0 := 4294967295bv32;~skip~0 := 0bv32;~got_new_session~0 := 0bv32;call #t~mem19.base, #t~mem19.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,547 INFO L273 TraceCheckUtils]: 8: Hoare triple {7170#true} assume 0bv32 != ~bvadd32(#t~mem19.base, #t~mem19.offset);havoc #t~mem19.base, #t~mem19.offset;call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32);~cb~0.base, ~cb~0.offset := #t~mem20.base, #t~mem20.offset;havoc #t~mem20.base, #t~mem20.offset; {7170#true} is VALID [2018-11-18 21:40:57,547 INFO L273 TraceCheckUtils]: 9: Hoare triple {7170#true} call #t~mem21 := read~intINTTYPE4(~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem21), ~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);havoc #t~mem21; {7170#true} is VALID [2018-11-18 21:40:57,548 INFO L273 TraceCheckUtils]: 10: Hoare triple {7170#true} assume !(0bv32 != ~bvand32(12288bv32, ~tmp___1~0)); {7170#true} is VALID [2018-11-18 21:40:57,548 INFO L273 TraceCheckUtils]: 11: Hoare triple {7170#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~s.base, ~bvadd32(136bv32, ~s.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,548 INFO L273 TraceCheckUtils]: 12: Hoare triple {7170#true} assume !(0bv32 == ~bvadd32(#t~mem22.base, #t~mem22.offset));havoc #t~mem22.base, #t~mem22.offset; {7170#true} is VALID [2018-11-18 21:40:57,548 INFO L273 TraceCheckUtils]: 13: Hoare triple {7170#true} assume true; {7170#true} is VALID [2018-11-18 21:40:57,548 INFO L273 TraceCheckUtils]: 14: Hoare triple {7170#true} assume !false; {7170#true} is VALID [2018-11-18 21:40:57,549 INFO L273 TraceCheckUtils]: 15: Hoare triple {7170#true} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,549 INFO L273 TraceCheckUtils]: 16: Hoare triple {7170#true} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,549 INFO L273 TraceCheckUtils]: 17: Hoare triple {7170#true} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,549 INFO L273 TraceCheckUtils]: 18: Hoare triple {7170#true} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,550 INFO L273 TraceCheckUtils]: 19: Hoare triple {7170#true} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,550 INFO L273 TraceCheckUtils]: 20: Hoare triple {7170#true} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,550 INFO L273 TraceCheckUtils]: 21: Hoare triple {7170#true} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,550 INFO L273 TraceCheckUtils]: 22: Hoare triple {7170#true} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7170#true} is VALID [2018-11-18 21:40:57,550 INFO L273 TraceCheckUtils]: 23: Hoare triple {7170#true} assume 8482bv32 == #t~mem31;havoc #t~mem31; {7170#true} is VALID [2018-11-18 21:40:57,552 INFO L273 TraceCheckUtils]: 24: Hoare triple {7170#true} call write~intINTTYPE4(3bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,553 INFO L273 TraceCheckUtils]: 25: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} call #t~mem127.base, #t~mem127.offset := read~$Pointer$(~s.base, ~bvadd32(84bv32, ~s.offset), 4bv32);call #t~mem128 := read~intINTTYPE4(#t~mem127.base, ~bvadd32(848bv32, #t~mem127.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,553 INFO L273 TraceCheckUtils]: 26: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(0bv32 == #t~mem128);havoc #t~mem127.base, #t~mem127.offset;havoc #t~mem128; {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,553 INFO L273 TraceCheckUtils]: 27: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} ~skip~0 := 0bv32; {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,554 INFO L273 TraceCheckUtils]: 28: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume true; {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,554 INFO L273 TraceCheckUtils]: 29: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !false; {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,554 INFO L273 TraceCheckUtils]: 30: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,555 INFO L273 TraceCheckUtils]: 31: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,555 INFO L273 TraceCheckUtils]: 32: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,556 INFO L273 TraceCheckUtils]: 33: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,556 INFO L273 TraceCheckUtils]: 34: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,557 INFO L273 TraceCheckUtils]: 35: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,557 INFO L273 TraceCheckUtils]: 36: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,558 INFO L273 TraceCheckUtils]: 37: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,558 INFO L273 TraceCheckUtils]: 38: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8482bv32 == #t~mem31);havoc #t~mem31;call #t~mem32 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,559 INFO L273 TraceCheckUtils]: 39: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8464bv32 == #t~mem32);havoc #t~mem32;call #t~mem33 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,560 INFO L273 TraceCheckUtils]: 40: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8465bv32 == #t~mem33);havoc #t~mem33;call #t~mem34 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,560 INFO L273 TraceCheckUtils]: 41: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8466bv32 == #t~mem34);havoc #t~mem34;call #t~mem35 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,561 INFO L273 TraceCheckUtils]: 42: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8496bv32 == #t~mem35);havoc #t~mem35;call #t~mem36 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,561 INFO L273 TraceCheckUtils]: 43: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8497bv32 == #t~mem36);havoc #t~mem36;call #t~mem37 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,562 INFO L273 TraceCheckUtils]: 44: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8512bv32 == #t~mem37);havoc #t~mem37;call #t~mem38 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,562 INFO L273 TraceCheckUtils]: 45: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8513bv32 == #t~mem38);havoc #t~mem38;call #t~mem39 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,563 INFO L273 TraceCheckUtils]: 46: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8528bv32 == #t~mem39);havoc #t~mem39;call #t~mem40 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,564 INFO L273 TraceCheckUtils]: 47: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8529bv32 == #t~mem40);havoc #t~mem40;call #t~mem41 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,564 INFO L273 TraceCheckUtils]: 48: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8544bv32 == #t~mem41);havoc #t~mem41;call #t~mem42 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,565 INFO L273 TraceCheckUtils]: 49: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8545bv32 == #t~mem42);havoc #t~mem42;call #t~mem43 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,565 INFO L273 TraceCheckUtils]: 50: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8560bv32 == #t~mem43);havoc #t~mem43;call #t~mem44 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,566 INFO L273 TraceCheckUtils]: 51: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8561bv32 == #t~mem44);havoc #t~mem44;call #t~mem45 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,566 INFO L273 TraceCheckUtils]: 52: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8448bv32 == #t~mem45);havoc #t~mem45;call #t~mem46 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,567 INFO L273 TraceCheckUtils]: 53: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8576bv32 == #t~mem46);havoc #t~mem46;call #t~mem47 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,568 INFO L273 TraceCheckUtils]: 54: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8577bv32 == #t~mem47);havoc #t~mem47;call #t~mem48 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,568 INFO L273 TraceCheckUtils]: 55: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8592bv32 == #t~mem48);havoc #t~mem48;call #t~mem49 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,569 INFO L273 TraceCheckUtils]: 56: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8593bv32 == #t~mem49);havoc #t~mem49;call #t~mem50 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,569 INFO L273 TraceCheckUtils]: 57: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8608bv32 == #t~mem50);havoc #t~mem50;call #t~mem51 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:40:57,570 INFO L273 TraceCheckUtils]: 58: Hoare triple {7247#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8609bv32 == #t~mem51);havoc #t~mem51;call #t~mem52 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {7350#(= (bvadd |ssl3_accept_#t~mem52| (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-18 21:40:57,571 INFO L273 TraceCheckUtils]: 59: Hoare triple {7350#(= (bvadd |ssl3_accept_#t~mem52| (_ bv4294967293 32)) (_ bv0 32))} assume 8640bv32 == #t~mem52;havoc #t~mem52; {7171#false} is VALID [2018-11-18 21:40:57,571 INFO L273 TraceCheckUtils]: 60: Hoare triple {7171#false} ~ret~0 := #t~nondet115;havoc #t~nondet115; {7171#false} is VALID [2018-11-18 21:40:57,572 INFO L273 TraceCheckUtils]: 61: Hoare triple {7171#false} assume !(9bv32 == ~blastFlag~0); {7171#false} is VALID [2018-11-18 21:40:57,572 INFO L273 TraceCheckUtils]: 62: Hoare triple {7171#false} assume !false; {7171#false} is VALID [2018-11-18 21:40:57,578 INFO L134 CoverageAnalysis]: Checked inductivity of 11 backedges. 11 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-18 21:40:57,578 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-18 21:40:57,580 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-18 21:40:57,580 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2018-11-18 21:40:57,580 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 63 [2018-11-18 21:40:57,581 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-18 21:40:57,582 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2018-11-18 21:40:57,694 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 63 edges. 63 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:40:57,694 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2018-11-18 21:40:57,695 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2018-11-18 21:40:57,695 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2018-11-18 21:40:57,695 INFO L87 Difference]: Start difference. First operand 217 states and 350 transitions. Second operand 4 states. [2018-11-18 21:41:10,217 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:41:10,217 INFO L93 Difference]: Finished difference Result 499 states and 797 transitions. [2018-11-18 21:41:10,217 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2018-11-18 21:41:10,218 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 63 [2018-11-18 21:41:10,218 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-18 21:41:10,218 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-18 21:41:10,223 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 592 transitions. [2018-11-18 21:41:10,223 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-18 21:41:10,227 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 592 transitions. [2018-11-18 21:41:10,227 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 592 transitions. [2018-11-18 21:41:11,765 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 592 edges. 592 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:41:11,774 INFO L225 Difference]: With dead ends: 499 [2018-11-18 21:41:11,774 INFO L226 Difference]: Without dead ends: 329 [2018-11-18 21:41:11,774 INFO L604 BasicCegarLoop]: 0 DeclaredPredicates, 63 GetRequests, 60 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2018-11-18 21:41:11,775 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 329 states. [2018-11-18 21:41:12,183 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 329 to 218. [2018-11-18 21:41:12,183 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-18 21:41:12,184 INFO L82 GeneralOperation]: Start isEquivalent. First operand 329 states. Second operand 218 states. [2018-11-18 21:41:12,184 INFO L74 IsIncluded]: Start isIncluded. First operand 329 states. Second operand 218 states. [2018-11-18 21:41:12,184 INFO L87 Difference]: Start difference. First operand 329 states. Second operand 218 states. [2018-11-18 21:41:12,194 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:41:12,195 INFO L93 Difference]: Finished difference Result 329 states and 522 transitions. [2018-11-18 21:41:12,195 INFO L276 IsEmpty]: Start isEmpty. Operand 329 states and 522 transitions. [2018-11-18 21:41:12,196 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:41:12,196 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:41:12,196 INFO L74 IsIncluded]: Start isIncluded. First operand 218 states. Second operand 329 states. [2018-11-18 21:41:12,196 INFO L87 Difference]: Start difference. First operand 218 states. Second operand 329 states. [2018-11-18 21:41:12,205 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:41:12,206 INFO L93 Difference]: Finished difference Result 329 states and 522 transitions. [2018-11-18 21:41:12,206 INFO L276 IsEmpty]: Start isEmpty. Operand 329 states and 522 transitions. [2018-11-18 21:41:12,207 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:41:12,207 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:41:12,207 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-18 21:41:12,207 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-18 21:41:12,207 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 218 states. [2018-11-18 21:41:12,213 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 218 states to 218 states and 351 transitions. [2018-11-18 21:41:12,213 INFO L78 Accepts]: Start accepts. Automaton has 218 states and 351 transitions. Word has length 63 [2018-11-18 21:41:12,213 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-18 21:41:12,213 INFO L480 AbstractCegarLoop]: Abstraction has 218 states and 351 transitions. [2018-11-18 21:41:12,214 INFO L481 AbstractCegarLoop]: Interpolant automaton has 4 states. [2018-11-18 21:41:12,214 INFO L276 IsEmpty]: Start isEmpty. Operand 218 states and 351 transitions. [2018-11-18 21:41:12,215 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 65 [2018-11-18 21:41:12,215 INFO L367 BasicCegarLoop]: Found error trace [2018-11-18 21:41:12,215 INFO L375 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-18 21:41:12,215 INFO L423 AbstractCegarLoop]: === Iteration 7 === [ssl3_acceptErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-18 21:41:12,215 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-18 21:41:12,216 INFO L82 PathProgramCache]: Analyzing trace with hash 1022955229, now seen corresponding path program 1 times [2018-11-18 21:41:12,216 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-18 21:41:12,216 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-18 21:41:12,249 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-18 21:41:12,394 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:41:12,468 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:41:12,471 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-18 21:41:12,725 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:12,726 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 109 treesize of output 74 [2018-11-18 21:41:12,781 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:12,782 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 61 treesize of output 30 [2018-11-18 21:41:12,788 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:41:12,801 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-18 21:41:12,807 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-18 21:41:12,809 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-18 21:41:12,814 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:12,820 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:12,831 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:12,832 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 3 variables, input treesize:109, output treesize:9 [2018-11-18 21:41:15,354 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:41:15,533 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 15 [2018-11-18 21:41:15,538 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 3 [2018-11-18 21:41:15,539 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:41:15,540 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:15,542 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:15,542 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:19, output treesize:3 [2018-11-18 21:41:15,561 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:41:15,573 INFO L256 TraceCheckUtils]: 0: Hoare triple {8850#true} call ULTIMATE.init(); {8850#true} is VALID [2018-11-18 21:41:15,573 INFO L273 TraceCheckUtils]: 1: Hoare triple {8850#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];~init~0 := 1bv32;call ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset := #Ultimate.alloc(100bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32); {8850#true} is VALID [2018-11-18 21:41:15,573 INFO L273 TraceCheckUtils]: 2: Hoare triple {8850#true} assume true; {8850#true} is VALID [2018-11-18 21:41:15,574 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {8850#true} {8850#true} #692#return; {8850#true} is VALID [2018-11-18 21:41:15,574 INFO L256 TraceCheckUtils]: 4: Hoare triple {8850#true} call #t~ret138 := main(); {8850#true} is VALID [2018-11-18 21:41:15,574 INFO L273 TraceCheckUtils]: 5: Hoare triple {8850#true} havoc ~s~0.base, ~s~0.offset;havoc ~tmp~2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(248bv32);~s~0.base, ~s~0.offset := #t~malloc3.base, #t~malloc3.offset;call #t~malloc4.base, #t~malloc4.offset := #Ultimate.alloc(899bv32);call write~$Pointer$(#t~malloc4.base, #t~malloc4.offset, ~s~0.base, ~bvadd32(84bv32, ~s~0.offset), 4bv32);call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(232bv32);call write~$Pointer$(#t~malloc5.base, #t~malloc5.offset, ~s~0.base, ~bvadd32(204bv32, ~s~0.offset), 4bv32);call #t~malloc6.base, #t~malloc6.offset := #Ultimate.alloc(200bv32);call write~$Pointer$(#t~malloc6.base, #t~malloc6.offset, ~s~0.base, ~bvadd32(176bv32, ~s~0.offset), 4bv32); {8850#true} is VALID [2018-11-18 21:41:15,574 INFO L256 TraceCheckUtils]: 6: Hoare triple {8850#true} call #t~ret7 := ssl3_accept(~s~0.base, ~s~0.offset); {8850#true} is VALID [2018-11-18 21:41:15,574 INFO L273 TraceCheckUtils]: 7: Hoare triple {8850#true} ~s.base, ~s.offset := #in~s.base, #in~s.offset;havoc ~buf~0.base, ~buf~0.offset;havoc ~l~0;havoc ~Time~0;havoc ~tmp~3;havoc ~cb~0.base, ~cb~0.offset;havoc ~num1~0;havoc ~ret~0;havoc ~new_state~0;havoc ~state~0;havoc ~skip~0;havoc ~got_new_session~0;~tmp___1~0 := #t~nondet8;havoc #t~nondet8;~tmp___2~0 := #t~nondet9;havoc #t~nondet9;~tmp___3~0 := #t~nondet10;havoc #t~nondet10;~tmp___4~0 := #t~nondet11;havoc #t~nondet11;~tmp___5~0 := #t~nondet12;havoc #t~nondet12;~tmp___6~0 := #t~nondet13;havoc #t~nondet13;havoc ~tmp___7~0;~tmp___8~0 := #t~nondet14;havoc #t~nondet14;~tmp___9~0 := #t~nondet15;havoc #t~nondet15;~tmp___10~0 := #t~nondet16;havoc #t~nondet16;havoc ~blastFlag~0;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~blastFlag~0 := 0bv32;call write~intINTTYPE4(#t~nondet17, ~s.base, ~bvadd32(92bv32, ~s.offset), 4bv32);havoc #t~nondet17;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~tmp~3 := #t~nondet18;havoc #t~nondet18;~Time~0 := ~tmp~3;~cb~0.base, ~cb~0.offset := 0bv32, 0bv32;~ret~0 := 4294967295bv32;~skip~0 := 0bv32;~got_new_session~0 := 0bv32;call #t~mem19.base, #t~mem19.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32); {8850#true} is VALID [2018-11-18 21:41:15,575 INFO L273 TraceCheckUtils]: 8: Hoare triple {8850#true} assume 0bv32 != ~bvadd32(#t~mem19.base, #t~mem19.offset);havoc #t~mem19.base, #t~mem19.offset;call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32);~cb~0.base, ~cb~0.offset := #t~mem20.base, #t~mem20.offset;havoc #t~mem20.base, #t~mem20.offset; {8850#true} is VALID [2018-11-18 21:41:15,575 INFO L273 TraceCheckUtils]: 9: Hoare triple {8850#true} call #t~mem21 := read~intINTTYPE4(~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem21), ~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);havoc #t~mem21; {8850#true} is VALID [2018-11-18 21:41:15,575 INFO L273 TraceCheckUtils]: 10: Hoare triple {8850#true} assume !(0bv32 != ~bvand32(12288bv32, ~tmp___1~0)); {8850#true} is VALID [2018-11-18 21:41:15,575 INFO L273 TraceCheckUtils]: 11: Hoare triple {8850#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~s.base, ~bvadd32(136bv32, ~s.offset), 4bv32); {8850#true} is VALID [2018-11-18 21:41:15,575 INFO L273 TraceCheckUtils]: 12: Hoare triple {8850#true} assume !(0bv32 == ~bvadd32(#t~mem22.base, #t~mem22.offset));havoc #t~mem22.base, #t~mem22.offset; {8850#true} is VALID [2018-11-18 21:41:15,576 INFO L273 TraceCheckUtils]: 13: Hoare triple {8850#true} assume true; {8850#true} is VALID [2018-11-18 21:41:15,576 INFO L273 TraceCheckUtils]: 14: Hoare triple {8850#true} assume !false; {8850#true} is VALID [2018-11-18 21:41:15,576 INFO L273 TraceCheckUtils]: 15: Hoare triple {8850#true} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8850#true} is VALID [2018-11-18 21:41:15,576 INFO L273 TraceCheckUtils]: 16: Hoare triple {8850#true} assume 12292bv32 == #t~mem24;havoc #t~mem24; {8850#true} is VALID [2018-11-18 21:41:15,576 INFO L273 TraceCheckUtils]: 17: Hoare triple {8850#true} call write~intINTTYPE4(1bv32, ~s.base, ~bvadd32(40bv32, ~s.offset), 4bv32); {8850#true} is VALID [2018-11-18 21:41:15,576 INFO L273 TraceCheckUtils]: 18: Hoare triple {8850#true} call write~intINTTYPE4(1bv32, ~s.base, ~bvadd32(36bv32, ~s.offset), 4bv32); {8850#true} is VALID [2018-11-18 21:41:15,576 INFO L273 TraceCheckUtils]: 19: Hoare triple {8850#true} assume 0bv32 != ~bvadd32(~cb~0.base, ~cb~0.offset); {8850#true} is VALID [2018-11-18 21:41:15,577 INFO L273 TraceCheckUtils]: 20: Hoare triple {8850#true} call #t~mem59 := read~intINTTYPE4(~s.base, ~s.offset, 4bv32); {8850#true} is VALID [2018-11-18 21:41:15,577 INFO L273 TraceCheckUtils]: 21: Hoare triple {8850#true} assume !(3bv32 != ~bvashr32(#t~mem59, 8bv32));havoc #t~mem59;call write~intINTTYPE4(8192bv32, ~s.base, ~bvadd32(4bv32, ~s.offset), 4bv32);call #t~mem60.base, #t~mem60.offset := read~$Pointer$(~s.base, ~bvadd32(60bv32, ~s.offset), 4bv32); {8850#true} is VALID [2018-11-18 21:41:15,577 INFO L273 TraceCheckUtils]: 22: Hoare triple {8850#true} assume !(0bv32 == ~bvadd32(#t~mem60.base, #t~mem60.offset));havoc #t~mem60.base, #t~mem60.offset; {8850#true} is VALID [2018-11-18 21:41:15,577 INFO L273 TraceCheckUtils]: 23: Hoare triple {8850#true} assume !(0bv32 == ~tmp___4~0);call write~intINTTYPE4(0bv32, ~s.base, ~bvadd32(64bv32, ~s.offset), 4bv32);call #t~mem62 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8850#true} is VALID [2018-11-18 21:41:15,579 INFO L273 TraceCheckUtils]: 24: Hoare triple {8850#true} assume !(12292bv32 != #t~mem62);havoc #t~mem62;call #t~mem65.base, #t~mem65.offset := read~$Pointer$(~s.base, ~bvadd32(204bv32, ~s.offset), 4bv32);call #t~mem66 := read~intINTTYPE4(#t~mem65.base, ~bvadd32(76bv32, #t~mem65.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem66), #t~mem65.base, ~bvadd32(76bv32, #t~mem65.offset), 4bv32);havoc #t~mem65.base, #t~mem65.offset;havoc #t~mem66;call write~intINTTYPE4(8480bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,580 INFO L273 TraceCheckUtils]: 25: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} call #t~mem127.base, #t~mem127.offset := read~$Pointer$(~s.base, ~bvadd32(84bv32, ~s.offset), 4bv32);call #t~mem128 := read~intINTTYPE4(#t~mem127.base, ~bvadd32(848bv32, #t~mem127.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,580 INFO L273 TraceCheckUtils]: 26: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(0bv32 == #t~mem128);havoc #t~mem127.base, #t~mem127.offset;havoc #t~mem128; {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,581 INFO L273 TraceCheckUtils]: 27: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} ~skip~0 := 0bv32; {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,581 INFO L273 TraceCheckUtils]: 28: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume true; {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,582 INFO L273 TraceCheckUtils]: 29: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !false; {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,582 INFO L273 TraceCheckUtils]: 30: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,583 INFO L273 TraceCheckUtils]: 31: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,583 INFO L273 TraceCheckUtils]: 32: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,583 INFO L273 TraceCheckUtils]: 33: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,584 INFO L273 TraceCheckUtils]: 34: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,589 INFO L273 TraceCheckUtils]: 35: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,591 INFO L273 TraceCheckUtils]: 36: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,594 INFO L273 TraceCheckUtils]: 37: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,594 INFO L273 TraceCheckUtils]: 38: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8482bv32 == #t~mem31);havoc #t~mem31;call #t~mem32 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,595 INFO L273 TraceCheckUtils]: 39: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8464bv32 == #t~mem32);havoc #t~mem32;call #t~mem33 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,596 INFO L273 TraceCheckUtils]: 40: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8465bv32 == #t~mem33);havoc #t~mem33;call #t~mem34 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,596 INFO L273 TraceCheckUtils]: 41: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8466bv32 == #t~mem34);havoc #t~mem34;call #t~mem35 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,599 INFO L273 TraceCheckUtils]: 42: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8496bv32 == #t~mem35);havoc #t~mem35;call #t~mem36 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,599 INFO L273 TraceCheckUtils]: 43: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8497bv32 == #t~mem36);havoc #t~mem36;call #t~mem37 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,599 INFO L273 TraceCheckUtils]: 44: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8512bv32 == #t~mem37);havoc #t~mem37;call #t~mem38 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,600 INFO L273 TraceCheckUtils]: 45: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8513bv32 == #t~mem38);havoc #t~mem38;call #t~mem39 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,600 INFO L273 TraceCheckUtils]: 46: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8528bv32 == #t~mem39);havoc #t~mem39;call #t~mem40 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,600 INFO L273 TraceCheckUtils]: 47: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8529bv32 == #t~mem40);havoc #t~mem40;call #t~mem41 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,601 INFO L273 TraceCheckUtils]: 48: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8544bv32 == #t~mem41);havoc #t~mem41;call #t~mem42 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,601 INFO L273 TraceCheckUtils]: 49: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8545bv32 == #t~mem42);havoc #t~mem42;call #t~mem43 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,601 INFO L273 TraceCheckUtils]: 50: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8560bv32 == #t~mem43);havoc #t~mem43;call #t~mem44 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,602 INFO L273 TraceCheckUtils]: 51: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8561bv32 == #t~mem44);havoc #t~mem44;call #t~mem45 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,602 INFO L273 TraceCheckUtils]: 52: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8448bv32 == #t~mem45);havoc #t~mem45;call #t~mem46 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,603 INFO L273 TraceCheckUtils]: 53: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8576bv32 == #t~mem46);havoc #t~mem46;call #t~mem47 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,603 INFO L273 TraceCheckUtils]: 54: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8577bv32 == #t~mem47);havoc #t~mem47;call #t~mem48 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,604 INFO L273 TraceCheckUtils]: 55: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8592bv32 == #t~mem48);havoc #t~mem48;call #t~mem49 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,604 INFO L273 TraceCheckUtils]: 56: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8593bv32 == #t~mem49);havoc #t~mem49;call #t~mem50 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,605 INFO L273 TraceCheckUtils]: 57: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8608bv32 == #t~mem50);havoc #t~mem50;call #t~mem51 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,605 INFO L273 TraceCheckUtils]: 58: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8609bv32 == #t~mem51);havoc #t~mem51;call #t~mem52 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:41:15,606 INFO L273 TraceCheckUtils]: 59: Hoare triple {8927#(= (_ bv8480 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8640bv32 == #t~mem52);havoc #t~mem52;call #t~mem53 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {9033#(= (bvadd |ssl3_accept_#t~mem53| (_ bv4294958816 32)) (_ bv0 32))} is VALID [2018-11-18 21:41:15,607 INFO L273 TraceCheckUtils]: 60: Hoare triple {9033#(= (bvadd |ssl3_accept_#t~mem53| (_ bv4294958816 32)) (_ bv0 32))} assume 8641bv32 == #t~mem53;havoc #t~mem53; {8851#false} is VALID [2018-11-18 21:41:15,607 INFO L273 TraceCheckUtils]: 61: Hoare triple {8851#false} ~ret~0 := #t~nondet115;havoc #t~nondet115; {8851#false} is VALID [2018-11-18 21:41:15,607 INFO L273 TraceCheckUtils]: 62: Hoare triple {8851#false} assume !(9bv32 == ~blastFlag~0); {8851#false} is VALID [2018-11-18 21:41:15,607 INFO L273 TraceCheckUtils]: 63: Hoare triple {8851#false} assume !false; {8851#false} is VALID [2018-11-18 21:41:15,614 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-18 21:41:15,614 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-18 21:41:15,616 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-18 21:41:15,616 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2018-11-18 21:41:15,616 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 64 [2018-11-18 21:41:15,617 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-18 21:41:15,617 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2018-11-18 21:41:15,732 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 64 edges. 64 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:41:15,732 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2018-11-18 21:41:15,732 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2018-11-18 21:41:15,732 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2018-11-18 21:41:15,733 INFO L87 Difference]: Start difference. First operand 218 states and 351 transitions. Second operand 4 states. [2018-11-18 21:41:27,793 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:41:27,793 INFO L93 Difference]: Finished difference Result 494 states and 790 transitions. [2018-11-18 21:41:27,793 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2018-11-18 21:41:27,794 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 64 [2018-11-18 21:41:27,794 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-18 21:41:27,794 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-18 21:41:27,798 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 583 transitions. [2018-11-18 21:41:27,798 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-18 21:41:27,803 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 583 transitions. [2018-11-18 21:41:27,803 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 583 transitions. [2018-11-18 21:41:29,191 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 583 edges. 583 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:41:29,200 INFO L225 Difference]: With dead ends: 494 [2018-11-18 21:41:29,200 INFO L226 Difference]: Without dead ends: 323 [2018-11-18 21:41:29,200 INFO L604 BasicCegarLoop]: 0 DeclaredPredicates, 64 GetRequests, 61 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2018-11-18 21:41:29,201 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 323 states. [2018-11-18 21:41:29,428 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 323 to 236. [2018-11-18 21:41:29,428 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-18 21:41:29,428 INFO L82 GeneralOperation]: Start isEquivalent. First operand 323 states. Second operand 236 states. [2018-11-18 21:41:29,428 INFO L74 IsIncluded]: Start isIncluded. First operand 323 states. Second operand 236 states. [2018-11-18 21:41:29,428 INFO L87 Difference]: Start difference. First operand 323 states. Second operand 236 states. [2018-11-18 21:41:29,437 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:41:29,438 INFO L93 Difference]: Finished difference Result 323 states and 514 transitions. [2018-11-18 21:41:29,438 INFO L276 IsEmpty]: Start isEmpty. Operand 323 states and 514 transitions. [2018-11-18 21:41:29,439 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:41:29,439 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:41:29,439 INFO L74 IsIncluded]: Start isIncluded. First operand 236 states. Second operand 323 states. [2018-11-18 21:41:29,439 INFO L87 Difference]: Start difference. First operand 236 states. Second operand 323 states. [2018-11-18 21:41:29,447 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:41:29,447 INFO L93 Difference]: Finished difference Result 323 states and 514 transitions. [2018-11-18 21:41:29,447 INFO L276 IsEmpty]: Start isEmpty. Operand 323 states and 514 transitions. [2018-11-18 21:41:29,448 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:41:29,448 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:41:29,449 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-18 21:41:29,449 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-18 21:41:29,449 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 236 states. [2018-11-18 21:41:29,454 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 236 states to 236 states and 381 transitions. [2018-11-18 21:41:29,454 INFO L78 Accepts]: Start accepts. Automaton has 236 states and 381 transitions. Word has length 64 [2018-11-18 21:41:29,455 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-18 21:41:29,455 INFO L480 AbstractCegarLoop]: Abstraction has 236 states and 381 transitions. [2018-11-18 21:41:29,455 INFO L481 AbstractCegarLoop]: Interpolant automaton has 4 states. [2018-11-18 21:41:29,455 INFO L276 IsEmpty]: Start isEmpty. Operand 236 states and 381 transitions. [2018-11-18 21:41:29,456 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 65 [2018-11-18 21:41:29,456 INFO L367 BasicCegarLoop]: Found error trace [2018-11-18 21:41:29,456 INFO L375 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-18 21:41:29,456 INFO L423 AbstractCegarLoop]: === Iteration 8 === [ssl3_acceptErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-18 21:41:29,457 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-18 21:41:29,457 INFO L82 PathProgramCache]: Analyzing trace with hash -817254368, now seen corresponding path program 1 times [2018-11-18 21:41:29,457 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-18 21:41:29,457 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 9 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 9 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-18 21:41:29,479 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-18 21:41:29,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:41:29,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:41:29,722 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-18 21:41:29,807 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 20 [2018-11-18 21:41:29,833 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 23 [2018-11-18 21:41:29,878 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:29,881 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 33 [2018-11-18 21:41:29,892 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:29,898 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 27 [2018-11-18 21:41:29,900 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-18 21:41:29,910 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:29,920 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:29,931 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:29,947 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:29,947 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:27, output treesize:13 [2018-11-18 21:41:29,966 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:41:30,000 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:30,001 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 38 [2018-11-18 21:41:30,023 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:30,028 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:30,032 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 35 [2018-11-18 21:41:30,061 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:41:30,066 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:30,073 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:30,074 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:34, output treesize:13 [2018-11-18 21:41:32,096 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:41:32,112 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-18 21:41:32,117 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-18 21:41:32,118 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:41:32,121 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:32,123 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:32,124 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-18 21:41:32,127 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:41:32,161 INFO L256 TraceCheckUtils]: 0: Hoare triple {10534#true} call ULTIMATE.init(); {10534#true} is VALID [2018-11-18 21:41:32,161 INFO L273 TraceCheckUtils]: 1: Hoare triple {10534#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];~init~0 := 1bv32;call ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset := #Ultimate.alloc(100bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32); {10534#true} is VALID [2018-11-18 21:41:32,162 INFO L273 TraceCheckUtils]: 2: Hoare triple {10534#true} assume true; {10534#true} is VALID [2018-11-18 21:41:32,162 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {10534#true} {10534#true} #692#return; {10534#true} is VALID [2018-11-18 21:41:32,162 INFO L256 TraceCheckUtils]: 4: Hoare triple {10534#true} call #t~ret138 := main(); {10534#true} is VALID [2018-11-18 21:41:32,164 INFO L273 TraceCheckUtils]: 5: Hoare triple {10534#true} havoc ~s~0.base, ~s~0.offset;havoc ~tmp~2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(248bv32);~s~0.base, ~s~0.offset := #t~malloc3.base, #t~malloc3.offset;call #t~malloc4.base, #t~malloc4.offset := #Ultimate.alloc(899bv32);call write~$Pointer$(#t~malloc4.base, #t~malloc4.offset, ~s~0.base, ~bvadd32(84bv32, ~s~0.offset), 4bv32);call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(232bv32);call write~$Pointer$(#t~malloc5.base, #t~malloc5.offset, ~s~0.base, ~bvadd32(204bv32, ~s~0.offset), 4bv32);call #t~malloc6.base, #t~malloc6.offset := #Ultimate.alloc(200bv32);call write~$Pointer$(#t~malloc6.base, #t~malloc6.offset, ~s~0.base, ~bvadd32(176bv32, ~s~0.offset), 4bv32); {10554#(= main_~s~0.offset (_ bv0 32))} is VALID [2018-11-18 21:41:32,164 INFO L256 TraceCheckUtils]: 6: Hoare triple {10554#(= main_~s~0.offset (_ bv0 32))} call #t~ret7 := ssl3_accept(~s~0.base, ~s~0.offset); {10558#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} is VALID [2018-11-18 21:41:32,168 INFO L273 TraceCheckUtils]: 7: Hoare triple {10558#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} ~s.base, ~s.offset := #in~s.base, #in~s.offset;havoc ~buf~0.base, ~buf~0.offset;havoc ~l~0;havoc ~Time~0;havoc ~tmp~3;havoc ~cb~0.base, ~cb~0.offset;havoc ~num1~0;havoc ~ret~0;havoc ~new_state~0;havoc ~state~0;havoc ~skip~0;havoc ~got_new_session~0;~tmp___1~0 := #t~nondet8;havoc #t~nondet8;~tmp___2~0 := #t~nondet9;havoc #t~nondet9;~tmp___3~0 := #t~nondet10;havoc #t~nondet10;~tmp___4~0 := #t~nondet11;havoc #t~nondet11;~tmp___5~0 := #t~nondet12;havoc #t~nondet12;~tmp___6~0 := #t~nondet13;havoc #t~nondet13;havoc ~tmp___7~0;~tmp___8~0 := #t~nondet14;havoc #t~nondet14;~tmp___9~0 := #t~nondet15;havoc #t~nondet15;~tmp___10~0 := #t~nondet16;havoc #t~nondet16;havoc ~blastFlag~0;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~blastFlag~0 := 0bv32;call write~intINTTYPE4(#t~nondet17, ~s.base, ~bvadd32(92bv32, ~s.offset), 4bv32);havoc #t~nondet17;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~tmp~3 := #t~nondet18;havoc #t~nondet18;~Time~0 := ~tmp~3;~cb~0.base, ~cb~0.offset := 0bv32, 0bv32;~ret~0 := 4294967295bv32;~skip~0 := 0bv32;~got_new_session~0 := 0bv32;call #t~mem19.base, #t~mem19.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32); {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:32,169 INFO L273 TraceCheckUtils]: 8: Hoare triple {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume 0bv32 != ~bvadd32(#t~mem19.base, #t~mem19.offset);havoc #t~mem19.base, #t~mem19.offset;call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32);~cb~0.base, ~cb~0.offset := #t~mem20.base, #t~mem20.offset;havoc #t~mem20.base, #t~mem20.offset; {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:32,171 INFO L273 TraceCheckUtils]: 9: Hoare triple {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem21 := read~intINTTYPE4(~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem21), ~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);havoc #t~mem21; {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:32,172 INFO L273 TraceCheckUtils]: 10: Hoare triple {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 != ~bvand32(12288bv32, ~tmp___1~0)); {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:32,172 INFO L273 TraceCheckUtils]: 11: Hoare triple {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~s.base, ~bvadd32(136bv32, ~s.offset), 4bv32); {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:32,173 INFO L273 TraceCheckUtils]: 12: Hoare triple {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 == ~bvadd32(#t~mem22.base, #t~mem22.offset));havoc #t~mem22.base, #t~mem22.offset; {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:32,173 INFO L273 TraceCheckUtils]: 13: Hoare triple {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume true; {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:32,173 INFO L273 TraceCheckUtils]: 14: Hoare triple {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !false; {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:32,174 INFO L273 TraceCheckUtils]: 15: Hoare triple {10562#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10587#(= (_ bv8464 32) |ssl3_accept_#t~mem24|)} is VALID [2018-11-18 21:41:32,174 INFO L273 TraceCheckUtils]: 16: Hoare triple {10587#(= (_ bv8464 32) |ssl3_accept_#t~mem24|)} assume 12292bv32 == #t~mem24;havoc #t~mem24; {10535#false} is VALID [2018-11-18 21:41:32,174 INFO L273 TraceCheckUtils]: 17: Hoare triple {10535#false} call write~intINTTYPE4(1bv32, ~s.base, ~bvadd32(40bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,175 INFO L273 TraceCheckUtils]: 18: Hoare triple {10535#false} call write~intINTTYPE4(1bv32, ~s.base, ~bvadd32(36bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,175 INFO L273 TraceCheckUtils]: 19: Hoare triple {10535#false} assume 0bv32 != ~bvadd32(~cb~0.base, ~cb~0.offset); {10535#false} is VALID [2018-11-18 21:41:32,175 INFO L273 TraceCheckUtils]: 20: Hoare triple {10535#false} call #t~mem59 := read~intINTTYPE4(~s.base, ~s.offset, 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,175 INFO L273 TraceCheckUtils]: 21: Hoare triple {10535#false} assume !(3bv32 != ~bvashr32(#t~mem59, 8bv32));havoc #t~mem59;call write~intINTTYPE4(8192bv32, ~s.base, ~bvadd32(4bv32, ~s.offset), 4bv32);call #t~mem60.base, #t~mem60.offset := read~$Pointer$(~s.base, ~bvadd32(60bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,176 INFO L273 TraceCheckUtils]: 22: Hoare triple {10535#false} assume !(0bv32 == ~bvadd32(#t~mem60.base, #t~mem60.offset));havoc #t~mem60.base, #t~mem60.offset; {10535#false} is VALID [2018-11-18 21:41:32,176 INFO L273 TraceCheckUtils]: 23: Hoare triple {10535#false} assume !(0bv32 == ~tmp___4~0);call write~intINTTYPE4(0bv32, ~s.base, ~bvadd32(64bv32, ~s.offset), 4bv32);call #t~mem62 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,176 INFO L273 TraceCheckUtils]: 24: Hoare triple {10535#false} assume 12292bv32 != #t~mem62;havoc #t~mem62; {10535#false} is VALID [2018-11-18 21:41:32,176 INFO L273 TraceCheckUtils]: 25: Hoare triple {10535#false} assume !(0bv32 == ~tmp___5~0);call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);call #t~mem63.base, #t~mem63.offset := read~$Pointer$(~s.base, ~bvadd32(204bv32, ~s.offset), 4bv32);call #t~mem64 := read~intINTTYPE4(#t~mem63.base, ~bvadd32(72bv32, #t~mem63.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem64), #t~mem63.base, ~bvadd32(72bv32, #t~mem63.offset), 4bv32);havoc #t~mem63.base, #t~mem63.offset;havoc #t~mem64; {10535#false} is VALID [2018-11-18 21:41:32,177 INFO L273 TraceCheckUtils]: 26: Hoare triple {10535#false} call #t~mem127.base, #t~mem127.offset := read~$Pointer$(~s.base, ~bvadd32(84bv32, ~s.offset), 4bv32);call #t~mem128 := read~intINTTYPE4(#t~mem127.base, ~bvadd32(848bv32, #t~mem127.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,177 INFO L273 TraceCheckUtils]: 27: Hoare triple {10535#false} assume !(0bv32 == #t~mem128);havoc #t~mem127.base, #t~mem127.offset;havoc #t~mem128; {10535#false} is VALID [2018-11-18 21:41:32,177 INFO L273 TraceCheckUtils]: 28: Hoare triple {10535#false} ~skip~0 := 0bv32; {10535#false} is VALID [2018-11-18 21:41:32,177 INFO L273 TraceCheckUtils]: 29: Hoare triple {10535#false} assume true; {10535#false} is VALID [2018-11-18 21:41:32,177 INFO L273 TraceCheckUtils]: 30: Hoare triple {10535#false} assume !false; {10535#false} is VALID [2018-11-18 21:41:32,177 INFO L273 TraceCheckUtils]: 31: Hoare triple {10535#false} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,177 INFO L273 TraceCheckUtils]: 32: Hoare triple {10535#false} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,178 INFO L273 TraceCheckUtils]: 33: Hoare triple {10535#false} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,178 INFO L273 TraceCheckUtils]: 34: Hoare triple {10535#false} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,178 INFO L273 TraceCheckUtils]: 35: Hoare triple {10535#false} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,178 INFO L273 TraceCheckUtils]: 36: Hoare triple {10535#false} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,178 INFO L273 TraceCheckUtils]: 37: Hoare triple {10535#false} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,178 INFO L273 TraceCheckUtils]: 38: Hoare triple {10535#false} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,178 INFO L273 TraceCheckUtils]: 39: Hoare triple {10535#false} assume !(8482bv32 == #t~mem31);havoc #t~mem31;call #t~mem32 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,178 INFO L273 TraceCheckUtils]: 40: Hoare triple {10535#false} assume !(8464bv32 == #t~mem32);havoc #t~mem32;call #t~mem33 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,179 INFO L273 TraceCheckUtils]: 41: Hoare triple {10535#false} assume !(8465bv32 == #t~mem33);havoc #t~mem33;call #t~mem34 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,179 INFO L273 TraceCheckUtils]: 42: Hoare triple {10535#false} assume !(8466bv32 == #t~mem34);havoc #t~mem34;call #t~mem35 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,179 INFO L273 TraceCheckUtils]: 43: Hoare triple {10535#false} assume !(8496bv32 == #t~mem35);havoc #t~mem35;call #t~mem36 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,179 INFO L273 TraceCheckUtils]: 44: Hoare triple {10535#false} assume !(8497bv32 == #t~mem36);havoc #t~mem36;call #t~mem37 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,179 INFO L273 TraceCheckUtils]: 45: Hoare triple {10535#false} assume !(8512bv32 == #t~mem37);havoc #t~mem37;call #t~mem38 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,179 INFO L273 TraceCheckUtils]: 46: Hoare triple {10535#false} assume !(8513bv32 == #t~mem38);havoc #t~mem38;call #t~mem39 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,179 INFO L273 TraceCheckUtils]: 47: Hoare triple {10535#false} assume !(8528bv32 == #t~mem39);havoc #t~mem39;call #t~mem40 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,180 INFO L273 TraceCheckUtils]: 48: Hoare triple {10535#false} assume !(8529bv32 == #t~mem40);havoc #t~mem40;call #t~mem41 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,180 INFO L273 TraceCheckUtils]: 49: Hoare triple {10535#false} assume !(8544bv32 == #t~mem41);havoc #t~mem41;call #t~mem42 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,180 INFO L273 TraceCheckUtils]: 50: Hoare triple {10535#false} assume !(8545bv32 == #t~mem42);havoc #t~mem42;call #t~mem43 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,180 INFO L273 TraceCheckUtils]: 51: Hoare triple {10535#false} assume !(8560bv32 == #t~mem43);havoc #t~mem43;call #t~mem44 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,180 INFO L273 TraceCheckUtils]: 52: Hoare triple {10535#false} assume !(8561bv32 == #t~mem44);havoc #t~mem44;call #t~mem45 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,180 INFO L273 TraceCheckUtils]: 53: Hoare triple {10535#false} assume !(8448bv32 == #t~mem45);havoc #t~mem45;call #t~mem46 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,180 INFO L273 TraceCheckUtils]: 54: Hoare triple {10535#false} assume !(8576bv32 == #t~mem46);havoc #t~mem46;call #t~mem47 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,180 INFO L273 TraceCheckUtils]: 55: Hoare triple {10535#false} assume !(8577bv32 == #t~mem47);havoc #t~mem47;call #t~mem48 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,181 INFO L273 TraceCheckUtils]: 56: Hoare triple {10535#false} assume !(8592bv32 == #t~mem48);havoc #t~mem48;call #t~mem49 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,181 INFO L273 TraceCheckUtils]: 57: Hoare triple {10535#false} assume !(8593bv32 == #t~mem49);havoc #t~mem49;call #t~mem50 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,181 INFO L273 TraceCheckUtils]: 58: Hoare triple {10535#false} assume !(8608bv32 == #t~mem50);havoc #t~mem50;call #t~mem51 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,181 INFO L273 TraceCheckUtils]: 59: Hoare triple {10535#false} assume !(8609bv32 == #t~mem51);havoc #t~mem51;call #t~mem52 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {10535#false} is VALID [2018-11-18 21:41:32,181 INFO L273 TraceCheckUtils]: 60: Hoare triple {10535#false} assume 8640bv32 == #t~mem52;havoc #t~mem52; {10535#false} is VALID [2018-11-18 21:41:32,181 INFO L273 TraceCheckUtils]: 61: Hoare triple {10535#false} ~ret~0 := #t~nondet115;havoc #t~nondet115; {10535#false} is VALID [2018-11-18 21:41:32,181 INFO L273 TraceCheckUtils]: 62: Hoare triple {10535#false} assume !(9bv32 == ~blastFlag~0); {10535#false} is VALID [2018-11-18 21:41:32,181 INFO L273 TraceCheckUtils]: 63: Hoare triple {10535#false} assume !false; {10535#false} is VALID [2018-11-18 21:41:32,184 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-18 21:41:32,184 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-18 21:41:32,186 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-18 21:41:32,186 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-18 21:41:32,187 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 64 [2018-11-18 21:41:32,187 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-18 21:41:32,187 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-18 21:41:32,293 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 64 edges. 64 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:41:32,293 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-18 21:41:32,293 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-18 21:41:32,293 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2018-11-18 21:41:32,294 INFO L87 Difference]: Start difference. First operand 236 states and 381 transitions. Second operand 6 states. [2018-11-18 21:41:48,808 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:41:48,808 INFO L93 Difference]: Finished difference Result 532 states and 860 transitions. [2018-11-18 21:41:48,809 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2018-11-18 21:41:48,809 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 64 [2018-11-18 21:41:48,809 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-18 21:41:48,809 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:41:48,813 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 564 transitions. [2018-11-18 21:41:48,813 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:41:48,815 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 564 transitions. [2018-11-18 21:41:48,816 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 564 transitions. [2018-11-18 21:41:49,672 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 564 edges. 564 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:41:49,679 INFO L225 Difference]: With dead ends: 532 [2018-11-18 21:41:49,680 INFO L226 Difference]: Without dead ends: 320 [2018-11-18 21:41:49,680 INFO L604 BasicCegarLoop]: 0 DeclaredPredicates, 65 GetRequests, 59 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2018-11-18 21:41:49,681 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 320 states. [2018-11-18 21:41:49,841 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 320 to 236. [2018-11-18 21:41:49,841 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-18 21:41:49,841 INFO L82 GeneralOperation]: Start isEquivalent. First operand 320 states. Second operand 236 states. [2018-11-18 21:41:49,841 INFO L74 IsIncluded]: Start isIncluded. First operand 320 states. Second operand 236 states. [2018-11-18 21:41:49,841 INFO L87 Difference]: Start difference. First operand 320 states. Second operand 236 states. [2018-11-18 21:41:49,849 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:41:49,849 INFO L93 Difference]: Finished difference Result 320 states and 510 transitions. [2018-11-18 21:41:49,850 INFO L276 IsEmpty]: Start isEmpty. Operand 320 states and 510 transitions. [2018-11-18 21:41:49,850 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:41:49,851 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:41:49,851 INFO L74 IsIncluded]: Start isIncluded. First operand 236 states. Second operand 320 states. [2018-11-18 21:41:49,851 INFO L87 Difference]: Start difference. First operand 236 states. Second operand 320 states. [2018-11-18 21:41:49,859 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:41:49,859 INFO L93 Difference]: Finished difference Result 320 states and 510 transitions. [2018-11-18 21:41:49,859 INFO L276 IsEmpty]: Start isEmpty. Operand 320 states and 510 transitions. [2018-11-18 21:41:49,860 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:41:49,860 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:41:49,860 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-18 21:41:49,860 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-18 21:41:49,860 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 236 states. [2018-11-18 21:41:49,865 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 236 states to 236 states and 380 transitions. [2018-11-18 21:41:49,865 INFO L78 Accepts]: Start accepts. Automaton has 236 states and 380 transitions. Word has length 64 [2018-11-18 21:41:49,866 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-18 21:41:49,866 INFO L480 AbstractCegarLoop]: Abstraction has 236 states and 380 transitions. [2018-11-18 21:41:49,866 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-18 21:41:49,866 INFO L276 IsEmpty]: Start isEmpty. Operand 236 states and 380 transitions. [2018-11-18 21:41:49,867 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 65 [2018-11-18 21:41:49,867 INFO L367 BasicCegarLoop]: Found error trace [2018-11-18 21:41:49,867 INFO L375 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-18 21:41:49,867 INFO L423 AbstractCegarLoop]: === Iteration 9 === [ssl3_acceptErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-18 21:41:49,868 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-18 21:41:49,868 INFO L82 PathProgramCache]: Analyzing trace with hash 1069649076, now seen corresponding path program 1 times [2018-11-18 21:41:49,868 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-18 21:41:49,868 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 10 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 10 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-18 21:41:49,892 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-18 21:41:50,087 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:41:50,147 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:41:50,148 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-18 21:41:50,200 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 20 [2018-11-18 21:41:50,207 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 23 [2018-11-18 21:41:50,215 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:50,218 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 33 [2018-11-18 21:41:50,229 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:50,238 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 27 [2018-11-18 21:41:50,241 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-18 21:41:50,253 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:50,264 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:50,275 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:50,295 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:50,295 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:27, output treesize:13 [2018-11-18 21:41:50,314 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:41:50,355 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:50,356 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 38 [2018-11-18 21:41:50,363 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:50,367 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:41:50,371 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 35 [2018-11-18 21:41:50,405 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:41:50,411 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:50,421 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:50,422 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:34, output treesize:13 [2018-11-18 21:41:52,434 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:41:52,454 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-18 21:41:52,457 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-18 21:41:52,468 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:41:52,470 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:52,474 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:41:52,475 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-18 21:41:52,477 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:41:52,512 INFO L256 TraceCheckUtils]: 0: Hoare triple {12254#true} call ULTIMATE.init(); {12254#true} is VALID [2018-11-18 21:41:52,512 INFO L273 TraceCheckUtils]: 1: Hoare triple {12254#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];~init~0 := 1bv32;call ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset := #Ultimate.alloc(100bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32); {12254#true} is VALID [2018-11-18 21:41:52,513 INFO L273 TraceCheckUtils]: 2: Hoare triple {12254#true} assume true; {12254#true} is VALID [2018-11-18 21:41:52,513 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {12254#true} {12254#true} #692#return; {12254#true} is VALID [2018-11-18 21:41:52,513 INFO L256 TraceCheckUtils]: 4: Hoare triple {12254#true} call #t~ret138 := main(); {12254#true} is VALID [2018-11-18 21:41:52,515 INFO L273 TraceCheckUtils]: 5: Hoare triple {12254#true} havoc ~s~0.base, ~s~0.offset;havoc ~tmp~2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(248bv32);~s~0.base, ~s~0.offset := #t~malloc3.base, #t~malloc3.offset;call #t~malloc4.base, #t~malloc4.offset := #Ultimate.alloc(899bv32);call write~$Pointer$(#t~malloc4.base, #t~malloc4.offset, ~s~0.base, ~bvadd32(84bv32, ~s~0.offset), 4bv32);call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(232bv32);call write~$Pointer$(#t~malloc5.base, #t~malloc5.offset, ~s~0.base, ~bvadd32(204bv32, ~s~0.offset), 4bv32);call #t~malloc6.base, #t~malloc6.offset := #Ultimate.alloc(200bv32);call write~$Pointer$(#t~malloc6.base, #t~malloc6.offset, ~s~0.base, ~bvadd32(176bv32, ~s~0.offset), 4bv32); {12274#(= main_~s~0.offset (_ bv0 32))} is VALID [2018-11-18 21:41:52,515 INFO L256 TraceCheckUtils]: 6: Hoare triple {12274#(= main_~s~0.offset (_ bv0 32))} call #t~ret7 := ssl3_accept(~s~0.base, ~s~0.offset); {12278#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} is VALID [2018-11-18 21:41:52,520 INFO L273 TraceCheckUtils]: 7: Hoare triple {12278#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} ~s.base, ~s.offset := #in~s.base, #in~s.offset;havoc ~buf~0.base, ~buf~0.offset;havoc ~l~0;havoc ~Time~0;havoc ~tmp~3;havoc ~cb~0.base, ~cb~0.offset;havoc ~num1~0;havoc ~ret~0;havoc ~new_state~0;havoc ~state~0;havoc ~skip~0;havoc ~got_new_session~0;~tmp___1~0 := #t~nondet8;havoc #t~nondet8;~tmp___2~0 := #t~nondet9;havoc #t~nondet9;~tmp___3~0 := #t~nondet10;havoc #t~nondet10;~tmp___4~0 := #t~nondet11;havoc #t~nondet11;~tmp___5~0 := #t~nondet12;havoc #t~nondet12;~tmp___6~0 := #t~nondet13;havoc #t~nondet13;havoc ~tmp___7~0;~tmp___8~0 := #t~nondet14;havoc #t~nondet14;~tmp___9~0 := #t~nondet15;havoc #t~nondet15;~tmp___10~0 := #t~nondet16;havoc #t~nondet16;havoc ~blastFlag~0;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~blastFlag~0 := 0bv32;call write~intINTTYPE4(#t~nondet17, ~s.base, ~bvadd32(92bv32, ~s.offset), 4bv32);havoc #t~nondet17;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~tmp~3 := #t~nondet18;havoc #t~nondet18;~Time~0 := ~tmp~3;~cb~0.base, ~cb~0.offset := 0bv32, 0bv32;~ret~0 := 4294967295bv32;~skip~0 := 0bv32;~got_new_session~0 := 0bv32;call #t~mem19.base, #t~mem19.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32); {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:52,520 INFO L273 TraceCheckUtils]: 8: Hoare triple {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume 0bv32 != ~bvadd32(#t~mem19.base, #t~mem19.offset);havoc #t~mem19.base, #t~mem19.offset;call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32);~cb~0.base, ~cb~0.offset := #t~mem20.base, #t~mem20.offset;havoc #t~mem20.base, #t~mem20.offset; {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:52,522 INFO L273 TraceCheckUtils]: 9: Hoare triple {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem21 := read~intINTTYPE4(~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem21), ~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);havoc #t~mem21; {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:52,523 INFO L273 TraceCheckUtils]: 10: Hoare triple {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 != ~bvand32(12288bv32, ~tmp___1~0)); {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:52,523 INFO L273 TraceCheckUtils]: 11: Hoare triple {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~s.base, ~bvadd32(136bv32, ~s.offset), 4bv32); {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:52,524 INFO L273 TraceCheckUtils]: 12: Hoare triple {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 == ~bvadd32(#t~mem22.base, #t~mem22.offset));havoc #t~mem22.base, #t~mem22.offset; {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:52,524 INFO L273 TraceCheckUtils]: 13: Hoare triple {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume true; {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:52,525 INFO L273 TraceCheckUtils]: 14: Hoare triple {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !false; {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:52,525 INFO L273 TraceCheckUtils]: 15: Hoare triple {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:41:52,526 INFO L273 TraceCheckUtils]: 16: Hoare triple {12282#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12310#(= (_ bv8464 32) |ssl3_accept_#t~mem25|)} is VALID [2018-11-18 21:41:52,526 INFO L273 TraceCheckUtils]: 17: Hoare triple {12310#(= (_ bv8464 32) |ssl3_accept_#t~mem25|)} assume 16384bv32 == #t~mem25;havoc #t~mem25; {12255#false} is VALID [2018-11-18 21:41:52,527 INFO L273 TraceCheckUtils]: 18: Hoare triple {12255#false} call write~intINTTYPE4(1bv32, ~s.base, ~bvadd32(36bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,527 INFO L273 TraceCheckUtils]: 19: Hoare triple {12255#false} assume 0bv32 != ~bvadd32(~cb~0.base, ~cb~0.offset); {12255#false} is VALID [2018-11-18 21:41:52,527 INFO L273 TraceCheckUtils]: 20: Hoare triple {12255#false} call #t~mem59 := read~intINTTYPE4(~s.base, ~s.offset, 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,527 INFO L273 TraceCheckUtils]: 21: Hoare triple {12255#false} assume !(3bv32 != ~bvashr32(#t~mem59, 8bv32));havoc #t~mem59;call write~intINTTYPE4(8192bv32, ~s.base, ~bvadd32(4bv32, ~s.offset), 4bv32);call #t~mem60.base, #t~mem60.offset := read~$Pointer$(~s.base, ~bvadd32(60bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,528 INFO L273 TraceCheckUtils]: 22: Hoare triple {12255#false} assume !(0bv32 == ~bvadd32(#t~mem60.base, #t~mem60.offset));havoc #t~mem60.base, #t~mem60.offset; {12255#false} is VALID [2018-11-18 21:41:52,528 INFO L273 TraceCheckUtils]: 23: Hoare triple {12255#false} assume !(0bv32 == ~tmp___4~0);call write~intINTTYPE4(0bv32, ~s.base, ~bvadd32(64bv32, ~s.offset), 4bv32);call #t~mem62 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,528 INFO L273 TraceCheckUtils]: 24: Hoare triple {12255#false} assume 12292bv32 != #t~mem62;havoc #t~mem62; {12255#false} is VALID [2018-11-18 21:41:52,528 INFO L273 TraceCheckUtils]: 25: Hoare triple {12255#false} assume !(0bv32 == ~tmp___5~0);call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);call #t~mem63.base, #t~mem63.offset := read~$Pointer$(~s.base, ~bvadd32(204bv32, ~s.offset), 4bv32);call #t~mem64 := read~intINTTYPE4(#t~mem63.base, ~bvadd32(72bv32, #t~mem63.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem64), #t~mem63.base, ~bvadd32(72bv32, #t~mem63.offset), 4bv32);havoc #t~mem63.base, #t~mem63.offset;havoc #t~mem64; {12255#false} is VALID [2018-11-18 21:41:52,528 INFO L273 TraceCheckUtils]: 26: Hoare triple {12255#false} call #t~mem127.base, #t~mem127.offset := read~$Pointer$(~s.base, ~bvadd32(84bv32, ~s.offset), 4bv32);call #t~mem128 := read~intINTTYPE4(#t~mem127.base, ~bvadd32(848bv32, #t~mem127.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,529 INFO L273 TraceCheckUtils]: 27: Hoare triple {12255#false} assume !(0bv32 == #t~mem128);havoc #t~mem127.base, #t~mem127.offset;havoc #t~mem128; {12255#false} is VALID [2018-11-18 21:41:52,529 INFO L273 TraceCheckUtils]: 28: Hoare triple {12255#false} ~skip~0 := 0bv32; {12255#false} is VALID [2018-11-18 21:41:52,529 INFO L273 TraceCheckUtils]: 29: Hoare triple {12255#false} assume true; {12255#false} is VALID [2018-11-18 21:41:52,529 INFO L273 TraceCheckUtils]: 30: Hoare triple {12255#false} assume !false; {12255#false} is VALID [2018-11-18 21:41:52,530 INFO L273 TraceCheckUtils]: 31: Hoare triple {12255#false} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,530 INFO L273 TraceCheckUtils]: 32: Hoare triple {12255#false} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,530 INFO L273 TraceCheckUtils]: 33: Hoare triple {12255#false} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,530 INFO L273 TraceCheckUtils]: 34: Hoare triple {12255#false} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,530 INFO L273 TraceCheckUtils]: 35: Hoare triple {12255#false} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,530 INFO L273 TraceCheckUtils]: 36: Hoare triple {12255#false} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,531 INFO L273 TraceCheckUtils]: 37: Hoare triple {12255#false} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,531 INFO L273 TraceCheckUtils]: 38: Hoare triple {12255#false} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,531 INFO L273 TraceCheckUtils]: 39: Hoare triple {12255#false} assume !(8482bv32 == #t~mem31);havoc #t~mem31;call #t~mem32 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,531 INFO L273 TraceCheckUtils]: 40: Hoare triple {12255#false} assume !(8464bv32 == #t~mem32);havoc #t~mem32;call #t~mem33 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,531 INFO L273 TraceCheckUtils]: 41: Hoare triple {12255#false} assume !(8465bv32 == #t~mem33);havoc #t~mem33;call #t~mem34 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,532 INFO L273 TraceCheckUtils]: 42: Hoare triple {12255#false} assume !(8466bv32 == #t~mem34);havoc #t~mem34;call #t~mem35 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,532 INFO L273 TraceCheckUtils]: 43: Hoare triple {12255#false} assume !(8496bv32 == #t~mem35);havoc #t~mem35;call #t~mem36 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,532 INFO L273 TraceCheckUtils]: 44: Hoare triple {12255#false} assume !(8497bv32 == #t~mem36);havoc #t~mem36;call #t~mem37 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,532 INFO L273 TraceCheckUtils]: 45: Hoare triple {12255#false} assume !(8512bv32 == #t~mem37);havoc #t~mem37;call #t~mem38 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,532 INFO L273 TraceCheckUtils]: 46: Hoare triple {12255#false} assume !(8513bv32 == #t~mem38);havoc #t~mem38;call #t~mem39 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,532 INFO L273 TraceCheckUtils]: 47: Hoare triple {12255#false} assume !(8528bv32 == #t~mem39);havoc #t~mem39;call #t~mem40 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,533 INFO L273 TraceCheckUtils]: 48: Hoare triple {12255#false} assume !(8529bv32 == #t~mem40);havoc #t~mem40;call #t~mem41 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,533 INFO L273 TraceCheckUtils]: 49: Hoare triple {12255#false} assume !(8544bv32 == #t~mem41);havoc #t~mem41;call #t~mem42 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,533 INFO L273 TraceCheckUtils]: 50: Hoare triple {12255#false} assume !(8545bv32 == #t~mem42);havoc #t~mem42;call #t~mem43 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,533 INFO L273 TraceCheckUtils]: 51: Hoare triple {12255#false} assume !(8560bv32 == #t~mem43);havoc #t~mem43;call #t~mem44 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,533 INFO L273 TraceCheckUtils]: 52: Hoare triple {12255#false} assume !(8561bv32 == #t~mem44);havoc #t~mem44;call #t~mem45 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,534 INFO L273 TraceCheckUtils]: 53: Hoare triple {12255#false} assume !(8448bv32 == #t~mem45);havoc #t~mem45;call #t~mem46 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,534 INFO L273 TraceCheckUtils]: 54: Hoare triple {12255#false} assume !(8576bv32 == #t~mem46);havoc #t~mem46;call #t~mem47 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,534 INFO L273 TraceCheckUtils]: 55: Hoare triple {12255#false} assume !(8577bv32 == #t~mem47);havoc #t~mem47;call #t~mem48 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,534 INFO L273 TraceCheckUtils]: 56: Hoare triple {12255#false} assume !(8592bv32 == #t~mem48);havoc #t~mem48;call #t~mem49 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,534 INFO L273 TraceCheckUtils]: 57: Hoare triple {12255#false} assume !(8593bv32 == #t~mem49);havoc #t~mem49;call #t~mem50 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,535 INFO L273 TraceCheckUtils]: 58: Hoare triple {12255#false} assume !(8608bv32 == #t~mem50);havoc #t~mem50;call #t~mem51 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,535 INFO L273 TraceCheckUtils]: 59: Hoare triple {12255#false} assume !(8609bv32 == #t~mem51);havoc #t~mem51;call #t~mem52 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {12255#false} is VALID [2018-11-18 21:41:52,535 INFO L273 TraceCheckUtils]: 60: Hoare triple {12255#false} assume 8640bv32 == #t~mem52;havoc #t~mem52; {12255#false} is VALID [2018-11-18 21:41:52,535 INFO L273 TraceCheckUtils]: 61: Hoare triple {12255#false} ~ret~0 := #t~nondet115;havoc #t~nondet115; {12255#false} is VALID [2018-11-18 21:41:52,535 INFO L273 TraceCheckUtils]: 62: Hoare triple {12255#false} assume !(9bv32 == ~blastFlag~0); {12255#false} is VALID [2018-11-18 21:41:52,535 INFO L273 TraceCheckUtils]: 63: Hoare triple {12255#false} assume !false; {12255#false} is VALID [2018-11-18 21:41:52,539 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 5 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-18 21:41:52,539 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-18 21:41:52,545 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-18 21:41:52,546 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-18 21:41:52,546 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 64 [2018-11-18 21:41:52,546 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-18 21:41:52,546 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-18 21:41:52,656 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 64 edges. 64 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:41:52,656 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-18 21:41:52,656 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-18 21:41:52,656 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2018-11-18 21:41:52,657 INFO L87 Difference]: Start difference. First operand 236 states and 380 transitions. Second operand 6 states. [2018-11-18 21:42:08,506 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:42:08,506 INFO L93 Difference]: Finished difference Result 532 states and 859 transitions. [2018-11-18 21:42:08,506 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2018-11-18 21:42:08,507 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 64 [2018-11-18 21:42:08,507 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-18 21:42:08,507 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:42:08,510 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 563 transitions. [2018-11-18 21:42:08,510 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-18 21:42:08,513 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 563 transitions. [2018-11-18 21:42:08,513 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 563 transitions. [2018-11-18 21:42:09,363 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 563 edges. 563 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:42:09,372 INFO L225 Difference]: With dead ends: 532 [2018-11-18 21:42:09,372 INFO L226 Difference]: Without dead ends: 320 [2018-11-18 21:42:09,373 INFO L604 BasicCegarLoop]: 0 DeclaredPredicates, 65 GetRequests, 59 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2018-11-18 21:42:09,373 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 320 states. [2018-11-18 21:42:09,602 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 320 to 236. [2018-11-18 21:42:09,603 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-18 21:42:09,603 INFO L82 GeneralOperation]: Start isEquivalent. First operand 320 states. Second operand 236 states. [2018-11-18 21:42:09,603 INFO L74 IsIncluded]: Start isIncluded. First operand 320 states. Second operand 236 states. [2018-11-18 21:42:09,603 INFO L87 Difference]: Start difference. First operand 320 states. Second operand 236 states. [2018-11-18 21:42:09,610 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:42:09,610 INFO L93 Difference]: Finished difference Result 320 states and 509 transitions. [2018-11-18 21:42:09,610 INFO L276 IsEmpty]: Start isEmpty. Operand 320 states and 509 transitions. [2018-11-18 21:42:09,611 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:42:09,611 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:42:09,611 INFO L74 IsIncluded]: Start isIncluded. First operand 236 states. Second operand 320 states. [2018-11-18 21:42:09,612 INFO L87 Difference]: Start difference. First operand 236 states. Second operand 320 states. [2018-11-18 21:42:09,619 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:42:09,619 INFO L93 Difference]: Finished difference Result 320 states and 509 transitions. [2018-11-18 21:42:09,620 INFO L276 IsEmpty]: Start isEmpty. Operand 320 states and 509 transitions. [2018-11-18 21:42:09,620 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:42:09,621 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:42:09,621 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-18 21:42:09,621 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-18 21:42:09,621 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 236 states. [2018-11-18 21:42:09,626 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 236 states to 236 states and 379 transitions. [2018-11-18 21:42:09,626 INFO L78 Accepts]: Start accepts. Automaton has 236 states and 379 transitions. Word has length 64 [2018-11-18 21:42:09,626 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-18 21:42:09,626 INFO L480 AbstractCegarLoop]: Abstraction has 236 states and 379 transitions. [2018-11-18 21:42:09,626 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-18 21:42:09,627 INFO L276 IsEmpty]: Start isEmpty. Operand 236 states and 379 transitions. [2018-11-18 21:42:09,627 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 65 [2018-11-18 21:42:09,628 INFO L367 BasicCegarLoop]: Found error trace [2018-11-18 21:42:09,628 INFO L375 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-18 21:42:09,628 INFO L423 AbstractCegarLoop]: === Iteration 10 === [ssl3_acceptErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-18 21:42:09,628 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-18 21:42:09,628 INFO L82 PathProgramCache]: Analyzing trace with hash -202541783, now seen corresponding path program 1 times [2018-11-18 21:42:09,629 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-18 21:42:09,629 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 11 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 11 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-18 21:42:09,656 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-18 21:42:09,778 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:42:09,818 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:42:09,819 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-18 21:42:09,858 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-18 21:42:09,863 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-18 21:42:09,865 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:42:09,874 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:09,877 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:09,878 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:13, output treesize:9 [2018-11-18 21:42:09,942 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 15 [2018-11-18 21:42:09,948 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 3 [2018-11-18 21:42:09,949 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:42:09,951 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:09,954 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:09,954 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:19, output treesize:3 [2018-11-18 21:42:09,959 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:42:09,968 INFO L256 TraceCheckUtils]: 0: Hoare triple {13974#true} call ULTIMATE.init(); {13974#true} is VALID [2018-11-18 21:42:09,968 INFO L273 TraceCheckUtils]: 1: Hoare triple {13974#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];~init~0 := 1bv32;call ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset := #Ultimate.alloc(100bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,968 INFO L273 TraceCheckUtils]: 2: Hoare triple {13974#true} assume true; {13974#true} is VALID [2018-11-18 21:42:09,969 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {13974#true} {13974#true} #692#return; {13974#true} is VALID [2018-11-18 21:42:09,969 INFO L256 TraceCheckUtils]: 4: Hoare triple {13974#true} call #t~ret138 := main(); {13974#true} is VALID [2018-11-18 21:42:09,969 INFO L273 TraceCheckUtils]: 5: Hoare triple {13974#true} havoc ~s~0.base, ~s~0.offset;havoc ~tmp~2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(248bv32);~s~0.base, ~s~0.offset := #t~malloc3.base, #t~malloc3.offset;call #t~malloc4.base, #t~malloc4.offset := #Ultimate.alloc(899bv32);call write~$Pointer$(#t~malloc4.base, #t~malloc4.offset, ~s~0.base, ~bvadd32(84bv32, ~s~0.offset), 4bv32);call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(232bv32);call write~$Pointer$(#t~malloc5.base, #t~malloc5.offset, ~s~0.base, ~bvadd32(204bv32, ~s~0.offset), 4bv32);call #t~malloc6.base, #t~malloc6.offset := #Ultimate.alloc(200bv32);call write~$Pointer$(#t~malloc6.base, #t~malloc6.offset, ~s~0.base, ~bvadd32(176bv32, ~s~0.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,969 INFO L256 TraceCheckUtils]: 6: Hoare triple {13974#true} call #t~ret7 := ssl3_accept(~s~0.base, ~s~0.offset); {13974#true} is VALID [2018-11-18 21:42:09,969 INFO L273 TraceCheckUtils]: 7: Hoare triple {13974#true} ~s.base, ~s.offset := #in~s.base, #in~s.offset;havoc ~buf~0.base, ~buf~0.offset;havoc ~l~0;havoc ~Time~0;havoc ~tmp~3;havoc ~cb~0.base, ~cb~0.offset;havoc ~num1~0;havoc ~ret~0;havoc ~new_state~0;havoc ~state~0;havoc ~skip~0;havoc ~got_new_session~0;~tmp___1~0 := #t~nondet8;havoc #t~nondet8;~tmp___2~0 := #t~nondet9;havoc #t~nondet9;~tmp___3~0 := #t~nondet10;havoc #t~nondet10;~tmp___4~0 := #t~nondet11;havoc #t~nondet11;~tmp___5~0 := #t~nondet12;havoc #t~nondet12;~tmp___6~0 := #t~nondet13;havoc #t~nondet13;havoc ~tmp___7~0;~tmp___8~0 := #t~nondet14;havoc #t~nondet14;~tmp___9~0 := #t~nondet15;havoc #t~nondet15;~tmp___10~0 := #t~nondet16;havoc #t~nondet16;havoc ~blastFlag~0;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~blastFlag~0 := 0bv32;call write~intINTTYPE4(#t~nondet17, ~s.base, ~bvadd32(92bv32, ~s.offset), 4bv32);havoc #t~nondet17;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~tmp~3 := #t~nondet18;havoc #t~nondet18;~Time~0 := ~tmp~3;~cb~0.base, ~cb~0.offset := 0bv32, 0bv32;~ret~0 := 4294967295bv32;~skip~0 := 0bv32;~got_new_session~0 := 0bv32;call #t~mem19.base, #t~mem19.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,970 INFO L273 TraceCheckUtils]: 8: Hoare triple {13974#true} assume 0bv32 != ~bvadd32(#t~mem19.base, #t~mem19.offset);havoc #t~mem19.base, #t~mem19.offset;call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32);~cb~0.base, ~cb~0.offset := #t~mem20.base, #t~mem20.offset;havoc #t~mem20.base, #t~mem20.offset; {13974#true} is VALID [2018-11-18 21:42:09,970 INFO L273 TraceCheckUtils]: 9: Hoare triple {13974#true} call #t~mem21 := read~intINTTYPE4(~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem21), ~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);havoc #t~mem21; {13974#true} is VALID [2018-11-18 21:42:09,970 INFO L273 TraceCheckUtils]: 10: Hoare triple {13974#true} assume !(0bv32 != ~bvand32(12288bv32, ~tmp___1~0)); {13974#true} is VALID [2018-11-18 21:42:09,970 INFO L273 TraceCheckUtils]: 11: Hoare triple {13974#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~s.base, ~bvadd32(136bv32, ~s.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,970 INFO L273 TraceCheckUtils]: 12: Hoare triple {13974#true} assume !(0bv32 == ~bvadd32(#t~mem22.base, #t~mem22.offset));havoc #t~mem22.base, #t~mem22.offset; {13974#true} is VALID [2018-11-18 21:42:09,970 INFO L273 TraceCheckUtils]: 13: Hoare triple {13974#true} assume true; {13974#true} is VALID [2018-11-18 21:42:09,971 INFO L273 TraceCheckUtils]: 14: Hoare triple {13974#true} assume !false; {13974#true} is VALID [2018-11-18 21:42:09,971 INFO L273 TraceCheckUtils]: 15: Hoare triple {13974#true} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,971 INFO L273 TraceCheckUtils]: 16: Hoare triple {13974#true} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,971 INFO L273 TraceCheckUtils]: 17: Hoare triple {13974#true} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,971 INFO L273 TraceCheckUtils]: 18: Hoare triple {13974#true} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,971 INFO L273 TraceCheckUtils]: 19: Hoare triple {13974#true} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,971 INFO L273 TraceCheckUtils]: 20: Hoare triple {13974#true} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,971 INFO L273 TraceCheckUtils]: 21: Hoare triple {13974#true} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,972 INFO L273 TraceCheckUtils]: 22: Hoare triple {13974#true} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {13974#true} is VALID [2018-11-18 21:42:09,972 INFO L273 TraceCheckUtils]: 23: Hoare triple {13974#true} assume 8482bv32 == #t~mem31;havoc #t~mem31; {13974#true} is VALID [2018-11-18 21:42:09,973 INFO L273 TraceCheckUtils]: 24: Hoare triple {13974#true} call write~intINTTYPE4(3bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,973 INFO L273 TraceCheckUtils]: 25: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} call #t~mem127.base, #t~mem127.offset := read~$Pointer$(~s.base, ~bvadd32(84bv32, ~s.offset), 4bv32);call #t~mem128 := read~intINTTYPE4(#t~mem127.base, ~bvadd32(848bv32, #t~mem127.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,974 INFO L273 TraceCheckUtils]: 26: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(0bv32 == #t~mem128);havoc #t~mem127.base, #t~mem127.offset;havoc #t~mem128; {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,974 INFO L273 TraceCheckUtils]: 27: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} ~skip~0 := 0bv32; {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,974 INFO L273 TraceCheckUtils]: 28: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume true; {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,974 INFO L273 TraceCheckUtils]: 29: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !false; {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,975 INFO L273 TraceCheckUtils]: 30: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,975 INFO L273 TraceCheckUtils]: 31: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,975 INFO L273 TraceCheckUtils]: 32: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,976 INFO L273 TraceCheckUtils]: 33: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,976 INFO L273 TraceCheckUtils]: 34: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,976 INFO L273 TraceCheckUtils]: 35: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,977 INFO L273 TraceCheckUtils]: 36: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,977 INFO L273 TraceCheckUtils]: 37: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,978 INFO L273 TraceCheckUtils]: 38: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8482bv32 == #t~mem31);havoc #t~mem31;call #t~mem32 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,978 INFO L273 TraceCheckUtils]: 39: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8464bv32 == #t~mem32);havoc #t~mem32;call #t~mem33 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,979 INFO L273 TraceCheckUtils]: 40: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8465bv32 == #t~mem33);havoc #t~mem33;call #t~mem34 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,979 INFO L273 TraceCheckUtils]: 41: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8466bv32 == #t~mem34);havoc #t~mem34;call #t~mem35 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,980 INFO L273 TraceCheckUtils]: 42: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8496bv32 == #t~mem35);havoc #t~mem35;call #t~mem36 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,980 INFO L273 TraceCheckUtils]: 43: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8497bv32 == #t~mem36);havoc #t~mem36;call #t~mem37 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,981 INFO L273 TraceCheckUtils]: 44: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8512bv32 == #t~mem37);havoc #t~mem37;call #t~mem38 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,981 INFO L273 TraceCheckUtils]: 45: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8513bv32 == #t~mem38);havoc #t~mem38;call #t~mem39 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,982 INFO L273 TraceCheckUtils]: 46: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8528bv32 == #t~mem39);havoc #t~mem39;call #t~mem40 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,982 INFO L273 TraceCheckUtils]: 47: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8529bv32 == #t~mem40);havoc #t~mem40;call #t~mem41 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,983 INFO L273 TraceCheckUtils]: 48: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8544bv32 == #t~mem41);havoc #t~mem41;call #t~mem42 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,983 INFO L273 TraceCheckUtils]: 49: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8545bv32 == #t~mem42);havoc #t~mem42;call #t~mem43 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,984 INFO L273 TraceCheckUtils]: 50: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8560bv32 == #t~mem43);havoc #t~mem43;call #t~mem44 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,985 INFO L273 TraceCheckUtils]: 51: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8561bv32 == #t~mem44);havoc #t~mem44;call #t~mem45 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,985 INFO L273 TraceCheckUtils]: 52: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8448bv32 == #t~mem45);havoc #t~mem45;call #t~mem46 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,986 INFO L273 TraceCheckUtils]: 53: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8576bv32 == #t~mem46);havoc #t~mem46;call #t~mem47 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,986 INFO L273 TraceCheckUtils]: 54: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8577bv32 == #t~mem47);havoc #t~mem47;call #t~mem48 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,987 INFO L273 TraceCheckUtils]: 55: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8592bv32 == #t~mem48);havoc #t~mem48;call #t~mem49 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,987 INFO L273 TraceCheckUtils]: 56: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8593bv32 == #t~mem49);havoc #t~mem49;call #t~mem50 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,988 INFO L273 TraceCheckUtils]: 57: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8608bv32 == #t~mem50);havoc #t~mem50;call #t~mem51 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,988 INFO L273 TraceCheckUtils]: 58: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8609bv32 == #t~mem51);havoc #t~mem51;call #t~mem52 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} is VALID [2018-11-18 21:42:09,989 INFO L273 TraceCheckUtils]: 59: Hoare triple {14051#(= (_ bv3 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32))))} assume !(8640bv32 == #t~mem52);havoc #t~mem52;call #t~mem53 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {14157#(= (bvadd |ssl3_accept_#t~mem53| (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-18 21:42:09,990 INFO L273 TraceCheckUtils]: 60: Hoare triple {14157#(= (bvadd |ssl3_accept_#t~mem53| (_ bv4294967293 32)) (_ bv0 32))} assume 8641bv32 == #t~mem53;havoc #t~mem53; {13975#false} is VALID [2018-11-18 21:42:09,990 INFO L273 TraceCheckUtils]: 61: Hoare triple {13975#false} ~ret~0 := #t~nondet115;havoc #t~nondet115; {13975#false} is VALID [2018-11-18 21:42:09,990 INFO L273 TraceCheckUtils]: 62: Hoare triple {13975#false} assume !(9bv32 == ~blastFlag~0); {13975#false} is VALID [2018-11-18 21:42:09,990 INFO L273 TraceCheckUtils]: 63: Hoare triple {13975#false} assume !false; {13975#false} is VALID [2018-11-18 21:42:09,997 INFO L134 CoverageAnalysis]: Checked inductivity of 11 backedges. 11 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-18 21:42:09,997 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-18 21:42:09,999 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-18 21:42:09,999 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2018-11-18 21:42:09,999 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 64 [2018-11-18 21:42:09,999 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-18 21:42:09,999 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2018-11-18 21:42:10,108 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 64 edges. 64 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:42:10,108 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2018-11-18 21:42:10,108 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2018-11-18 21:42:10,108 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2018-11-18 21:42:10,109 INFO L87 Difference]: Start difference. First operand 236 states and 379 transitions. Second operand 4 states. [2018-11-18 21:42:21,928 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:42:21,928 INFO L93 Difference]: Finished difference Result 513 states and 819 transitions. [2018-11-18 21:42:21,928 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2018-11-18 21:42:21,928 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 64 [2018-11-18 21:42:21,928 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-18 21:42:21,929 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-18 21:42:21,932 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 584 transitions. [2018-11-18 21:42:21,932 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-18 21:42:21,934 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 584 transitions. [2018-11-18 21:42:21,934 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 584 transitions. [2018-11-18 21:42:22,780 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 584 edges. 584 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:42:22,788 INFO L225 Difference]: With dead ends: 513 [2018-11-18 21:42:22,788 INFO L226 Difference]: Without dead ends: 301 [2018-11-18 21:42:22,788 INFO L604 BasicCegarLoop]: 0 DeclaredPredicates, 64 GetRequests, 61 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2018-11-18 21:42:22,789 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 301 states. [2018-11-18 21:42:23,080 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 301 to 196. [2018-11-18 21:42:23,081 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-18 21:42:23,081 INFO L82 GeneralOperation]: Start isEquivalent. First operand 301 states. Second operand 196 states. [2018-11-18 21:42:23,081 INFO L74 IsIncluded]: Start isIncluded. First operand 301 states. Second operand 196 states. [2018-11-18 21:42:23,081 INFO L87 Difference]: Start difference. First operand 301 states. Second operand 196 states. [2018-11-18 21:42:23,088 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:42:23,088 INFO L93 Difference]: Finished difference Result 301 states and 469 transitions. [2018-11-18 21:42:23,088 INFO L276 IsEmpty]: Start isEmpty. Operand 301 states and 469 transitions. [2018-11-18 21:42:23,089 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:42:23,089 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:42:23,089 INFO L74 IsIncluded]: Start isIncluded. First operand 196 states. Second operand 301 states. [2018-11-18 21:42:23,090 INFO L87 Difference]: Start difference. First operand 196 states. Second operand 301 states. [2018-11-18 21:42:23,097 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-18 21:42:23,097 INFO L93 Difference]: Finished difference Result 301 states and 469 transitions. [2018-11-18 21:42:23,097 INFO L276 IsEmpty]: Start isEmpty. Operand 301 states and 469 transitions. [2018-11-18 21:42:23,098 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-18 21:42:23,098 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-18 21:42:23,098 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-18 21:42:23,098 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-18 21:42:23,099 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 196 states. [2018-11-18 21:42:23,103 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 196 states to 196 states and 306 transitions. [2018-11-18 21:42:23,103 INFO L78 Accepts]: Start accepts. Automaton has 196 states and 306 transitions. Word has length 64 [2018-11-18 21:42:23,103 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-18 21:42:23,103 INFO L480 AbstractCegarLoop]: Abstraction has 196 states and 306 transitions. [2018-11-18 21:42:23,103 INFO L481 AbstractCegarLoop]: Interpolant automaton has 4 states. [2018-11-18 21:42:23,103 INFO L276 IsEmpty]: Start isEmpty. Operand 196 states and 306 transitions. [2018-11-18 21:42:23,104 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 66 [2018-11-18 21:42:23,104 INFO L367 BasicCegarLoop]: Found error trace [2018-11-18 21:42:23,104 INFO L375 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-18 21:42:23,105 INFO L423 AbstractCegarLoop]: === Iteration 11 === [ssl3_acceptErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-18 21:42:23,105 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-18 21:42:23,105 INFO L82 PathProgramCache]: Analyzing trace with hash -440666397, now seen corresponding path program 1 times [2018-11-18 21:42:23,105 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-18 21:42:23,106 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 12 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 12 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-18 21:42:23,135 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-18 21:42:23,332 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:42:23,386 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-18 21:42:23,387 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-18 21:42:23,431 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 20 [2018-11-18 21:42:23,440 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 23 [2018-11-18 21:42:23,451 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:42:23,456 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 33 [2018-11-18 21:42:23,465 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:42:23,469 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 27 [2018-11-18 21:42:23,473 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-18 21:42:23,486 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:23,496 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:23,507 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:23,524 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:23,524 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:27, output treesize:13 [2018-11-18 21:42:23,545 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:42:23,585 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:42:23,586 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 38 [2018-11-18 21:42:23,594 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:42:23,597 INFO L700 Elim1Store]: detected not equals via solver [2018-11-18 21:42:23,601 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 35 [2018-11-18 21:42:23,634 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:42:23,641 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:23,653 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:23,654 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:34, output treesize:13 [2018-11-18 21:42:25,667 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:42:25,713 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-18 21:42:25,719 INFO L477 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-18 21:42:25,722 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-18 21:42:25,725 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:25,727 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-18 21:42:25,727 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-18 21:42:25,734 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-18 21:42:25,850 INFO L256 TraceCheckUtils]: 0: Hoare triple {15593#true} call ULTIMATE.init(); {15593#true} is VALID [2018-11-18 21:42:25,850 INFO L273 TraceCheckUtils]: 1: Hoare triple {15593#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];~init~0 := 1bv32;call ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset := #Ultimate.alloc(100bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~unchecked~intINTTYPE4(0bv32, ~#SSLv3_server_data~0.base, ~#SSLv3_server_data~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(4bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(8bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(12bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(16bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(20bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(24bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(28bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(32bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(36bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(40bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(44bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(48bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(52bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(56bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(60bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(64bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(68bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(72bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(76bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(80bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(84bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(88bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(92bv32, ~#SSLv3_server_data~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#SSLv3_server_data~0.base, ~bvadd32(96bv32, ~#SSLv3_server_data~0.offset), 4bv32); {15593#true} is VALID [2018-11-18 21:42:25,850 INFO L273 TraceCheckUtils]: 2: Hoare triple {15593#true} assume true; {15593#true} is VALID [2018-11-18 21:42:25,850 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {15593#true} {15593#true} #692#return; {15593#true} is VALID [2018-11-18 21:42:25,850 INFO L256 TraceCheckUtils]: 4: Hoare triple {15593#true} call #t~ret138 := main(); {15593#true} is VALID [2018-11-18 21:42:25,852 INFO L273 TraceCheckUtils]: 5: Hoare triple {15593#true} havoc ~s~0.base, ~s~0.offset;havoc ~tmp~2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(248bv32);~s~0.base, ~s~0.offset := #t~malloc3.base, #t~malloc3.offset;call #t~malloc4.base, #t~malloc4.offset := #Ultimate.alloc(899bv32);call write~$Pointer$(#t~malloc4.base, #t~malloc4.offset, ~s~0.base, ~bvadd32(84bv32, ~s~0.offset), 4bv32);call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(232bv32);call write~$Pointer$(#t~malloc5.base, #t~malloc5.offset, ~s~0.base, ~bvadd32(204bv32, ~s~0.offset), 4bv32);call #t~malloc6.base, #t~malloc6.offset := #Ultimate.alloc(200bv32);call write~$Pointer$(#t~malloc6.base, #t~malloc6.offset, ~s~0.base, ~bvadd32(176bv32, ~s~0.offset), 4bv32); {15613#(= main_~s~0.offset (_ bv0 32))} is VALID [2018-11-18 21:42:25,853 INFO L256 TraceCheckUtils]: 6: Hoare triple {15613#(= main_~s~0.offset (_ bv0 32))} call #t~ret7 := ssl3_accept(~s~0.base, ~s~0.offset); {15617#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} is VALID [2018-11-18 21:42:25,856 INFO L273 TraceCheckUtils]: 7: Hoare triple {15617#(= (_ bv0 32) |ssl3_accept_#in~s.offset|)} ~s.base, ~s.offset := #in~s.base, #in~s.offset;havoc ~buf~0.base, ~buf~0.offset;havoc ~l~0;havoc ~Time~0;havoc ~tmp~3;havoc ~cb~0.base, ~cb~0.offset;havoc ~num1~0;havoc ~ret~0;havoc ~new_state~0;havoc ~state~0;havoc ~skip~0;havoc ~got_new_session~0;~tmp___1~0 := #t~nondet8;havoc #t~nondet8;~tmp___2~0 := #t~nondet9;havoc #t~nondet9;~tmp___3~0 := #t~nondet10;havoc #t~nondet10;~tmp___4~0 := #t~nondet11;havoc #t~nondet11;~tmp___5~0 := #t~nondet12;havoc #t~nondet12;~tmp___6~0 := #t~nondet13;havoc #t~nondet13;havoc ~tmp___7~0;~tmp___8~0 := #t~nondet14;havoc #t~nondet14;~tmp___9~0 := #t~nondet15;havoc #t~nondet15;~tmp___10~0 := #t~nondet16;havoc #t~nondet16;havoc ~blastFlag~0;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~blastFlag~0 := 0bv32;call write~intINTTYPE4(#t~nondet17, ~s.base, ~bvadd32(92bv32, ~s.offset), 4bv32);havoc #t~nondet17;call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~tmp~3 := #t~nondet18;havoc #t~nondet18;~Time~0 := ~tmp~3;~cb~0.base, ~cb~0.offset := 0bv32, 0bv32;~ret~0 := 4294967295bv32;~skip~0 := 0bv32;~got_new_session~0 := 0bv32;call #t~mem19.base, #t~mem19.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32); {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:42:25,862 INFO L273 TraceCheckUtils]: 8: Hoare triple {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume 0bv32 != ~bvadd32(#t~mem19.base, #t~mem19.offset);havoc #t~mem19.base, #t~mem19.offset;call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~s.base, ~bvadd32(192bv32, ~s.offset), 4bv32);~cb~0.base, ~cb~0.offset := #t~mem20.base, #t~mem20.offset;havoc #t~mem20.base, #t~mem20.offset; {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:42:25,864 INFO L273 TraceCheckUtils]: 9: Hoare triple {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem21 := read~intINTTYPE4(~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem21), ~s.base, ~bvadd32(28bv32, ~s.offset), 4bv32);havoc #t~mem21; {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:42:25,865 INFO L273 TraceCheckUtils]: 10: Hoare triple {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 != ~bvand32(12288bv32, ~tmp___1~0)); {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:42:25,865 INFO L273 TraceCheckUtils]: 11: Hoare triple {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~s.base, ~bvadd32(136bv32, ~s.offset), 4bv32); {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:42:25,867 INFO L273 TraceCheckUtils]: 12: Hoare triple {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(0bv32 == ~bvadd32(#t~mem22.base, #t~mem22.offset));havoc #t~mem22.base, #t~mem22.offset; {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:42:25,867 INFO L273 TraceCheckUtils]: 13: Hoare triple {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume true; {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:42:25,869 INFO L273 TraceCheckUtils]: 14: Hoare triple {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !false; {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:42:25,869 INFO L273 TraceCheckUtils]: 15: Hoare triple {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:42:25,871 INFO L273 TraceCheckUtils]: 16: Hoare triple {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} is VALID [2018-11-18 21:42:25,871 INFO L273 TraceCheckUtils]: 17: Hoare triple {15621#(and (= ssl3_accept_~s.offset (_ bv0 32)) (= (_ bv8464 32) (select (select |#memory_int| ssl3_accept_~s.base) (bvadd ssl3_accept_~s.offset (_ bv52 32)))))} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15652#(= (bvadd |ssl3_accept_#t~mem26| (_ bv4294958832 32)) (_ bv0 32))} is VALID [2018-11-18 21:42:25,873 INFO L273 TraceCheckUtils]: 18: Hoare triple {15652#(= (bvadd |ssl3_accept_#t~mem26| (_ bv4294958832 32)) (_ bv0 32))} assume 8192bv32 == #t~mem26;havoc #t~mem26; {15594#false} is VALID [2018-11-18 21:42:25,873 INFO L273 TraceCheckUtils]: 19: Hoare triple {15594#false} call write~intINTTYPE4(1bv32, ~s.base, ~bvadd32(36bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,873 INFO L273 TraceCheckUtils]: 20: Hoare triple {15594#false} assume 0bv32 != ~bvadd32(~cb~0.base, ~cb~0.offset); {15594#false} is VALID [2018-11-18 21:42:25,874 INFO L273 TraceCheckUtils]: 21: Hoare triple {15594#false} call #t~mem59 := read~intINTTYPE4(~s.base, ~s.offset, 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,874 INFO L273 TraceCheckUtils]: 22: Hoare triple {15594#false} assume !(3bv32 != ~bvashr32(#t~mem59, 8bv32));havoc #t~mem59;call write~intINTTYPE4(8192bv32, ~s.base, ~bvadd32(4bv32, ~s.offset), 4bv32);call #t~mem60.base, #t~mem60.offset := read~$Pointer$(~s.base, ~bvadd32(60bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,874 INFO L273 TraceCheckUtils]: 23: Hoare triple {15594#false} assume !(0bv32 == ~bvadd32(#t~mem60.base, #t~mem60.offset));havoc #t~mem60.base, #t~mem60.offset; {15594#false} is VALID [2018-11-18 21:42:25,875 INFO L273 TraceCheckUtils]: 24: Hoare triple {15594#false} assume !(0bv32 == ~tmp___4~0);call write~intINTTYPE4(0bv32, ~s.base, ~bvadd32(64bv32, ~s.offset), 4bv32);call #t~mem62 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,875 INFO L273 TraceCheckUtils]: 25: Hoare triple {15594#false} assume 12292bv32 != #t~mem62;havoc #t~mem62; {15594#false} is VALID [2018-11-18 21:42:25,875 INFO L273 TraceCheckUtils]: 26: Hoare triple {15594#false} assume !(0bv32 == ~tmp___5~0);call write~intINTTYPE4(8464bv32, ~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);call #t~mem63.base, #t~mem63.offset := read~$Pointer$(~s.base, ~bvadd32(204bv32, ~s.offset), 4bv32);call #t~mem64 := read~intINTTYPE4(#t~mem63.base, ~bvadd32(72bv32, #t~mem63.offset), 4bv32);call write~intINTTYPE4(~bvadd32(1bv32, #t~mem64), #t~mem63.base, ~bvadd32(72bv32, #t~mem63.offset), 4bv32);havoc #t~mem63.base, #t~mem63.offset;havoc #t~mem64; {15594#false} is VALID [2018-11-18 21:42:25,875 INFO L273 TraceCheckUtils]: 27: Hoare triple {15594#false} call #t~mem127.base, #t~mem127.offset := read~$Pointer$(~s.base, ~bvadd32(84bv32, ~s.offset), 4bv32);call #t~mem128 := read~intINTTYPE4(#t~mem127.base, ~bvadd32(848bv32, #t~mem127.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,876 INFO L273 TraceCheckUtils]: 28: Hoare triple {15594#false} assume !(0bv32 == #t~mem128);havoc #t~mem127.base, #t~mem127.offset;havoc #t~mem128; {15594#false} is VALID [2018-11-18 21:42:25,876 INFO L273 TraceCheckUtils]: 29: Hoare triple {15594#false} ~skip~0 := 0bv32; {15594#false} is VALID [2018-11-18 21:42:25,876 INFO L273 TraceCheckUtils]: 30: Hoare triple {15594#false} assume true; {15594#false} is VALID [2018-11-18 21:42:25,876 INFO L273 TraceCheckUtils]: 31: Hoare triple {15594#false} assume !false; {15594#false} is VALID [2018-11-18 21:42:25,877 INFO L273 TraceCheckUtils]: 32: Hoare triple {15594#false} call #t~mem23 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32);~state~0 := #t~mem23;havoc #t~mem23;call #t~mem24 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,877 INFO L273 TraceCheckUtils]: 33: Hoare triple {15594#false} assume !(12292bv32 == #t~mem24);havoc #t~mem24;call #t~mem25 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,877 INFO L273 TraceCheckUtils]: 34: Hoare triple {15594#false} assume !(16384bv32 == #t~mem25);havoc #t~mem25;call #t~mem26 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,877 INFO L273 TraceCheckUtils]: 35: Hoare triple {15594#false} assume !(8192bv32 == #t~mem26);havoc #t~mem26;call #t~mem27 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,877 INFO L273 TraceCheckUtils]: 36: Hoare triple {15594#false} assume !(24576bv32 == #t~mem27);havoc #t~mem27;call #t~mem28 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,877 INFO L273 TraceCheckUtils]: 37: Hoare triple {15594#false} assume !(8195bv32 == #t~mem28);havoc #t~mem28;call #t~mem29 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,878 INFO L273 TraceCheckUtils]: 38: Hoare triple {15594#false} assume !(8480bv32 == #t~mem29);havoc #t~mem29;call #t~mem30 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,878 INFO L273 TraceCheckUtils]: 39: Hoare triple {15594#false} assume !(8481bv32 == #t~mem30);havoc #t~mem30;call #t~mem31 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,878 INFO L273 TraceCheckUtils]: 40: Hoare triple {15594#false} assume !(8482bv32 == #t~mem31);havoc #t~mem31;call #t~mem32 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,878 INFO L273 TraceCheckUtils]: 41: Hoare triple {15594#false} assume !(8464bv32 == #t~mem32);havoc #t~mem32;call #t~mem33 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,878 INFO L273 TraceCheckUtils]: 42: Hoare triple {15594#false} assume !(8465bv32 == #t~mem33);havoc #t~mem33;call #t~mem34 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,878 INFO L273 TraceCheckUtils]: 43: Hoare triple {15594#false} assume !(8466bv32 == #t~mem34);havoc #t~mem34;call #t~mem35 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,879 INFO L273 TraceCheckUtils]: 44: Hoare triple {15594#false} assume !(8496bv32 == #t~mem35);havoc #t~mem35;call #t~mem36 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,879 INFO L273 TraceCheckUtils]: 45: Hoare triple {15594#false} assume !(8497bv32 == #t~mem36);havoc #t~mem36;call #t~mem37 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,879 INFO L273 TraceCheckUtils]: 46: Hoare triple {15594#false} assume !(8512bv32 == #t~mem37);havoc #t~mem37;call #t~mem38 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,879 INFO L273 TraceCheckUtils]: 47: Hoare triple {15594#false} assume !(8513bv32 == #t~mem38);havoc #t~mem38;call #t~mem39 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,879 INFO L273 TraceCheckUtils]: 48: Hoare triple {15594#false} assume !(8528bv32 == #t~mem39);havoc #t~mem39;call #t~mem40 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,879 INFO L273 TraceCheckUtils]: 49: Hoare triple {15594#false} assume !(8529bv32 == #t~mem40);havoc #t~mem40;call #t~mem41 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,880 INFO L273 TraceCheckUtils]: 50: Hoare triple {15594#false} assume !(8544bv32 == #t~mem41);havoc #t~mem41;call #t~mem42 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,880 INFO L273 TraceCheckUtils]: 51: Hoare triple {15594#false} assume !(8545bv32 == #t~mem42);havoc #t~mem42;call #t~mem43 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,880 INFO L273 TraceCheckUtils]: 52: Hoare triple {15594#false} assume !(8560bv32 == #t~mem43);havoc #t~mem43;call #t~mem44 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,880 INFO L273 TraceCheckUtils]: 53: Hoare triple {15594#false} assume !(8561bv32 == #t~mem44);havoc #t~mem44;call #t~mem45 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,880 INFO L273 TraceCheckUtils]: 54: Hoare triple {15594#false} assume !(8448bv32 == #t~mem45);havoc #t~mem45;call #t~mem46 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,881 INFO L273 TraceCheckUtils]: 55: Hoare triple {15594#false} assume !(8576bv32 == #t~mem46);havoc #t~mem46;call #t~mem47 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,881 INFO L273 TraceCheckUtils]: 56: Hoare triple {15594#false} assume !(8577bv32 == #t~mem47);havoc #t~mem47;call #t~mem48 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,881 INFO L273 TraceCheckUtils]: 57: Hoare triple {15594#false} assume !(8592bv32 == #t~mem48);havoc #t~mem48;call #t~mem49 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,881 INFO L273 TraceCheckUtils]: 58: Hoare triple {15594#false} assume !(8593bv32 == #t~mem49);havoc #t~mem49;call #t~mem50 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,881 INFO L273 TraceCheckUtils]: 59: Hoare triple {15594#false} assume !(8608bv32 == #t~mem50);havoc #t~mem50;call #t~mem51 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,881 INFO L273 TraceCheckUtils]: 60: Hoare triple {15594#false} assume !(8609bv32 == #t~mem51);havoc #t~mem51;call #t~mem52 := read~intINTTYPE4(~s.base, ~bvadd32(52bv32, ~s.offset), 4bv32); {15594#false} is VALID [2018-11-18 21:42:25,882 INFO L273 TraceCheckUtils]: 61: Hoare triple {15594#false} assume 8640bv32 == #t~mem52;havoc #t~mem52; {15594#false} is VALID [2018-11-18 21:42:25,882 INFO L273 TraceCheckUtils]: 62: Hoare triple {15594#false} ~ret~0 := #t~nondet115;havoc #t~nondet115; {15594#false} is VALID [2018-11-18 21:42:25,882 INFO L273 TraceCheckUtils]: 63: Hoare triple {15594#false} assume !(9bv32 == ~blastFlag~0); {15594#false} is VALID [2018-11-18 21:42:25,882 INFO L273 TraceCheckUtils]: 64: Hoare triple {15594#false} assume !false; {15594#false} is VALID [2018-11-18 21:42:25,886 INFO L134 CoverageAnalysis]: Checked inductivity of 6 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-18 21:42:25,886 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-18 21:42:25,892 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-18 21:42:25,892 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-18 21:42:25,893 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 65 [2018-11-18 21:42:25,893 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-18 21:42:25,893 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-18 21:42:26,048 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 65 edges. 65 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-18 21:42:26,049 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-18 21:42:26,049 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-18 21:42:26,049 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2018-11-18 21:42:26,049 INFO L87 Difference]: Start difference. First operand 196 states and 306 transitions. Second operand 6 states.