java -ea -Xmx8000000000 -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc ../../../trunk/examples/toolchains/AutomizerCInline_WitnessPrinter.xml -s ../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf -i ../../../trunk/examples/svcomp/heap-manipulation/dancing_true-unreach-call_false-valid-memtrack.i -------------------------------------------------------------------------------- This is Ultimate 0.1.23-61f4311 [2018-11-23 11:04:11,349 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-11-23 11:04:11,351 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-11-23 11:04:11,363 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-11-23 11:04:11,363 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-11-23 11:04:11,365 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-11-23 11:04:11,366 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-11-23 11:04:11,368 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-11-23 11:04:11,370 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-11-23 11:04:11,371 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-11-23 11:04:11,373 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-11-23 11:04:11,373 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-11-23 11:04:11,374 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2018-11-23 11:04:11,375 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-11-23 11:04:11,377 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2018-11-23 11:04:11,378 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-11-23 11:04:11,379 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-11-23 11:04:11,381 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-11-23 11:04:11,384 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-11-23 11:04:11,386 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-11-23 11:04:11,387 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-11-23 11:04:11,389 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-11-23 11:04:11,393 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-11-23 11:04:11,393 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-11-23 11:04:11,393 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2018-11-23 11:04:11,395 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-11-23 11:04:11,396 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-11-23 11:04:11,397 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2018-11-23 11:04:11,398 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-11-23 11:04:11,400 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-11-23 11:04:11,400 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-11-23 11:04:11,401 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-11-23 11:04:11,401 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2018-11-23 11:04:11,402 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2018-11-23 11:04:11,403 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-11-23 11:04:11,404 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-11-23 11:04:11,404 INFO L98 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf [2018-11-23 11:04:11,422 INFO L110 SettingsManager]: Loading preferences was successful [2018-11-23 11:04:11,422 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-11-23 11:04:11,423 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-11-23 11:04:11,424 INFO L133 SettingsManager]: * ... calls to implemented procedures=ONLY_FOR_CONCURRENT_PROGRAMS [2018-11-23 11:04:11,424 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2018-11-23 11:04:11,425 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2018-11-23 11:04:11,425 INFO L133 SettingsManager]: * Use SBE=true [2018-11-23 11:04:11,426 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-11-23 11:04:11,426 INFO L133 SettingsManager]: * sizeof long=4 [2018-11-23 11:04:11,426 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-11-23 11:04:11,426 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-11-23 11:04:11,427 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2018-11-23 11:04:11,427 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-11-23 11:04:11,427 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2018-11-23 11:04:11,428 INFO L133 SettingsManager]: * Use bitvectors instead of ints=true [2018-11-23 11:04:11,428 INFO L133 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2018-11-23 11:04:11,428 INFO L133 SettingsManager]: * sizeof long double=12 [2018-11-23 11:04:11,429 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2018-11-23 11:04:11,429 INFO L133 SettingsManager]: * Use constant arrays=true [2018-11-23 11:04:11,429 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2018-11-23 11:04:11,430 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-11-23 11:04:11,430 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-11-23 11:04:11,430 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-11-23 11:04:11,431 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-11-23 11:04:11,431 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:04:11,431 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-11-23 11:04:11,432 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-11-23 11:04:11,432 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-11-23 11:04:11,432 INFO L133 SettingsManager]: * Trace refinement strategy=WOLF [2018-11-23 11:04:11,432 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-11-23 11:04:11,433 INFO L133 SettingsManager]: * Command for external solver=cvc4nyu --tear-down-incremental --rewrite-divk --print-success --lang smt [2018-11-23 11:04:11,433 INFO L133 SettingsManager]: * Logic for external solver=AUFBV [2018-11-23 11:04:11,433 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2018-11-23 11:04:11,482 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-11-23 11:04:11,506 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2018-11-23 11:04:11,510 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2018-11-23 11:04:11,512 INFO L271 PluginConnector]: Initializing CDTParser... [2018-11-23 11:04:11,512 INFO L276 PluginConnector]: CDTParser initialized [2018-11-23 11:04:11,513 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/heap-manipulation/dancing_true-unreach-call_false-valid-memtrack.i [2018-11-23 11:04:11,590 INFO L221 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5b13d9847/36bd7690c4654b3581f6fb4b46088c3c/FLAGf10fc3250 [2018-11-23 11:04:12,131 INFO L307 CDTParser]: Found 1 translation units. [2018-11-23 11:04:12,132 INFO L161 CDTParser]: Scanning /storage/repos/ultimate/trunk/examples/svcomp/heap-manipulation/dancing_true-unreach-call_false-valid-memtrack.i [2018-11-23 11:04:12,149 INFO L355 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5b13d9847/36bd7690c4654b3581f6fb4b46088c3c/FLAGf10fc3250 [2018-11-23 11:04:12,397 INFO L363 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5b13d9847/36bd7690c4654b3581f6fb4b46088c3c [2018-11-23 11:04:12,411 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-11-23 11:04:12,413 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2018-11-23 11:04:12,414 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-11-23 11:04:12,414 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-11-23 11:04:12,421 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-11-23 11:04:12,423 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:04:12" (1/1) ... [2018-11-23 11:04:12,426 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@29b7542c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:12, skipping insertion in model container [2018-11-23 11:04:12,426 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:04:12" (1/1) ... [2018-11-23 11:04:12,437 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2018-11-23 11:04:12,503 INFO L176 MainTranslator]: Built tables and reachable declarations [2018-11-23 11:04:12,969 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:04:12,989 INFO L191 MainTranslator]: Completed pre-run [2018-11-23 11:04:13,071 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:04:13,145 INFO L195 MainTranslator]: Completed translation [2018-11-23 11:04:13,145 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13 WrapperNode [2018-11-23 11:04:13,145 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-11-23 11:04:13,146 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2018-11-23 11:04:13,147 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2018-11-23 11:04:13,147 INFO L276 PluginConnector]: Boogie Procedure Inliner initialized [2018-11-23 11:04:13,230 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13" (1/1) ... [2018-11-23 11:04:13,257 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13" (1/1) ... [2018-11-23 11:04:13,266 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2018-11-23 11:04:13,266 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-11-23 11:04:13,266 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-11-23 11:04:13,266 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-11-23 11:04:13,275 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13" (1/1) ... [2018-11-23 11:04:13,275 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13" (1/1) ... [2018-11-23 11:04:13,280 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13" (1/1) ... [2018-11-23 11:04:13,280 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13" (1/1) ... [2018-11-23 11:04:13,301 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13" (1/1) ... [2018-11-23 11:04:13,310 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13" (1/1) ... [2018-11-23 11:04:13,319 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13" (1/1) ... [2018-11-23 11:04:13,325 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-11-23 11:04:13,326 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-11-23 11:04:13,326 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-11-23 11:04:13,326 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-11-23 11:04:13,327 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:04:13,389 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-11-23 11:04:13,389 INFO L130 BoogieDeclarations]: Found specification of procedure is_list_containing_x [2018-11-23 11:04:13,389 INFO L138 BoogieDeclarations]: Found implementation of procedure is_list_containing_x [2018-11-23 11:04:13,390 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_assert [2018-11-23 11:04:13,390 INFO L138 BoogieDeclarations]: Found implementation of procedure __VERIFIER_assert [2018-11-23 11:04:13,390 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-11-23 11:04:13,390 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-11-23 11:04:13,390 INFO L130 BoogieDeclarations]: Found specification of procedure re_insert [2018-11-23 11:04:13,390 INFO L138 BoogieDeclarations]: Found implementation of procedure re_insert [2018-11-23 11:04:13,391 INFO L130 BoogieDeclarations]: Found specification of procedure main [2018-11-23 11:04:13,391 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2018-11-23 11:04:13,391 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2018-11-23 11:04:13,391 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2018-11-23 11:04:13,391 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2018-11-23 11:04:13,392 INFO L130 BoogieDeclarations]: Found specification of procedure remove [2018-11-23 11:04:13,392 INFO L138 BoogieDeclarations]: Found implementation of procedure remove [2018-11-23 11:04:13,392 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-11-23 11:04:13,392 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-11-23 11:04:14,354 INFO L275 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-11-23 11:04:14,355 INFO L280 CfgBuilder]: Removed 1 assue(true) statements. [2018-11-23 11:04:14,358 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:04:14 BoogieIcfgContainer [2018-11-23 11:04:14,358 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-11-23 11:04:14,359 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2018-11-23 11:04:14,360 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2018-11-23 11:04:14,363 INFO L276 PluginConnector]: TraceAbstraction initialized [2018-11-23 11:04:14,364 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 23.11 11:04:12" (1/3) ... [2018-11-23 11:04:14,365 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2fce29da and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:04:14, skipping insertion in model container [2018-11-23 11:04:14,365 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:04:13" (2/3) ... [2018-11-23 11:04:14,365 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2fce29da and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:04:14, skipping insertion in model container [2018-11-23 11:04:14,365 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:04:14" (3/3) ... [2018-11-23 11:04:14,368 INFO L112 eAbstractionObserver]: Analyzing ICFG dancing_true-unreach-call_false-valid-memtrack.i [2018-11-23 11:04:14,380 INFO L156 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2018-11-23 11:04:14,391 INFO L168 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2018-11-23 11:04:14,412 INFO L257 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2018-11-23 11:04:14,459 INFO L133 ementStrategyFactory]: Using default assertion order modulation [2018-11-23 11:04:14,460 INFO L382 AbstractCegarLoop]: Interprodecural is true [2018-11-23 11:04:14,460 INFO L383 AbstractCegarLoop]: Hoare is true [2018-11-23 11:04:14,460 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2018-11-23 11:04:14,461 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2018-11-23 11:04:14,461 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2018-11-23 11:04:14,464 INFO L387 AbstractCegarLoop]: Difference is false [2018-11-23 11:04:14,464 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2018-11-23 11:04:14,464 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2018-11-23 11:04:14,500 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states. [2018-11-23 11:04:14,510 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2018-11-23 11:04:14,510 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:04:14,512 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:04:14,515 INFO L423 AbstractCegarLoop]: === Iteration 1 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:04:14,524 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:04:14,525 INFO L82 PathProgramCache]: Analyzing trace with hash -633334339, now seen corresponding path program 1 times [2018-11-23 11:04:14,530 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:04:14,530 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:04:14,553 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:04:14,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:14,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:14,647 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:04:14,727 INFO L256 TraceCheckUtils]: 0: Hoare triple {54#true} call ULTIMATE.init(); {54#true} is VALID [2018-11-23 11:04:14,731 INFO L273 TraceCheckUtils]: 1: Hoare triple {54#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {54#true} is VALID [2018-11-23 11:04:14,731 INFO L273 TraceCheckUtils]: 2: Hoare triple {54#true} assume true; {54#true} is VALID [2018-11-23 11:04:14,732 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {54#true} {54#true} #102#return; {54#true} is VALID [2018-11-23 11:04:14,732 INFO L256 TraceCheckUtils]: 4: Hoare triple {54#true} call #t~ret23 := main(); {54#true} is VALID [2018-11-23 11:04:14,733 INFO L273 TraceCheckUtils]: 5: Hoare triple {54#true} call ~#list~0.base, ~#list~0.offset := #Ultimate.alloc(8bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~#list~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~bvadd32(4bv32, ~#list~0.offset), 4bv32);~x~0.base, ~x~0.offset := ~#list~0.base, ~#list~0.offset;~tail~0.base, ~tail~0.offset := ~#list~0.base, ~#list~0.offset; {54#true} is VALID [2018-11-23 11:04:14,734 INFO L273 TraceCheckUtils]: 6: Hoare triple {54#true} assume !true; {55#false} is VALID [2018-11-23 11:04:14,734 INFO L256 TraceCheckUtils]: 7: Hoare triple {55#false} call #t~ret19 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {55#false} is VALID [2018-11-23 11:04:14,734 INFO L273 TraceCheckUtils]: 8: Hoare triple {55#false} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {55#false} is VALID [2018-11-23 11:04:14,735 INFO L273 TraceCheckUtils]: 9: Hoare triple {55#false} assume ~l.base == ~x.base && ~l.offset == ~x.offset;#res := 1bv8; {55#false} is VALID [2018-11-23 11:04:14,735 INFO L273 TraceCheckUtils]: 10: Hoare triple {55#false} assume true; {55#false} is VALID [2018-11-23 11:04:14,735 INFO L268 TraceCheckUtils]: 11: Hoare quadruple {55#false} {55#false} #106#return; {55#false} is VALID [2018-11-23 11:04:14,736 INFO L273 TraceCheckUtils]: 12: Hoare triple {55#false} assume 0bv8 != #t~ret19;havoc #t~ret19; {55#false} is VALID [2018-11-23 11:04:14,736 INFO L256 TraceCheckUtils]: 13: Hoare triple {55#false} call remove(~x~0.base, ~x~0.offset); {55#false} is VALID [2018-11-23 11:04:14,737 INFO L273 TraceCheckUtils]: 14: Hoare triple {55#false} ~x.base, ~x.offset := #in~x.base, #in~x.offset;call #t~mem3.base, #t~mem3.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32); {55#false} is VALID [2018-11-23 11:04:14,737 INFO L273 TraceCheckUtils]: 15: Hoare triple {55#false} assume #t~mem3.base != 0bv32 || #t~mem3.offset != 0bv32;havoc #t~mem3.base, #t~mem3.offset;call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call write~$Pointer$(#t~mem5.base, #t~mem5.offset, #t~mem4.base, #t~mem4.offset, 4bv32);havoc #t~mem5.base, #t~mem5.offset;havoc #t~mem4.base, #t~mem4.offset; {55#false} is VALID [2018-11-23 11:04:14,737 INFO L273 TraceCheckUtils]: 16: Hoare triple {55#false} call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32); {55#false} is VALID [2018-11-23 11:04:14,738 INFO L273 TraceCheckUtils]: 17: Hoare triple {55#false} assume #t~mem6.base != 0bv32 || #t~mem6.offset != 0bv32;havoc #t~mem6.base, #t~mem6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call write~$Pointer$(#t~mem8.base, #t~mem8.offset, #t~mem7.base, ~bvadd32(4bv32, #t~mem7.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;havoc #t~mem8.base, #t~mem8.offset; {55#false} is VALID [2018-11-23 11:04:14,738 INFO L273 TraceCheckUtils]: 18: Hoare triple {55#false} assume true; {55#false} is VALID [2018-11-23 11:04:14,739 INFO L268 TraceCheckUtils]: 19: Hoare quadruple {55#false} {55#false} #108#return; {55#false} is VALID [2018-11-23 11:04:14,739 INFO L273 TraceCheckUtils]: 20: Hoare triple {55#false} #t~short21 := ~#list~0.base == ~x~0.base && ~#list~0.offset == ~x~0.offset; {55#false} is VALID [2018-11-23 11:04:14,739 INFO L273 TraceCheckUtils]: 21: Hoare triple {55#false} assume #t~short21; {55#false} is VALID [2018-11-23 11:04:14,740 INFO L256 TraceCheckUtils]: 22: Hoare triple {55#false} call __VERIFIER_assert((if #t~short21 then 1bv32 else 0bv32)); {55#false} is VALID [2018-11-23 11:04:14,740 INFO L273 TraceCheckUtils]: 23: Hoare triple {55#false} ~cond := #in~cond; {55#false} is VALID [2018-11-23 11:04:14,740 INFO L273 TraceCheckUtils]: 24: Hoare triple {55#false} assume 0bv32 == ~cond; {55#false} is VALID [2018-11-23 11:04:14,741 INFO L273 TraceCheckUtils]: 25: Hoare triple {55#false} assume !false; {55#false} is VALID [2018-11-23 11:04:14,747 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:04:14,747 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:04:14,760 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:04:14,760 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2018-11-23 11:04:14,768 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 26 [2018-11-23 11:04:14,774 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:04:14,779 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states. [2018-11-23 11:04:14,992 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 26 edges. 26 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:04:14,992 INFO L459 AbstractCegarLoop]: Interpolant automaton has 2 states [2018-11-23 11:04:15,001 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2018-11-23 11:04:15,001 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:04:15,004 INFO L87 Difference]: Start difference. First operand 51 states. Second operand 2 states. [2018-11-23 11:04:15,487 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:15,487 INFO L93 Difference]: Finished difference Result 93 states and 121 transitions. [2018-11-23 11:04:15,487 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2018-11-23 11:04:15,488 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 26 [2018-11-23 11:04:15,488 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:04:15,489 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:04:15,505 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 121 transitions. [2018-11-23 11:04:15,505 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:04:15,520 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 121 transitions. [2018-11-23 11:04:15,520 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 121 transitions. [2018-11-23 11:04:16,401 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 121 edges. 121 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:04:16,417 INFO L225 Difference]: With dead ends: 93 [2018-11-23 11:04:16,417 INFO L226 Difference]: Without dead ends: 46 [2018-11-23 11:04:16,420 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 25 GetRequests, 25 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:04:16,438 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 46 states. [2018-11-23 11:04:16,535 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 46 to 46. [2018-11-23 11:04:16,536 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:04:16,536 INFO L82 GeneralOperation]: Start isEquivalent. First operand 46 states. Second operand 46 states. [2018-11-23 11:04:16,537 INFO L74 IsIncluded]: Start isIncluded. First operand 46 states. Second operand 46 states. [2018-11-23 11:04:16,537 INFO L87 Difference]: Start difference. First operand 46 states. Second operand 46 states. [2018-11-23 11:04:16,545 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:16,545 INFO L93 Difference]: Finished difference Result 46 states and 59 transitions. [2018-11-23 11:04:16,545 INFO L276 IsEmpty]: Start isEmpty. Operand 46 states and 59 transitions. [2018-11-23 11:04:16,547 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:04:16,547 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:04:16,547 INFO L74 IsIncluded]: Start isIncluded. First operand 46 states. Second operand 46 states. [2018-11-23 11:04:16,548 INFO L87 Difference]: Start difference. First operand 46 states. Second operand 46 states. [2018-11-23 11:04:16,554 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:16,554 INFO L93 Difference]: Finished difference Result 46 states and 59 transitions. [2018-11-23 11:04:16,554 INFO L276 IsEmpty]: Start isEmpty. Operand 46 states and 59 transitions. [2018-11-23 11:04:16,556 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:04:16,556 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:04:16,556 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:04:16,556 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:04:16,557 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 46 states. [2018-11-23 11:04:16,561 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 46 states to 46 states and 59 transitions. [2018-11-23 11:04:16,564 INFO L78 Accepts]: Start accepts. Automaton has 46 states and 59 transitions. Word has length 26 [2018-11-23 11:04:16,564 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:04:16,564 INFO L480 AbstractCegarLoop]: Abstraction has 46 states and 59 transitions. [2018-11-23 11:04:16,564 INFO L481 AbstractCegarLoop]: Interpolant automaton has 2 states. [2018-11-23 11:04:16,565 INFO L276 IsEmpty]: Start isEmpty. Operand 46 states and 59 transitions. [2018-11-23 11:04:16,566 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2018-11-23 11:04:16,566 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:04:16,566 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:04:16,567 INFO L423 AbstractCegarLoop]: === Iteration 2 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:04:16,567 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:04:16,567 INFO L82 PathProgramCache]: Analyzing trace with hash 1204061740, now seen corresponding path program 1 times [2018-11-23 11:04:16,568 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:04:16,568 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:04:16,586 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:04:16,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:16,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:16,657 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:04:16,877 INFO L256 TraceCheckUtils]: 0: Hoare triple {410#true} call ULTIMATE.init(); {410#true} is VALID [2018-11-23 11:04:16,878 INFO L273 TraceCheckUtils]: 1: Hoare triple {410#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {410#true} is VALID [2018-11-23 11:04:16,878 INFO L273 TraceCheckUtils]: 2: Hoare triple {410#true} assume true; {410#true} is VALID [2018-11-23 11:04:16,878 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {410#true} {410#true} #102#return; {410#true} is VALID [2018-11-23 11:04:16,879 INFO L256 TraceCheckUtils]: 4: Hoare triple {410#true} call #t~ret23 := main(); {410#true} is VALID [2018-11-23 11:04:16,890 INFO L273 TraceCheckUtils]: 5: Hoare triple {410#true} call ~#list~0.base, ~#list~0.offset := #Ultimate.alloc(8bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~#list~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~bvadd32(4bv32, ~#list~0.offset), 4bv32);~x~0.base, ~x~0.offset := ~#list~0.base, ~#list~0.offset;~tail~0.base, ~tail~0.offset := ~#list~0.base, ~#list~0.offset; {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} is VALID [2018-11-23 11:04:16,891 INFO L273 TraceCheckUtils]: 6: Hoare triple {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} assume !(0bv8 != #t~nondet16);havoc #t~nondet16; {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} is VALID [2018-11-23 11:04:16,892 INFO L256 TraceCheckUtils]: 7: Hoare triple {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} call #t~ret19 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {410#true} is VALID [2018-11-23 11:04:16,892 INFO L273 TraceCheckUtils]: 8: Hoare triple {410#true} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {410#true} is VALID [2018-11-23 11:04:16,892 INFO L273 TraceCheckUtils]: 9: Hoare triple {410#true} assume ~l.base == ~x.base && ~l.offset == ~x.offset;#res := 1bv8; {410#true} is VALID [2018-11-23 11:04:16,893 INFO L273 TraceCheckUtils]: 10: Hoare triple {410#true} assume true; {410#true} is VALID [2018-11-23 11:04:16,899 INFO L268 TraceCheckUtils]: 11: Hoare quadruple {410#true} {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} #106#return; {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} is VALID [2018-11-23 11:04:16,902 INFO L273 TraceCheckUtils]: 12: Hoare triple {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} assume 0bv8 != #t~ret19;havoc #t~ret19; {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} is VALID [2018-11-23 11:04:16,902 INFO L256 TraceCheckUtils]: 13: Hoare triple {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} call remove(~x~0.base, ~x~0.offset); {410#true} is VALID [2018-11-23 11:04:16,902 INFO L273 TraceCheckUtils]: 14: Hoare triple {410#true} ~x.base, ~x.offset := #in~x.base, #in~x.offset;call #t~mem3.base, #t~mem3.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32); {410#true} is VALID [2018-11-23 11:04:16,903 INFO L273 TraceCheckUtils]: 15: Hoare triple {410#true} assume #t~mem3.base != 0bv32 || #t~mem3.offset != 0bv32;havoc #t~mem3.base, #t~mem3.offset;call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call write~$Pointer$(#t~mem5.base, #t~mem5.offset, #t~mem4.base, #t~mem4.offset, 4bv32);havoc #t~mem5.base, #t~mem5.offset;havoc #t~mem4.base, #t~mem4.offset; {410#true} is VALID [2018-11-23 11:04:16,903 INFO L273 TraceCheckUtils]: 16: Hoare triple {410#true} call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32); {410#true} is VALID [2018-11-23 11:04:16,903 INFO L273 TraceCheckUtils]: 17: Hoare triple {410#true} assume #t~mem6.base != 0bv32 || #t~mem6.offset != 0bv32;havoc #t~mem6.base, #t~mem6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call write~$Pointer$(#t~mem8.base, #t~mem8.offset, #t~mem7.base, ~bvadd32(4bv32, #t~mem7.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;havoc #t~mem8.base, #t~mem8.offset; {410#true} is VALID [2018-11-23 11:04:16,903 INFO L273 TraceCheckUtils]: 18: Hoare triple {410#true} assume true; {410#true} is VALID [2018-11-23 11:04:16,907 INFO L268 TraceCheckUtils]: 19: Hoare quadruple {410#true} {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} #108#return; {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} is VALID [2018-11-23 11:04:16,921 INFO L273 TraceCheckUtils]: 20: Hoare triple {430#(and (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| main_~x~0.offset))} #t~short21 := ~#list~0.base == ~x~0.base && ~#list~0.offset == ~x~0.offset; {476#|main_#t~short21|} is VALID [2018-11-23 11:04:16,927 INFO L273 TraceCheckUtils]: 21: Hoare triple {476#|main_#t~short21|} assume #t~short21; {476#|main_#t~short21|} is VALID [2018-11-23 11:04:16,928 INFO L256 TraceCheckUtils]: 22: Hoare triple {476#|main_#t~short21|} call __VERIFIER_assert((if #t~short21 then 1bv32 else 0bv32)); {483#(= (bvadd |__VERIFIER_assert_#in~cond| (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:04:16,929 INFO L273 TraceCheckUtils]: 23: Hoare triple {483#(= (bvadd |__VERIFIER_assert_#in~cond| (_ bv4294967295 32)) (_ bv0 32))} ~cond := #in~cond; {487#(= (bvadd __VERIFIER_assert_~cond (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:04:16,934 INFO L273 TraceCheckUtils]: 24: Hoare triple {487#(= (bvadd __VERIFIER_assert_~cond (_ bv4294967295 32)) (_ bv0 32))} assume 0bv32 == ~cond; {411#false} is VALID [2018-11-23 11:04:16,934 INFO L273 TraceCheckUtils]: 25: Hoare triple {411#false} assume !false; {411#false} is VALID [2018-11-23 11:04:16,937 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:04:16,937 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:04:16,939 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:04:16,939 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-23 11:04:16,941 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 26 [2018-11-23 11:04:16,941 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:04:16,941 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-23 11:04:17,079 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 26 edges. 26 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:04:17,079 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-23 11:04:17,079 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-23 11:04:17,080 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2018-11-23 11:04:17,080 INFO L87 Difference]: Start difference. First operand 46 states and 59 transitions. Second operand 6 states. [2018-11-23 11:04:18,197 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:18,198 INFO L93 Difference]: Finished difference Result 91 states and 120 transitions. [2018-11-23 11:04:18,198 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2018-11-23 11:04:18,198 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 26 [2018-11-23 11:04:18,198 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:04:18,199 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:04:18,205 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 120 transitions. [2018-11-23 11:04:18,205 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:04:18,211 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 120 transitions. [2018-11-23 11:04:18,211 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 120 transitions. [2018-11-23 11:04:18,532 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 120 edges. 120 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:04:18,537 INFO L225 Difference]: With dead ends: 91 [2018-11-23 11:04:18,537 INFO L226 Difference]: Without dead ends: 65 [2018-11-23 11:04:18,539 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 27 GetRequests, 21 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=39, Unknown=0, NotChecked=0, Total=56 [2018-11-23 11:04:18,539 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 65 states. [2018-11-23 11:04:18,598 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 65 to 59. [2018-11-23 11:04:18,598 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:04:18,598 INFO L82 GeneralOperation]: Start isEquivalent. First operand 65 states. Second operand 59 states. [2018-11-23 11:04:18,599 INFO L74 IsIncluded]: Start isIncluded. First operand 65 states. Second operand 59 states. [2018-11-23 11:04:18,599 INFO L87 Difference]: Start difference. First operand 65 states. Second operand 59 states. [2018-11-23 11:04:18,605 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:18,605 INFO L93 Difference]: Finished difference Result 65 states and 86 transitions. [2018-11-23 11:04:18,605 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 86 transitions. [2018-11-23 11:04:18,607 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:04:18,607 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:04:18,608 INFO L74 IsIncluded]: Start isIncluded. First operand 59 states. Second operand 65 states. [2018-11-23 11:04:18,608 INFO L87 Difference]: Start difference. First operand 59 states. Second operand 65 states. [2018-11-23 11:04:18,614 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:18,614 INFO L93 Difference]: Finished difference Result 65 states and 86 transitions. [2018-11-23 11:04:18,614 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 86 transitions. [2018-11-23 11:04:18,616 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:04:18,616 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:04:18,616 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:04:18,616 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:04:18,616 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 59 states. [2018-11-23 11:04:18,621 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 59 states to 59 states and 77 transitions. [2018-11-23 11:04:18,621 INFO L78 Accepts]: Start accepts. Automaton has 59 states and 77 transitions. Word has length 26 [2018-11-23 11:04:18,621 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:04:18,622 INFO L480 AbstractCegarLoop]: Abstraction has 59 states and 77 transitions. [2018-11-23 11:04:18,622 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-23 11:04:18,622 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 77 transitions. [2018-11-23 11:04:18,624 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2018-11-23 11:04:18,624 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:04:18,624 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:04:18,624 INFO L423 AbstractCegarLoop]: === Iteration 3 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:04:18,625 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:04:18,625 INFO L82 PathProgramCache]: Analyzing trace with hash 351866420, now seen corresponding path program 1 times [2018-11-23 11:04:18,625 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:04:18,626 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:04:18,647 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:04:18,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:18,736 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:18,739 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:04:18,780 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:04:18,787 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:04:18,791 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:18,791 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2018-11-23 11:04:18,795 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:04:18,795 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_13|]. (= (store |v_#valid_13| |main_~#list~0.base| (_ bv1 1)) |#valid|) [2018-11-23 11:04:18,795 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (select |#valid| |main_~#list~0.base|) (_ bv1 1)) [2018-11-23 11:04:18,957 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:18,975 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:18,976 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:04:19,001 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:04:19,021 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:19,021 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:13, output treesize:4 [2018-11-23 11:04:19,025 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:04:19,026 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_14|]. (and (= (_ bv0 1) (select |v_#valid_14| main_~n~0.base)) (= (bvadd (select |v_#valid_14| |main_~#list~0.base|) (_ bv1 1)) (_ bv0 1))) [2018-11-23 11:04:19,026 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (not (= |main_~#list~0.base| main_~n~0.base)) [2018-11-23 11:04:19,167 INFO L256 TraceCheckUtils]: 0: Hoare triple {834#true} call ULTIMATE.init(); {834#true} is VALID [2018-11-23 11:04:19,167 INFO L273 TraceCheckUtils]: 1: Hoare triple {834#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {834#true} is VALID [2018-11-23 11:04:19,168 INFO L273 TraceCheckUtils]: 2: Hoare triple {834#true} assume true; {834#true} is VALID [2018-11-23 11:04:19,168 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {834#true} {834#true} #102#return; {834#true} is VALID [2018-11-23 11:04:19,168 INFO L256 TraceCheckUtils]: 4: Hoare triple {834#true} call #t~ret23 := main(); {834#true} is VALID [2018-11-23 11:04:19,170 INFO L273 TraceCheckUtils]: 5: Hoare triple {834#true} call ~#list~0.base, ~#list~0.offset := #Ultimate.alloc(8bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~#list~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~bvadd32(4bv32, ~#list~0.offset), 4bv32);~x~0.base, ~x~0.offset := ~#list~0.base, ~#list~0.offset;~tail~0.base, ~tail~0.offset := ~#list~0.base, ~#list~0.offset; {854#(= (bvadd (select |#valid| |main_~#list~0.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:04:19,171 INFO L273 TraceCheckUtils]: 6: Hoare triple {854#(= (bvadd (select |#valid| |main_~#list~0.base|) (_ bv1 1)) (_ bv0 1))} assume !!(0bv8 != #t~nondet16);havoc #t~nondet16;call #t~malloc17.base, #t~malloc17.offset := #Ultimate.alloc(8bv32);~n~0.base, ~n~0.offset := #t~malloc17.base, #t~malloc17.offset; {858#(not (= |main_~#list~0.base| main_~n~0.base))} is VALID [2018-11-23 11:04:19,172 INFO L273 TraceCheckUtils]: 7: Hoare triple {858#(not (= |main_~#list~0.base| main_~n~0.base))} assume !(~n~0.base == 0bv32 && ~n~0.offset == 0bv32);call write~$Pointer$(~tail~0.base, ~tail~0.offset, ~n~0.base, ~n~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);call write~$Pointer$(~n~0.base, ~n~0.offset, ~tail~0.base, ~bvadd32(4bv32, ~tail~0.offset), 4bv32); {858#(not (= |main_~#list~0.base| main_~n~0.base))} is VALID [2018-11-23 11:04:19,173 INFO L273 TraceCheckUtils]: 8: Hoare triple {858#(not (= |main_~#list~0.base| main_~n~0.base))} assume 0bv8 != #t~nondet18;havoc #t~nondet18;~x~0.base, ~x~0.offset := ~n~0.base, ~n~0.offset; {865#(not (= |main_~#list~0.base| main_~x~0.base))} is VALID [2018-11-23 11:04:19,174 INFO L273 TraceCheckUtils]: 9: Hoare triple {865#(not (= |main_~#list~0.base| main_~x~0.base))} assume !(0bv8 != #t~nondet16);havoc #t~nondet16; {865#(not (= |main_~#list~0.base| main_~x~0.base))} is VALID [2018-11-23 11:04:19,174 INFO L256 TraceCheckUtils]: 10: Hoare triple {865#(not (= |main_~#list~0.base| main_~x~0.base))} call #t~ret19 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {834#true} is VALID [2018-11-23 11:04:19,177 INFO L273 TraceCheckUtils]: 11: Hoare triple {834#true} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {875#(and (= |is_list_containing_x_#in~x.base| is_list_containing_x_~x.base) (= is_list_containing_x_~l.base |is_list_containing_x_#in~l.base|))} is VALID [2018-11-23 11:04:19,178 INFO L273 TraceCheckUtils]: 12: Hoare triple {875#(and (= |is_list_containing_x_#in~x.base| is_list_containing_x_~x.base) (= is_list_containing_x_~l.base |is_list_containing_x_#in~l.base|))} assume ~l.base == ~x.base && ~l.offset == ~x.offset;#res := 1bv8; {879#(= |is_list_containing_x_#in~x.base| |is_list_containing_x_#in~l.base|)} is VALID [2018-11-23 11:04:19,185 INFO L273 TraceCheckUtils]: 13: Hoare triple {879#(= |is_list_containing_x_#in~x.base| |is_list_containing_x_#in~l.base|)} assume true; {879#(= |is_list_containing_x_#in~x.base| |is_list_containing_x_#in~l.base|)} is VALID [2018-11-23 11:04:19,187 INFO L268 TraceCheckUtils]: 14: Hoare quadruple {879#(= |is_list_containing_x_#in~x.base| |is_list_containing_x_#in~l.base|)} {865#(not (= |main_~#list~0.base| main_~x~0.base))} #106#return; {835#false} is VALID [2018-11-23 11:04:19,187 INFO L273 TraceCheckUtils]: 15: Hoare triple {835#false} assume 0bv8 != #t~ret19;havoc #t~ret19; {835#false} is VALID [2018-11-23 11:04:19,188 INFO L256 TraceCheckUtils]: 16: Hoare triple {835#false} call remove(~x~0.base, ~x~0.offset); {835#false} is VALID [2018-11-23 11:04:19,188 INFO L273 TraceCheckUtils]: 17: Hoare triple {835#false} ~x.base, ~x.offset := #in~x.base, #in~x.offset;call #t~mem3.base, #t~mem3.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32); {835#false} is VALID [2018-11-23 11:04:19,188 INFO L273 TraceCheckUtils]: 18: Hoare triple {835#false} assume #t~mem3.base != 0bv32 || #t~mem3.offset != 0bv32;havoc #t~mem3.base, #t~mem3.offset;call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call write~$Pointer$(#t~mem5.base, #t~mem5.offset, #t~mem4.base, #t~mem4.offset, 4bv32);havoc #t~mem5.base, #t~mem5.offset;havoc #t~mem4.base, #t~mem4.offset; {835#false} is VALID [2018-11-23 11:04:19,188 INFO L273 TraceCheckUtils]: 19: Hoare triple {835#false} call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32); {835#false} is VALID [2018-11-23 11:04:19,188 INFO L273 TraceCheckUtils]: 20: Hoare triple {835#false} assume #t~mem6.base != 0bv32 || #t~mem6.offset != 0bv32;havoc #t~mem6.base, #t~mem6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call write~$Pointer$(#t~mem8.base, #t~mem8.offset, #t~mem7.base, ~bvadd32(4bv32, #t~mem7.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;havoc #t~mem8.base, #t~mem8.offset; {835#false} is VALID [2018-11-23 11:04:19,189 INFO L273 TraceCheckUtils]: 21: Hoare triple {835#false} assume true; {835#false} is VALID [2018-11-23 11:04:19,189 INFO L268 TraceCheckUtils]: 22: Hoare quadruple {835#false} {835#false} #108#return; {835#false} is VALID [2018-11-23 11:04:19,189 INFO L273 TraceCheckUtils]: 23: Hoare triple {835#false} #t~short21 := ~#list~0.base == ~x~0.base && ~#list~0.offset == ~x~0.offset; {835#false} is VALID [2018-11-23 11:04:19,189 INFO L273 TraceCheckUtils]: 24: Hoare triple {835#false} assume !#t~short21; {835#false} is VALID [2018-11-23 11:04:19,190 INFO L256 TraceCheckUtils]: 25: Hoare triple {835#false} call #t~ret20 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {835#false} is VALID [2018-11-23 11:04:19,190 INFO L273 TraceCheckUtils]: 26: Hoare triple {835#false} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {835#false} is VALID [2018-11-23 11:04:19,190 INFO L273 TraceCheckUtils]: 27: Hoare triple {835#false} assume ~l.base == ~x.base && ~l.offset == ~x.offset;#res := 1bv8; {835#false} is VALID [2018-11-23 11:04:19,191 INFO L273 TraceCheckUtils]: 28: Hoare triple {835#false} assume true; {835#false} is VALID [2018-11-23 11:04:19,191 INFO L268 TraceCheckUtils]: 29: Hoare quadruple {835#false} {835#false} #110#return; {835#false} is VALID [2018-11-23 11:04:19,191 INFO L273 TraceCheckUtils]: 30: Hoare triple {835#false} #t~short21 := 0bv8 == #t~ret20; {835#false} is VALID [2018-11-23 11:04:19,191 INFO L256 TraceCheckUtils]: 31: Hoare triple {835#false} call __VERIFIER_assert((if #t~short21 then 1bv32 else 0bv32)); {835#false} is VALID [2018-11-23 11:04:19,191 INFO L273 TraceCheckUtils]: 32: Hoare triple {835#false} ~cond := #in~cond; {835#false} is VALID [2018-11-23 11:04:19,192 INFO L273 TraceCheckUtils]: 33: Hoare triple {835#false} assume 0bv32 == ~cond; {835#false} is VALID [2018-11-23 11:04:19,192 INFO L273 TraceCheckUtils]: 34: Hoare triple {835#false} assume !false; {835#false} is VALID [2018-11-23 11:04:19,194 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 4 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:04:19,194 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:04:19,470 INFO L273 TraceCheckUtils]: 34: Hoare triple {835#false} assume !false; {835#false} is VALID [2018-11-23 11:04:19,470 INFO L273 TraceCheckUtils]: 33: Hoare triple {835#false} assume 0bv32 == ~cond; {835#false} is VALID [2018-11-23 11:04:19,471 INFO L273 TraceCheckUtils]: 32: Hoare triple {835#false} ~cond := #in~cond; {835#false} is VALID [2018-11-23 11:04:19,471 INFO L256 TraceCheckUtils]: 31: Hoare triple {835#false} call __VERIFIER_assert((if #t~short21 then 1bv32 else 0bv32)); {835#false} is VALID [2018-11-23 11:04:19,472 INFO L273 TraceCheckUtils]: 30: Hoare triple {835#false} #t~short21 := 0bv8 == #t~ret20; {835#false} is VALID [2018-11-23 11:04:19,472 INFO L268 TraceCheckUtils]: 29: Hoare quadruple {834#true} {835#false} #110#return; {835#false} is VALID [2018-11-23 11:04:19,472 INFO L273 TraceCheckUtils]: 28: Hoare triple {834#true} assume true; {834#true} is VALID [2018-11-23 11:04:19,473 INFO L273 TraceCheckUtils]: 27: Hoare triple {834#true} assume ~l.base == ~x.base && ~l.offset == ~x.offset;#res := 1bv8; {834#true} is VALID [2018-11-23 11:04:19,473 INFO L273 TraceCheckUtils]: 26: Hoare triple {834#true} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {834#true} is VALID [2018-11-23 11:04:19,473 INFO L256 TraceCheckUtils]: 25: Hoare triple {835#false} call #t~ret20 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {834#true} is VALID [2018-11-23 11:04:19,473 INFO L273 TraceCheckUtils]: 24: Hoare triple {835#false} assume !#t~short21; {835#false} is VALID [2018-11-23 11:04:19,474 INFO L273 TraceCheckUtils]: 23: Hoare triple {835#false} #t~short21 := ~#list~0.base == ~x~0.base && ~#list~0.offset == ~x~0.offset; {835#false} is VALID [2018-11-23 11:04:19,474 INFO L268 TraceCheckUtils]: 22: Hoare quadruple {834#true} {835#false} #108#return; {835#false} is VALID [2018-11-23 11:04:19,474 INFO L273 TraceCheckUtils]: 21: Hoare triple {834#true} assume true; {834#true} is VALID [2018-11-23 11:04:19,474 INFO L273 TraceCheckUtils]: 20: Hoare triple {834#true} assume #t~mem6.base != 0bv32 || #t~mem6.offset != 0bv32;havoc #t~mem6.base, #t~mem6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call write~$Pointer$(#t~mem8.base, #t~mem8.offset, #t~mem7.base, ~bvadd32(4bv32, #t~mem7.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;havoc #t~mem8.base, #t~mem8.offset; {834#true} is VALID [2018-11-23 11:04:19,475 INFO L273 TraceCheckUtils]: 19: Hoare triple {834#true} call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32); {834#true} is VALID [2018-11-23 11:04:19,475 INFO L273 TraceCheckUtils]: 18: Hoare triple {834#true} assume #t~mem3.base != 0bv32 || #t~mem3.offset != 0bv32;havoc #t~mem3.base, #t~mem3.offset;call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call write~$Pointer$(#t~mem5.base, #t~mem5.offset, #t~mem4.base, #t~mem4.offset, 4bv32);havoc #t~mem5.base, #t~mem5.offset;havoc #t~mem4.base, #t~mem4.offset; {834#true} is VALID [2018-11-23 11:04:19,475 INFO L273 TraceCheckUtils]: 17: Hoare triple {834#true} ~x.base, ~x.offset := #in~x.base, #in~x.offset;call #t~mem3.base, #t~mem3.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32); {834#true} is VALID [2018-11-23 11:04:19,476 INFO L256 TraceCheckUtils]: 16: Hoare triple {835#false} call remove(~x~0.base, ~x~0.offset); {834#true} is VALID [2018-11-23 11:04:19,476 INFO L273 TraceCheckUtils]: 15: Hoare triple {835#false} assume 0bv8 != #t~ret19;havoc #t~ret19; {835#false} is VALID [2018-11-23 11:04:19,481 INFO L268 TraceCheckUtils]: 14: Hoare quadruple {879#(= |is_list_containing_x_#in~x.base| |is_list_containing_x_#in~l.base|)} {865#(not (= |main_~#list~0.base| main_~x~0.base))} #106#return; {835#false} is VALID [2018-11-23 11:04:19,487 INFO L273 TraceCheckUtils]: 13: Hoare triple {879#(= |is_list_containing_x_#in~x.base| |is_list_containing_x_#in~l.base|)} assume true; {879#(= |is_list_containing_x_#in~x.base| |is_list_containing_x_#in~l.base|)} is VALID [2018-11-23 11:04:19,488 INFO L273 TraceCheckUtils]: 12: Hoare triple {1015#(or (= |is_list_containing_x_#in~x.base| |is_list_containing_x_#in~l.base|) (not (= is_list_containing_x_~l.base is_list_containing_x_~x.base)))} assume ~l.base == ~x.base && ~l.offset == ~x.offset;#res := 1bv8; {879#(= |is_list_containing_x_#in~x.base| |is_list_containing_x_#in~l.base|)} is VALID [2018-11-23 11:04:19,488 INFO L273 TraceCheckUtils]: 11: Hoare triple {834#true} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {1015#(or (= |is_list_containing_x_#in~x.base| |is_list_containing_x_#in~l.base|) (not (= is_list_containing_x_~l.base is_list_containing_x_~x.base)))} is VALID [2018-11-23 11:04:19,489 INFO L256 TraceCheckUtils]: 10: Hoare triple {865#(not (= |main_~#list~0.base| main_~x~0.base))} call #t~ret19 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {834#true} is VALID [2018-11-23 11:04:19,489 INFO L273 TraceCheckUtils]: 9: Hoare triple {865#(not (= |main_~#list~0.base| main_~x~0.base))} assume !(0bv8 != #t~nondet16);havoc #t~nondet16; {865#(not (= |main_~#list~0.base| main_~x~0.base))} is VALID [2018-11-23 11:04:19,493 INFO L273 TraceCheckUtils]: 8: Hoare triple {858#(not (= |main_~#list~0.base| main_~n~0.base))} assume 0bv8 != #t~nondet18;havoc #t~nondet18;~x~0.base, ~x~0.offset := ~n~0.base, ~n~0.offset; {865#(not (= |main_~#list~0.base| main_~x~0.base))} is VALID [2018-11-23 11:04:19,493 INFO L273 TraceCheckUtils]: 7: Hoare triple {858#(not (= |main_~#list~0.base| main_~n~0.base))} assume !(~n~0.base == 0bv32 && ~n~0.offset == 0bv32);call write~$Pointer$(~tail~0.base, ~tail~0.offset, ~n~0.base, ~n~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);call write~$Pointer$(~n~0.base, ~n~0.offset, ~tail~0.base, ~bvadd32(4bv32, ~tail~0.offset), 4bv32); {858#(not (= |main_~#list~0.base| main_~n~0.base))} is VALID [2018-11-23 11:04:19,494 INFO L273 TraceCheckUtils]: 6: Hoare triple {854#(= (bvadd (select |#valid| |main_~#list~0.base|) (_ bv1 1)) (_ bv0 1))} assume !!(0bv8 != #t~nondet16);havoc #t~nondet16;call #t~malloc17.base, #t~malloc17.offset := #Ultimate.alloc(8bv32);~n~0.base, ~n~0.offset := #t~malloc17.base, #t~malloc17.offset; {858#(not (= |main_~#list~0.base| main_~n~0.base))} is VALID [2018-11-23 11:04:19,496 INFO L273 TraceCheckUtils]: 5: Hoare triple {834#true} call ~#list~0.base, ~#list~0.offset := #Ultimate.alloc(8bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~#list~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~bvadd32(4bv32, ~#list~0.offset), 4bv32);~x~0.base, ~x~0.offset := ~#list~0.base, ~#list~0.offset;~tail~0.base, ~tail~0.offset := ~#list~0.base, ~#list~0.offset; {854#(= (bvadd (select |#valid| |main_~#list~0.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:04:19,497 INFO L256 TraceCheckUtils]: 4: Hoare triple {834#true} call #t~ret23 := main(); {834#true} is VALID [2018-11-23 11:04:19,497 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {834#true} {834#true} #102#return; {834#true} is VALID [2018-11-23 11:04:19,497 INFO L273 TraceCheckUtils]: 2: Hoare triple {834#true} assume true; {834#true} is VALID [2018-11-23 11:04:19,498 INFO L273 TraceCheckUtils]: 1: Hoare triple {834#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {834#true} is VALID [2018-11-23 11:04:19,498 INFO L256 TraceCheckUtils]: 0: Hoare triple {834#true} call ULTIMATE.init(); {834#true} is VALID [2018-11-23 11:04:19,501 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:04:19,509 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:04:19,509 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 7] total 8 [2018-11-23 11:04:19,510 INFO L78 Accepts]: Start accepts. Automaton has 8 states. Word has length 35 [2018-11-23 11:04:19,512 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:04:19,512 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states. [2018-11-23 11:04:19,607 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 49 edges. 49 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:04:19,607 INFO L459 AbstractCegarLoop]: Interpolant automaton has 8 states [2018-11-23 11:04:19,608 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2018-11-23 11:04:19,608 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2018-11-23 11:04:19,609 INFO L87 Difference]: Start difference. First operand 59 states and 77 transitions. Second operand 8 states. [2018-11-23 11:04:21,774 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:21,774 INFO L93 Difference]: Finished difference Result 118 states and 161 transitions. [2018-11-23 11:04:21,775 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2018-11-23 11:04:21,775 INFO L78 Accepts]: Start accepts. Automaton has 8 states. Word has length 35 [2018-11-23 11:04:21,775 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:04:21,775 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 8 states. [2018-11-23 11:04:21,782 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 151 transitions. [2018-11-23 11:04:21,782 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 8 states. [2018-11-23 11:04:21,788 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 151 transitions. [2018-11-23 11:04:21,788 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 151 transitions. [2018-11-23 11:04:22,168 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 151 edges. 151 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:04:22,172 INFO L225 Difference]: With dead ends: 118 [2018-11-23 11:04:22,173 INFO L226 Difference]: Without dead ends: 77 [2018-11-23 11:04:22,174 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 72 GetRequests, 62 SyntacticMatches, 1 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=30, Invalid=80, Unknown=0, NotChecked=0, Total=110 [2018-11-23 11:04:22,174 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 77 states. [2018-11-23 11:04:22,279 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 77 to 65. [2018-11-23 11:04:22,280 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:04:22,280 INFO L82 GeneralOperation]: Start isEquivalent. First operand 77 states. Second operand 65 states. [2018-11-23 11:04:22,280 INFO L74 IsIncluded]: Start isIncluded. First operand 77 states. Second operand 65 states. [2018-11-23 11:04:22,281 INFO L87 Difference]: Start difference. First operand 77 states. Second operand 65 states. [2018-11-23 11:04:22,287 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:22,287 INFO L93 Difference]: Finished difference Result 77 states and 108 transitions. [2018-11-23 11:04:22,288 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 108 transitions. [2018-11-23 11:04:22,289 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:04:22,292 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:04:22,292 INFO L74 IsIncluded]: Start isIncluded. First operand 65 states. Second operand 77 states. [2018-11-23 11:04:22,293 INFO L87 Difference]: Start difference. First operand 65 states. Second operand 77 states. [2018-11-23 11:04:22,303 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:22,305 INFO L93 Difference]: Finished difference Result 77 states and 108 transitions. [2018-11-23 11:04:22,305 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 108 transitions. [2018-11-23 11:04:22,306 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:04:22,307 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:04:22,307 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:04:22,307 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:04:22,307 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 65 states. [2018-11-23 11:04:22,312 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 65 states to 65 states and 88 transitions. [2018-11-23 11:04:22,312 INFO L78 Accepts]: Start accepts. Automaton has 65 states and 88 transitions. Word has length 35 [2018-11-23 11:04:22,312 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:04:22,313 INFO L480 AbstractCegarLoop]: Abstraction has 65 states and 88 transitions. [2018-11-23 11:04:22,314 INFO L481 AbstractCegarLoop]: Interpolant automaton has 8 states. [2018-11-23 11:04:22,314 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 88 transitions. [2018-11-23 11:04:22,315 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2018-11-23 11:04:22,315 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:04:22,315 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:04:22,316 INFO L423 AbstractCegarLoop]: === Iteration 4 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:04:22,316 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:04:22,316 INFO L82 PathProgramCache]: Analyzing trace with hash -1604870462, now seen corresponding path program 1 times [2018-11-23 11:04:22,317 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:04:22,317 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:04:22,333 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:04:22,384 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:22,417 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:22,419 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:04:22,488 INFO L256 TraceCheckUtils]: 0: Hoare triple {1465#true} call ULTIMATE.init(); {1465#true} is VALID [2018-11-23 11:04:22,488 INFO L273 TraceCheckUtils]: 1: Hoare triple {1465#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1465#true} is VALID [2018-11-23 11:04:22,489 INFO L273 TraceCheckUtils]: 2: Hoare triple {1465#true} assume true; {1465#true} is VALID [2018-11-23 11:04:22,489 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1465#true} {1465#true} #102#return; {1465#true} is VALID [2018-11-23 11:04:22,490 INFO L256 TraceCheckUtils]: 4: Hoare triple {1465#true} call #t~ret23 := main(); {1465#true} is VALID [2018-11-23 11:04:22,490 INFO L273 TraceCheckUtils]: 5: Hoare triple {1465#true} call ~#list~0.base, ~#list~0.offset := #Ultimate.alloc(8bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~#list~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~bvadd32(4bv32, ~#list~0.offset), 4bv32);~x~0.base, ~x~0.offset := ~#list~0.base, ~#list~0.offset;~tail~0.base, ~tail~0.offset := ~#list~0.base, ~#list~0.offset; {1465#true} is VALID [2018-11-23 11:04:22,491 INFO L273 TraceCheckUtils]: 6: Hoare triple {1465#true} assume !!(0bv8 != #t~nondet16);havoc #t~nondet16;call #t~malloc17.base, #t~malloc17.offset := #Ultimate.alloc(8bv32);~n~0.base, ~n~0.offset := #t~malloc17.base, #t~malloc17.offset; {1465#true} is VALID [2018-11-23 11:04:22,491 INFO L273 TraceCheckUtils]: 7: Hoare triple {1465#true} assume !(~n~0.base == 0bv32 && ~n~0.offset == 0bv32);call write~$Pointer$(~tail~0.base, ~tail~0.offset, ~n~0.base, ~n~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);call write~$Pointer$(~n~0.base, ~n~0.offset, ~tail~0.base, ~bvadd32(4bv32, ~tail~0.offset), 4bv32); {1465#true} is VALID [2018-11-23 11:04:22,491 INFO L273 TraceCheckUtils]: 8: Hoare triple {1465#true} assume 0bv8 != #t~nondet18;havoc #t~nondet18;~x~0.base, ~x~0.offset := ~n~0.base, ~n~0.offset; {1465#true} is VALID [2018-11-23 11:04:22,492 INFO L273 TraceCheckUtils]: 9: Hoare triple {1465#true} assume !(0bv8 != #t~nondet16);havoc #t~nondet16; {1465#true} is VALID [2018-11-23 11:04:22,492 INFO L256 TraceCheckUtils]: 10: Hoare triple {1465#true} call #t~ret19 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {1465#true} is VALID [2018-11-23 11:04:22,492 INFO L273 TraceCheckUtils]: 11: Hoare triple {1465#true} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {1465#true} is VALID [2018-11-23 11:04:22,492 INFO L273 TraceCheckUtils]: 12: Hoare triple {1465#true} assume !(~l.base == ~x.base && ~l.offset == ~x.offset);call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~l.base, ~bvadd32(4bv32, ~l.offset), 4bv32); {1465#true} is VALID [2018-11-23 11:04:22,494 INFO L273 TraceCheckUtils]: 13: Hoare triple {1465#true} assume !(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;#res := 0bv8; {1509#(= (_ bv0 8) |is_list_containing_x_#res|)} is VALID [2018-11-23 11:04:22,495 INFO L273 TraceCheckUtils]: 14: Hoare triple {1509#(= (_ bv0 8) |is_list_containing_x_#res|)} assume true; {1509#(= (_ bv0 8) |is_list_containing_x_#res|)} is VALID [2018-11-23 11:04:22,497 INFO L268 TraceCheckUtils]: 15: Hoare quadruple {1509#(= (_ bv0 8) |is_list_containing_x_#res|)} {1465#true} #106#return; {1516#(= (_ bv0 8) |main_#t~ret19|)} is VALID [2018-11-23 11:04:22,497 INFO L273 TraceCheckUtils]: 16: Hoare triple {1516#(= (_ bv0 8) |main_#t~ret19|)} assume 0bv8 != #t~ret19;havoc #t~ret19; {1466#false} is VALID [2018-11-23 11:04:22,498 INFO L256 TraceCheckUtils]: 17: Hoare triple {1466#false} call remove(~x~0.base, ~x~0.offset); {1466#false} is VALID [2018-11-23 11:04:22,498 INFO L273 TraceCheckUtils]: 18: Hoare triple {1466#false} ~x.base, ~x.offset := #in~x.base, #in~x.offset;call #t~mem3.base, #t~mem3.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32); {1466#false} is VALID [2018-11-23 11:04:22,498 INFO L273 TraceCheckUtils]: 19: Hoare triple {1466#false} assume #t~mem3.base != 0bv32 || #t~mem3.offset != 0bv32;havoc #t~mem3.base, #t~mem3.offset;call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call write~$Pointer$(#t~mem5.base, #t~mem5.offset, #t~mem4.base, #t~mem4.offset, 4bv32);havoc #t~mem5.base, #t~mem5.offset;havoc #t~mem4.base, #t~mem4.offset; {1466#false} is VALID [2018-11-23 11:04:22,499 INFO L273 TraceCheckUtils]: 20: Hoare triple {1466#false} call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32); {1466#false} is VALID [2018-11-23 11:04:22,499 INFO L273 TraceCheckUtils]: 21: Hoare triple {1466#false} assume #t~mem6.base != 0bv32 || #t~mem6.offset != 0bv32;havoc #t~mem6.base, #t~mem6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call write~$Pointer$(#t~mem8.base, #t~mem8.offset, #t~mem7.base, ~bvadd32(4bv32, #t~mem7.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;havoc #t~mem8.base, #t~mem8.offset; {1466#false} is VALID [2018-11-23 11:04:22,500 INFO L273 TraceCheckUtils]: 22: Hoare triple {1466#false} assume true; {1466#false} is VALID [2018-11-23 11:04:22,500 INFO L268 TraceCheckUtils]: 23: Hoare quadruple {1466#false} {1466#false} #108#return; {1466#false} is VALID [2018-11-23 11:04:22,500 INFO L273 TraceCheckUtils]: 24: Hoare triple {1466#false} #t~short21 := ~#list~0.base == ~x~0.base && ~#list~0.offset == ~x~0.offset; {1466#false} is VALID [2018-11-23 11:04:22,501 INFO L273 TraceCheckUtils]: 25: Hoare triple {1466#false} assume !#t~short21; {1466#false} is VALID [2018-11-23 11:04:22,501 INFO L256 TraceCheckUtils]: 26: Hoare triple {1466#false} call #t~ret20 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {1466#false} is VALID [2018-11-23 11:04:22,501 INFO L273 TraceCheckUtils]: 27: Hoare triple {1466#false} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {1466#false} is VALID [2018-11-23 11:04:22,502 INFO L273 TraceCheckUtils]: 28: Hoare triple {1466#false} assume !(~l.base == ~x.base && ~l.offset == ~x.offset);call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~l.base, ~bvadd32(4bv32, ~l.offset), 4bv32); {1466#false} is VALID [2018-11-23 11:04:22,502 INFO L273 TraceCheckUtils]: 29: Hoare triple {1466#false} assume !(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;#res := 0bv8; {1466#false} is VALID [2018-11-23 11:04:22,502 INFO L273 TraceCheckUtils]: 30: Hoare triple {1466#false} assume true; {1466#false} is VALID [2018-11-23 11:04:22,503 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {1466#false} {1466#false} #110#return; {1466#false} is VALID [2018-11-23 11:04:22,503 INFO L273 TraceCheckUtils]: 32: Hoare triple {1466#false} #t~short21 := 0bv8 == #t~ret20; {1466#false} is VALID [2018-11-23 11:04:22,503 INFO L256 TraceCheckUtils]: 33: Hoare triple {1466#false} call __VERIFIER_assert((if #t~short21 then 1bv32 else 0bv32)); {1466#false} is VALID [2018-11-23 11:04:22,503 INFO L273 TraceCheckUtils]: 34: Hoare triple {1466#false} ~cond := #in~cond; {1466#false} is VALID [2018-11-23 11:04:22,504 INFO L273 TraceCheckUtils]: 35: Hoare triple {1466#false} assume 0bv32 == ~cond; {1466#false} is VALID [2018-11-23 11:04:22,504 INFO L273 TraceCheckUtils]: 36: Hoare triple {1466#false} assume !false; {1466#false} is VALID [2018-11-23 11:04:22,506 INFO L134 CoverageAnalysis]: Checked inductivity of 6 backedges. 5 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:04:22,507 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:04:22,509 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:04:22,509 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2018-11-23 11:04:22,509 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 37 [2018-11-23 11:04:22,510 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:04:22,510 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2018-11-23 11:04:22,581 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 37 edges. 37 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:04:22,581 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2018-11-23 11:04:22,581 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2018-11-23 11:04:22,582 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2018-11-23 11:04:22,582 INFO L87 Difference]: Start difference. First operand 65 states and 88 transitions. Second operand 4 states. [2018-11-23 11:04:23,184 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:23,184 INFO L93 Difference]: Finished difference Result 118 states and 160 transitions. [2018-11-23 11:04:23,184 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2018-11-23 11:04:23,184 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 37 [2018-11-23 11:04:23,185 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:04:23,185 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-23 11:04:23,187 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 109 transitions. [2018-11-23 11:04:23,187 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-23 11:04:23,190 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 109 transitions. [2018-11-23 11:04:23,190 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 109 transitions. [2018-11-23 11:04:23,359 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 109 edges. 109 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:04:23,363 INFO L225 Difference]: With dead ends: 118 [2018-11-23 11:04:23,364 INFO L226 Difference]: Without dead ends: 67 [2018-11-23 11:04:23,365 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 36 GetRequests, 34 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2018-11-23 11:04:23,365 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 67 states. [2018-11-23 11:04:23,517 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 67 to 67. [2018-11-23 11:04:23,518 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:04:23,518 INFO L82 GeneralOperation]: Start isEquivalent. First operand 67 states. Second operand 67 states. [2018-11-23 11:04:23,518 INFO L74 IsIncluded]: Start isIncluded. First operand 67 states. Second operand 67 states. [2018-11-23 11:04:23,518 INFO L87 Difference]: Start difference. First operand 67 states. Second operand 67 states. [2018-11-23 11:04:23,523 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:23,523 INFO L93 Difference]: Finished difference Result 67 states and 93 transitions. [2018-11-23 11:04:23,523 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 93 transitions. [2018-11-23 11:04:23,524 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:04:23,524 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:04:23,524 INFO L74 IsIncluded]: Start isIncluded. First operand 67 states. Second operand 67 states. [2018-11-23 11:04:23,525 INFO L87 Difference]: Start difference. First operand 67 states. Second operand 67 states. [2018-11-23 11:04:23,529 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:23,529 INFO L93 Difference]: Finished difference Result 67 states and 93 transitions. [2018-11-23 11:04:23,529 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 93 transitions. [2018-11-23 11:04:23,530 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:04:23,530 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:04:23,530 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:04:23,530 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:04:23,530 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 67 states. [2018-11-23 11:04:23,534 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 67 states to 67 states and 93 transitions. [2018-11-23 11:04:23,535 INFO L78 Accepts]: Start accepts. Automaton has 67 states and 93 transitions. Word has length 37 [2018-11-23 11:04:23,535 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:04:23,535 INFO L480 AbstractCegarLoop]: Abstraction has 67 states and 93 transitions. [2018-11-23 11:04:23,535 INFO L481 AbstractCegarLoop]: Interpolant automaton has 4 states. [2018-11-23 11:04:23,535 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 93 transitions. [2018-11-23 11:04:23,536 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 44 [2018-11-23 11:04:23,537 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:04:23,537 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:04:23,537 INFO L423 AbstractCegarLoop]: === Iteration 5 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:04:23,537 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:04:23,538 INFO L82 PathProgramCache]: Analyzing trace with hash -1960956955, now seen corresponding path program 1 times [2018-11-23 11:04:23,538 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:04:23,538 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:04:23,560 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:04:23,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:23,665 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:23,668 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:04:23,847 INFO L256 TraceCheckUtils]: 0: Hoare triple {1965#true} call ULTIMATE.init(); {1965#true} is VALID [2018-11-23 11:04:23,847 INFO L273 TraceCheckUtils]: 1: Hoare triple {1965#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1965#true} is VALID [2018-11-23 11:04:23,848 INFO L273 TraceCheckUtils]: 2: Hoare triple {1965#true} assume true; {1965#true} is VALID [2018-11-23 11:04:23,848 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1965#true} {1965#true} #102#return; {1965#true} is VALID [2018-11-23 11:04:23,848 INFO L256 TraceCheckUtils]: 4: Hoare triple {1965#true} call #t~ret23 := main(); {1965#true} is VALID [2018-11-23 11:04:23,848 INFO L273 TraceCheckUtils]: 5: Hoare triple {1965#true} call ~#list~0.base, ~#list~0.offset := #Ultimate.alloc(8bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~#list~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~bvadd32(4bv32, ~#list~0.offset), 4bv32);~x~0.base, ~x~0.offset := ~#list~0.base, ~#list~0.offset;~tail~0.base, ~tail~0.offset := ~#list~0.base, ~#list~0.offset; {1965#true} is VALID [2018-11-23 11:04:23,848 INFO L273 TraceCheckUtils]: 6: Hoare triple {1965#true} assume !!(0bv8 != #t~nondet16);havoc #t~nondet16;call #t~malloc17.base, #t~malloc17.offset := #Ultimate.alloc(8bv32);~n~0.base, ~n~0.offset := #t~malloc17.base, #t~malloc17.offset; {1965#true} is VALID [2018-11-23 11:04:23,848 INFO L273 TraceCheckUtils]: 7: Hoare triple {1965#true} assume !(~n~0.base == 0bv32 && ~n~0.offset == 0bv32);call write~$Pointer$(~tail~0.base, ~tail~0.offset, ~n~0.base, ~n~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);call write~$Pointer$(~n~0.base, ~n~0.offset, ~tail~0.base, ~bvadd32(4bv32, ~tail~0.offset), 4bv32); {1965#true} is VALID [2018-11-23 11:04:23,849 INFO L273 TraceCheckUtils]: 8: Hoare triple {1965#true} assume 0bv8 != #t~nondet18;havoc #t~nondet18;~x~0.base, ~x~0.offset := ~n~0.base, ~n~0.offset; {1965#true} is VALID [2018-11-23 11:04:23,849 INFO L273 TraceCheckUtils]: 9: Hoare triple {1965#true} assume !(0bv8 != #t~nondet16);havoc #t~nondet16; {1965#true} is VALID [2018-11-23 11:04:23,849 INFO L256 TraceCheckUtils]: 10: Hoare triple {1965#true} call #t~ret19 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {1965#true} is VALID [2018-11-23 11:04:23,849 INFO L273 TraceCheckUtils]: 11: Hoare triple {1965#true} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {1965#true} is VALID [2018-11-23 11:04:23,849 INFO L273 TraceCheckUtils]: 12: Hoare triple {1965#true} assume !(~l.base == ~x.base && ~l.offset == ~x.offset);call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~l.base, ~bvadd32(4bv32, ~l.offset), 4bv32); {1965#true} is VALID [2018-11-23 11:04:23,849 INFO L273 TraceCheckUtils]: 13: Hoare triple {1965#true} assume #t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32;havoc #t~mem13.base, #t~mem13.offset;call #t~mem14.base, #t~mem14.offset := read~$Pointer$(~l.base, ~bvadd32(4bv32, ~l.offset), 4bv32); {1965#true} is VALID [2018-11-23 11:04:23,850 INFO L256 TraceCheckUtils]: 14: Hoare triple {1965#true} call #t~ret15 := is_list_containing_x(#t~mem14.base, #t~mem14.offset, ~x.base, ~x.offset); {1965#true} is VALID [2018-11-23 11:04:23,850 INFO L273 TraceCheckUtils]: 15: Hoare triple {1965#true} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {1965#true} is VALID [2018-11-23 11:04:23,850 INFO L273 TraceCheckUtils]: 16: Hoare triple {1965#true} assume ~l.base == ~x.base && ~l.offset == ~x.offset;#res := 1bv8; {1965#true} is VALID [2018-11-23 11:04:23,850 INFO L273 TraceCheckUtils]: 17: Hoare triple {1965#true} assume true; {1965#true} is VALID [2018-11-23 11:04:23,850 INFO L268 TraceCheckUtils]: 18: Hoare quadruple {1965#true} {1965#true} #120#return; {1965#true} is VALID [2018-11-23 11:04:23,851 INFO L273 TraceCheckUtils]: 19: Hoare triple {1965#true} #res := #t~ret15;havoc #t~mem14.base, #t~mem14.offset;havoc #t~ret15; {1965#true} is VALID [2018-11-23 11:04:23,851 INFO L273 TraceCheckUtils]: 20: Hoare triple {1965#true} assume true; {1965#true} is VALID [2018-11-23 11:04:23,851 INFO L268 TraceCheckUtils]: 21: Hoare quadruple {1965#true} {1965#true} #106#return; {1965#true} is VALID [2018-11-23 11:04:23,851 INFO L273 TraceCheckUtils]: 22: Hoare triple {1965#true} assume 0bv8 != #t~ret19;havoc #t~ret19; {1965#true} is VALID [2018-11-23 11:04:23,851 INFO L256 TraceCheckUtils]: 23: Hoare triple {1965#true} call remove(~x~0.base, ~x~0.offset); {1965#true} is VALID [2018-11-23 11:04:23,851 INFO L273 TraceCheckUtils]: 24: Hoare triple {1965#true} ~x.base, ~x.offset := #in~x.base, #in~x.offset;call #t~mem3.base, #t~mem3.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32); {1965#true} is VALID [2018-11-23 11:04:23,852 INFO L273 TraceCheckUtils]: 25: Hoare triple {1965#true} assume #t~mem3.base != 0bv32 || #t~mem3.offset != 0bv32;havoc #t~mem3.base, #t~mem3.offset;call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call write~$Pointer$(#t~mem5.base, #t~mem5.offset, #t~mem4.base, #t~mem4.offset, 4bv32);havoc #t~mem5.base, #t~mem5.offset;havoc #t~mem4.base, #t~mem4.offset; {1965#true} is VALID [2018-11-23 11:04:23,852 INFO L273 TraceCheckUtils]: 26: Hoare triple {1965#true} call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32); {1965#true} is VALID [2018-11-23 11:04:23,852 INFO L273 TraceCheckUtils]: 27: Hoare triple {1965#true} assume #t~mem6.base != 0bv32 || #t~mem6.offset != 0bv32;havoc #t~mem6.base, #t~mem6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call write~$Pointer$(#t~mem8.base, #t~mem8.offset, #t~mem7.base, ~bvadd32(4bv32, #t~mem7.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;havoc #t~mem8.base, #t~mem8.offset; {1965#true} is VALID [2018-11-23 11:04:23,852 INFO L273 TraceCheckUtils]: 28: Hoare triple {1965#true} assume true; {1965#true} is VALID [2018-11-23 11:04:23,852 INFO L268 TraceCheckUtils]: 29: Hoare quadruple {1965#true} {1965#true} #108#return; {1965#true} is VALID [2018-11-23 11:04:23,853 INFO L273 TraceCheckUtils]: 30: Hoare triple {1965#true} #t~short21 := ~#list~0.base == ~x~0.base && ~#list~0.offset == ~x~0.offset; {1965#true} is VALID [2018-11-23 11:04:23,853 INFO L273 TraceCheckUtils]: 31: Hoare triple {1965#true} assume !#t~short21; {1965#true} is VALID [2018-11-23 11:04:23,853 INFO L256 TraceCheckUtils]: 32: Hoare triple {1965#true} call #t~ret20 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {1965#true} is VALID [2018-11-23 11:04:23,853 INFO L273 TraceCheckUtils]: 33: Hoare triple {1965#true} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {1965#true} is VALID [2018-11-23 11:04:23,854 INFO L273 TraceCheckUtils]: 34: Hoare triple {1965#true} assume !(~l.base == ~x.base && ~l.offset == ~x.offset);call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~l.base, ~bvadd32(4bv32, ~l.offset), 4bv32); {1965#true} is VALID [2018-11-23 11:04:23,866 INFO L273 TraceCheckUtils]: 35: Hoare triple {1965#true} assume !(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;#res := 0bv8; {2075#(= (_ bv0 8) |is_list_containing_x_#res|)} is VALID [2018-11-23 11:04:23,871 INFO L273 TraceCheckUtils]: 36: Hoare triple {2075#(= (_ bv0 8) |is_list_containing_x_#res|)} assume true; {2075#(= (_ bv0 8) |is_list_containing_x_#res|)} is VALID [2018-11-23 11:04:23,873 INFO L268 TraceCheckUtils]: 37: Hoare quadruple {2075#(= (_ bv0 8) |is_list_containing_x_#res|)} {1965#true} #110#return; {2082#(= (_ bv0 8) |main_#t~ret20|)} is VALID [2018-11-23 11:04:23,881 INFO L273 TraceCheckUtils]: 38: Hoare triple {2082#(= (_ bv0 8) |main_#t~ret20|)} #t~short21 := 0bv8 == #t~ret20; {2086#|main_#t~short21|} is VALID [2018-11-23 11:04:23,882 INFO L256 TraceCheckUtils]: 39: Hoare triple {2086#|main_#t~short21|} call __VERIFIER_assert((if #t~short21 then 1bv32 else 0bv32)); {2090#(= (bvadd |__VERIFIER_assert_#in~cond| (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:04:23,883 INFO L273 TraceCheckUtils]: 40: Hoare triple {2090#(= (bvadd |__VERIFIER_assert_#in~cond| (_ bv4294967295 32)) (_ bv0 32))} ~cond := #in~cond; {2094#(= (bvadd __VERIFIER_assert_~cond (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:04:23,883 INFO L273 TraceCheckUtils]: 41: Hoare triple {2094#(= (bvadd __VERIFIER_assert_~cond (_ bv4294967295 32)) (_ bv0 32))} assume 0bv32 == ~cond; {1966#false} is VALID [2018-11-23 11:04:23,883 INFO L273 TraceCheckUtils]: 42: Hoare triple {1966#false} assume !false; {1966#false} is VALID [2018-11-23 11:04:23,886 INFO L134 CoverageAnalysis]: Checked inductivity of 14 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 10 trivial. 0 not checked. [2018-11-23 11:04:23,886 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:04:23,892 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:04:23,892 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2018-11-23 11:04:23,892 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 43 [2018-11-23 11:04:23,893 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:04:23,893 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states. [2018-11-23 11:04:23,964 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:04:23,965 INFO L459 AbstractCegarLoop]: Interpolant automaton has 7 states [2018-11-23 11:04:23,965 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2018-11-23 11:04:23,965 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2018-11-23 11:04:23,966 INFO L87 Difference]: Start difference. First operand 67 states and 93 transitions. Second operand 7 states. [2018-11-23 11:04:25,047 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:25,047 INFO L93 Difference]: Finished difference Result 77 states and 103 transitions. [2018-11-23 11:04:25,048 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2018-11-23 11:04:25,048 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 43 [2018-11-23 11:04:25,048 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:04:25,048 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2018-11-23 11:04:25,050 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 75 transitions. [2018-11-23 11:04:25,051 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2018-11-23 11:04:25,052 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 75 transitions. [2018-11-23 11:04:25,052 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 75 transitions. [2018-11-23 11:04:25,145 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 75 edges. 75 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:04:25,149 INFO L225 Difference]: With dead ends: 77 [2018-11-23 11:04:25,149 INFO L226 Difference]: Without dead ends: 75 [2018-11-23 11:04:25,150 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=53, Unknown=0, NotChecked=0, Total=72 [2018-11-23 11:04:25,151 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 75 states. [2018-11-23 11:04:25,247 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 75 to 73. [2018-11-23 11:04:25,247 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:04:25,247 INFO L82 GeneralOperation]: Start isEquivalent. First operand 75 states. Second operand 73 states. [2018-11-23 11:04:25,247 INFO L74 IsIncluded]: Start isIncluded. First operand 75 states. Second operand 73 states. [2018-11-23 11:04:25,247 INFO L87 Difference]: Start difference. First operand 75 states. Second operand 73 states. [2018-11-23 11:04:25,252 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:25,252 INFO L93 Difference]: Finished difference Result 75 states and 101 transitions. [2018-11-23 11:04:25,253 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 101 transitions. [2018-11-23 11:04:25,253 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:04:25,253 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:04:25,254 INFO L74 IsIncluded]: Start isIncluded. First operand 73 states. Second operand 75 states. [2018-11-23 11:04:25,254 INFO L87 Difference]: Start difference. First operand 73 states. Second operand 75 states. [2018-11-23 11:04:25,258 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:04:25,258 INFO L93 Difference]: Finished difference Result 75 states and 101 transitions. [2018-11-23 11:04:25,258 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 101 transitions. [2018-11-23 11:04:25,259 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:04:25,259 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:04:25,259 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:04:25,260 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:04:25,260 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 73 states. [2018-11-23 11:04:25,263 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 73 states to 73 states and 99 transitions. [2018-11-23 11:04:25,264 INFO L78 Accepts]: Start accepts. Automaton has 73 states and 99 transitions. Word has length 43 [2018-11-23 11:04:25,264 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:04:25,264 INFO L480 AbstractCegarLoop]: Abstraction has 73 states and 99 transitions. [2018-11-23 11:04:25,264 INFO L481 AbstractCegarLoop]: Interpolant automaton has 7 states. [2018-11-23 11:04:25,264 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 99 transitions. [2018-11-23 11:04:25,266 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 50 [2018-11-23 11:04:25,266 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:04:25,266 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:04:25,266 INFO L423 AbstractCegarLoop]: === Iteration 6 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:04:25,266 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:04:25,267 INFO L82 PathProgramCache]: Analyzing trace with hash -424799352, now seen corresponding path program 1 times [2018-11-23 11:04:25,267 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:04:25,267 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:04:25,290 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:04:25,415 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:25,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:04:25,471 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:04:26,666 WARN L180 SmtUtils]: Spent 1.11 s on a formula simplification that was a NOOP. DAG size: 46 [2018-11-23 11:04:26,688 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 36 [2018-11-23 11:04:26,698 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 33 treesize of output 32 [2018-11-23 11:04:26,716 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:26,733 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 32 treesize of output 36 [2018-11-23 11:04:26,736 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:04:26,781 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:26,953 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 26 [2018-11-23 11:04:26,964 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:27,006 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 2 case distinctions, treesize of input 23 treesize of output 41 [2018-11-23 11:04:27,013 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 2 xjuncts. [2018-11-23 11:04:27,083 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:04:27,263 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:04:27,358 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 31 [2018-11-23 11:04:27,372 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 16 [2018-11-23 11:04:27,392 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:27,405 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 23 [2018-11-23 11:04:27,407 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:04:27,457 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:27,602 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 31 [2018-11-23 11:04:27,616 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:04:27,618 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:04:27,652 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:27,698 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:28,016 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 36 [2018-11-23 11:04:28,030 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 33 treesize of output 32 [2018-11-23 11:04:28,044 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:28,051 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 32 treesize of output 36 [2018-11-23 11:04:28,077 INFO L267 ElimStorePlain]: Start of recursive call 14: End of recursive call: and 1 xjuncts. [2018-11-23 11:04:28,105 INFO L267 ElimStorePlain]: Start of recursive call 13: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:28,164 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 26 [2018-11-23 11:04:28,177 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:28,206 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 2 case distinctions, treesize of input 23 treesize of output 46 [2018-11-23 11:04:28,214 INFO L267 ElimStorePlain]: Start of recursive call 16: End of recursive call: and 2 xjuncts. [2018-11-23 11:04:28,265 INFO L267 ElimStorePlain]: Start of recursive call 15: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:04:28,316 INFO L267 ElimStorePlain]: Start of recursive call 12: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:04:28,348 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 31 [2018-11-23 11:04:28,356 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 16 [2018-11-23 11:04:28,371 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:28,377 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 23 [2018-11-23 11:04:28,380 INFO L267 ElimStorePlain]: Start of recursive call 19: End of recursive call: and 1 xjuncts. [2018-11-23 11:04:28,397 INFO L267 ElimStorePlain]: Start of recursive call 18: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:28,450 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 31 [2018-11-23 11:04:28,458 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:04:28,460 INFO L267 ElimStorePlain]: Start of recursive call 21: End of recursive call: and 1 xjuncts. [2018-11-23 11:04:28,480 INFO L267 ElimStorePlain]: Start of recursive call 20: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:28,507 INFO L267 ElimStorePlain]: Start of recursive call 17: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:28,667 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: and 5 xjuncts. [2018-11-23 11:04:28,667 INFO L202 ElimStorePlain]: Needed 21 recursive calls to eliminate 3 variables, input treesize:85, output treesize:270 [2018-11-23 11:04:30,815 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:04:30,816 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_35|, main_~tail~0.offset, |v_#memory_$Pointer$.offset_35|]. (let ((.cse1 (bvadd main_~tail~0.offset (_ bv4 32))) (.cse2 (bvadd main_~n~0.offset (_ bv4 32)))) (and (= (let ((.cse0 (store |v_#memory_$Pointer$.base_35| main_~n~0.base (store (store (select |v_#memory_$Pointer$.base_35| main_~n~0.base) main_~n~0.offset |main_~#list~0.base|) .cse2 (_ bv0 32))))) (store .cse0 |main_~#list~0.base| (store (select .cse0 |main_~#list~0.base|) .cse1 main_~n~0.base))) |#memory_$Pointer$.base|) (= |main_~#list~0.offset| (_ bv0 32)) (= (let ((.cse3 (store |v_#memory_$Pointer$.offset_35| main_~n~0.base (store (store (select |v_#memory_$Pointer$.offset_35| main_~n~0.base) main_~n~0.offset main_~tail~0.offset) .cse2 (_ bv0 32))))) (store .cse3 |main_~#list~0.base| (store (select .cse3 |main_~#list~0.base|) .cse1 main_~n~0.offset))) |#memory_$Pointer$.offset|) (= (_ bv0 32) main_~n~0.offset))) [2018-11-23 11:04:30,816 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse20 (select |#memory_$Pointer$.offset| main_~n~0.base))) (let ((.cse14 (select |#memory_$Pointer$.base| main_~n~0.base)) (.cse19 (bvadd main_~n~0.offset (_ bv4 32))) (.cse18 (select .cse20 main_~n~0.offset))) (let ((.cse8 (bvadd .cse18 (_ bv4 32))) (.cse16 (select .cse20 .cse19)) (.cse17 (select .cse14 main_~n~0.offset)) (.cse15 (select .cse14 .cse19))) (let ((.cse0 (= (_ bv0 32) .cse15)) (.cse3 (select |#memory_$Pointer$.base| |main_~#list~0.base|)) (.cse1 (= |main_~#list~0.base| .cse17)) (.cse4 (= .cse18 main_~n~0.offset)) (.cse6 (= .cse16 main_~n~0.offset)) (.cse9 (= main_~n~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) .cse8))) (.cse2 (= |main_~#list~0.offset| (_ bv0 32))) (.cse11 (= .cse17 main_~n~0.base)) (.cse10 (= .cse16 (_ bv0 32))) (.cse13 (= main_~n~0.offset .cse15)) (.cse12 (= (select .cse14 .cse8) main_~n~0.base)) (.cse5 (= (_ bv0 32) main_~n~0.offset)) (.cse7 (= |main_~#list~0.base| main_~n~0.base))) (or (and .cse0 .cse1 .cse2 (= (select .cse3 main_~n~0.offset) main_~n~0.base) .cse4 .cse5 .cse6 .cse7) (and .cse0 (= (select .cse3 .cse8) main_~n~0.base) .cse1 .cse9 .cse2 .cse10 .cse5) (and .cse9 .cse2 .cse11 .cse10 .cse4 .cse12 .cse5 .cse7) (and .cse2 .cse11 .cse13 .cse4 .cse5 .cse6 .cse7) (and .cse9 .cse2 .cse11 .cse10 .cse13 .cse12 .cse5 .cse7)))))) [2018-11-23 11:04:31,362 WARN L180 SmtUtils]: Spent 497.00 ms on a formula simplification. DAG size of input: 42 DAG size of output: 39 [2018-11-23 11:04:31,627 WARN L180 SmtUtils]: Spent 121.00 ms on a formula simplification that was a NOOP. DAG size: 39 [2018-11-23 11:04:33,555 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 56 treesize of output 50 [2018-11-23 11:04:33,566 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:33,568 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:33,569 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:04:33,571 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 2 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 32 [2018-11-23 11:04:33,573 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:04:33,600 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:33,639 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-23 11:04:33,646 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:33,647 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:04:33,649 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:04:33,650 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:33,685 INFO L267 ElimStorePlain]: Start of recursive call 1: 4 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:04:33,686 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 4 variables, input treesize:109, output treesize:14 [2018-11-23 11:04:33,697 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:04:33,698 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_BEFORE_CALL_2|, |v_#memory_$Pointer$.offset_BEFORE_CALL_2|, v_prenex_4, v_prenex_3]. (let ((.cse2 (= main_~x~0.offset (_ bv0 32))) (.cse3 (= |main_~#list~0.base| main_~x~0.base)) (.cse4 (= |main_~#list~0.offset| (_ bv0 32))) (.cse5 (bvadd main_~x~0.offset (_ bv4 32)))) (or (let ((.cse1 (select |v_#memory_$Pointer$.offset_BEFORE_CALL_2| main_~x~0.base))) (let ((.cse0 (select .cse1 .cse5))) (and (not (= (_ bv0 32) .cse0)) (= main_~x~0.offset (select .cse1 main_~x~0.offset)) (= main_~x~0.offset .cse0) (= (select (select |v_#memory_$Pointer$.base_BEFORE_CALL_2| |main_~#list~0.base|) main_~x~0.offset) main_~x~0.base) .cse2 .cse3 .cse4 (= (_ bv0 32) (select (select |v_#memory_$Pointer$.base_BEFORE_CALL_2| main_~x~0.base) .cse5))))) (let ((.cse8 (select v_prenex_4 main_~x~0.base))) (let ((.cse7 (select .cse8 main_~x~0.offset)) (.cse6 (select v_prenex_3 main_~x~0.base))) (and (not (= (_ bv0 32) (select .cse6 .cse5))) .cse2 (= (select .cse6 (bvadd .cse7 (_ bv4 32))) main_~x~0.base) .cse3 .cse4 (= main_~x~0.offset .cse7) (= (select .cse6 main_~x~0.offset) main_~x~0.base) (= (_ bv0 32) (select .cse8 .cse5))))))) [2018-11-23 11:04:33,698 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (not (= (_ bv0 32) main_~x~0.base))) [2018-11-23 11:04:33,793 INFO L256 TraceCheckUtils]: 0: Hoare triple {2458#true} call ULTIMATE.init(); {2458#true} is VALID [2018-11-23 11:04:33,793 INFO L273 TraceCheckUtils]: 1: Hoare triple {2458#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2458#true} is VALID [2018-11-23 11:04:33,793 INFO L273 TraceCheckUtils]: 2: Hoare triple {2458#true} assume true; {2458#true} is VALID [2018-11-23 11:04:33,793 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2458#true} {2458#true} #102#return; {2458#true} is VALID [2018-11-23 11:04:33,794 INFO L256 TraceCheckUtils]: 4: Hoare triple {2458#true} call #t~ret23 := main(); {2458#true} is VALID [2018-11-23 11:04:33,794 INFO L273 TraceCheckUtils]: 5: Hoare triple {2458#true} call ~#list~0.base, ~#list~0.offset := #Ultimate.alloc(8bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~#list~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~#list~0.base, ~bvadd32(4bv32, ~#list~0.offset), 4bv32);~x~0.base, ~x~0.offset := ~#list~0.base, ~#list~0.offset;~tail~0.base, ~tail~0.offset := ~#list~0.base, ~#list~0.offset; {2478#(and (= |main_~#list~0.base| main_~tail~0.base) (= |main_~#list~0.offset| (_ bv0 32)))} is VALID [2018-11-23 11:04:33,799 INFO L273 TraceCheckUtils]: 6: Hoare triple {2478#(and (= |main_~#list~0.base| main_~tail~0.base) (= |main_~#list~0.offset| (_ bv0 32)))} assume !!(0bv8 != #t~nondet16);havoc #t~nondet16;call #t~malloc17.base, #t~malloc17.offset := #Ultimate.alloc(8bv32);~n~0.base, ~n~0.offset := #t~malloc17.base, #t~malloc17.offset; {2482#(and (= |main_~#list~0.base| main_~tail~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (_ bv0 32) main_~n~0.offset))} is VALID [2018-11-23 11:04:33,838 INFO L273 TraceCheckUtils]: 7: Hoare triple {2482#(and (= |main_~#list~0.base| main_~tail~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (_ bv0 32) main_~n~0.offset))} assume !(~n~0.base == 0bv32 && ~n~0.offset == 0bv32);call write~$Pointer$(~tail~0.base, ~tail~0.offset, ~n~0.base, ~n~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);call write~$Pointer$(~n~0.base, ~n~0.offset, ~tail~0.base, ~bvadd32(4bv32, ~tail~0.offset), 4bv32); {2486#(or (and (= (_ bv0 32) (select (select |#memory_$Pointer$.base| main_~n~0.base) (bvadd main_~n~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~n~0.base) main_~n~0.offset) (_ bv4 32))) main_~n~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~n~0.base) main_~n~0.offset)) (= main_~n~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~n~0.base) main_~n~0.offset) (_ bv4 32)))) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.offset| main_~n~0.base) (bvadd main_~n~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) main_~n~0.offset)) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.base| main_~n~0.base) (bvadd main_~n~0.offset (_ bv4 32)))) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~n~0.offset) main_~n~0.base) (= (select (select |#memory_$Pointer$.offset| main_~n~0.base) main_~n~0.offset) main_~n~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~n~0.base) (bvadd main_~n~0.offset (_ bv4 32))) main_~n~0.offset) (= (_ bv0 32) main_~n~0.offset) (= |main_~#list~0.base| main_~n~0.base)) (and (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~n~0.base) main_~n~0.offset) main_~n~0.base) (= (select (select |#memory_$Pointer$.offset| main_~n~0.base) (bvadd main_~n~0.offset (_ bv4 32))) (_ bv0 32)) (= (select (select |#memory_$Pointer$.offset| main_~n~0.base) main_~n~0.offset) main_~n~0.offset) (= (select (select |#memory_$Pointer$.base| main_~n~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~n~0.base) main_~n~0.offset) (_ bv4 32))) main_~n~0.base) (= (_ bv0 32) main_~n~0.offset) (= |main_~#list~0.base| main_~n~0.base)))} is VALID [2018-11-23 11:04:33,842 INFO L273 TraceCheckUtils]: 8: Hoare triple {2486#(or (and (= (_ bv0 32) (select (select |#memory_$Pointer$.base| main_~n~0.base) (bvadd main_~n~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~n~0.base) main_~n~0.offset) (_ bv4 32))) main_~n~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~n~0.base) main_~n~0.offset)) (= main_~n~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~n~0.base) main_~n~0.offset) (_ bv4 32)))) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.offset| main_~n~0.base) (bvadd main_~n~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) main_~n~0.offset)) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.base| main_~n~0.base) (bvadd main_~n~0.offset (_ bv4 32)))) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~n~0.offset) main_~n~0.base) (= (select (select |#memory_$Pointer$.offset| main_~n~0.base) main_~n~0.offset) main_~n~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~n~0.base) (bvadd main_~n~0.offset (_ bv4 32))) main_~n~0.offset) (= (_ bv0 32) main_~n~0.offset) (= |main_~#list~0.base| main_~n~0.base)) (and (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~n~0.base) main_~n~0.offset) main_~n~0.base) (= (select (select |#memory_$Pointer$.offset| main_~n~0.base) (bvadd main_~n~0.offset (_ bv4 32))) (_ bv0 32)) (= (select (select |#memory_$Pointer$.offset| main_~n~0.base) main_~n~0.offset) main_~n~0.offset) (= (select (select |#memory_$Pointer$.base| main_~n~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~n~0.base) main_~n~0.offset) (_ bv4 32))) main_~n~0.base) (= (_ bv0 32) main_~n~0.offset) (= |main_~#list~0.base| main_~n~0.base)))} assume 0bv8 != #t~nondet18;havoc #t~nondet18;~x~0.base, ~x~0.offset := ~n~0.base, ~n~0.offset; {2490#(or (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32)))) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))))) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset) main_~x~0.base)) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~x~0.offset) main_~x~0.base) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32))))} is VALID [2018-11-23 11:04:33,843 INFO L273 TraceCheckUtils]: 9: Hoare triple {2490#(or (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32)))) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))))) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset) main_~x~0.base)) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~x~0.offset) main_~x~0.base) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32))))} assume !(0bv8 != #t~nondet16);havoc #t~nondet16; {2490#(or (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32)))) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))))) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset) main_~x~0.base)) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~x~0.offset) main_~x~0.base) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32))))} is VALID [2018-11-23 11:04:34,518 INFO L256 TraceCheckUtils]: 10: Hoare triple {2490#(or (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32)))) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))))) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset) main_~x~0.base)) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~x~0.offset) main_~x~0.base) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32))))} call #t~ret19 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} is VALID [2018-11-23 11:04:34,519 INFO L273 TraceCheckUtils]: 11: Hoare triple {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} is VALID [2018-11-23 11:04:34,520 INFO L273 TraceCheckUtils]: 12: Hoare triple {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} assume !(~l.base == ~x.base && ~l.offset == ~x.offset);call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~l.base, ~bvadd32(4bv32, ~l.offset), 4bv32); {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} is VALID [2018-11-23 11:04:34,520 INFO L273 TraceCheckUtils]: 13: Hoare triple {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} assume #t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32;havoc #t~mem13.base, #t~mem13.offset;call #t~mem14.base, #t~mem14.offset := read~$Pointer$(~l.base, ~bvadd32(4bv32, ~l.offset), 4bv32); {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} is VALID [2018-11-23 11:04:34,521 INFO L256 TraceCheckUtils]: 14: Hoare triple {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} call #t~ret15 := is_list_containing_x(#t~mem14.base, #t~mem14.offset, ~x.base, ~x.offset); {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} is VALID [2018-11-23 11:04:34,522 INFO L273 TraceCheckUtils]: 15: Hoare triple {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} is VALID [2018-11-23 11:04:34,522 INFO L273 TraceCheckUtils]: 16: Hoare triple {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} assume ~l.base == ~x.base && ~l.offset == ~x.offset;#res := 1bv8; {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} is VALID [2018-11-23 11:04:34,523 INFO L273 TraceCheckUtils]: 17: Hoare triple {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} assume true; {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} is VALID [2018-11-23 11:04:34,525 INFO L268 TraceCheckUtils]: 18: Hoare quadruple {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} #120#return; {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} is VALID [2018-11-23 11:04:34,525 INFO L273 TraceCheckUtils]: 19: Hoare triple {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} #res := #t~ret15;havoc #t~mem14.base, #t~mem14.offset;havoc #t~ret15; {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} is VALID [2018-11-23 11:04:34,526 INFO L273 TraceCheckUtils]: 20: Hoare triple {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} assume true; {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} is VALID [2018-11-23 11:04:34,528 INFO L268 TraceCheckUtils]: 21: Hoare quadruple {2497#(or (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| v_prenex_2) (bvadd (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32)) (_ bv4 32))) v_prenex_2) (= (select (select |#memory_$Pointer$.base| v_prenex_2) (_ bv0 32)) v_prenex_2) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv4 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_2) (_ bv0 32))))) (exists ((v_prenex_1 (_ BitVec 32))) (and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv0 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv0 32)) v_prenex_1) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_prenex_1) (_ bv4 32))) (= (select (select |#memory_$Pointer$.base| v_prenex_1) (_ bv4 32)) (_ bv0 32)))) (exists ((v_main_~x~0.base_BEFORE_CALL_6 (_ BitVec 32))) (and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) v_main_~x~0.base_BEFORE_CALL_6) (= (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv4 32))) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32))) (bvadd (select (select |#memory_$Pointer$.offset| v_main_~x~0.base_BEFORE_CALL_6) (_ bv0 32)) (_ bv4 32))) (_ bv0 32)))))} {2490#(or (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32)))) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))))) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset) main_~x~0.base)) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~x~0.offset) main_~x~0.base) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32))))} #106#return; {2490#(or (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32)))) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))))) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset) main_~x~0.base)) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~x~0.offset) main_~x~0.base) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32))))} is VALID [2018-11-23 11:04:34,529 INFO L273 TraceCheckUtils]: 22: Hoare triple {2490#(or (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32)))) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))))) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset) main_~x~0.base)) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~x~0.offset) main_~x~0.base) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32))))} assume 0bv8 != #t~ret19;havoc #t~ret19; {2490#(or (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32)))) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))))) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset) main_~x~0.base)) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~x~0.offset) main_~x~0.base) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32))))} is VALID [2018-11-23 11:04:34,530 INFO L256 TraceCheckUtils]: 23: Hoare triple {2490#(or (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32)))) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))))) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset) main_~x~0.base)) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~x~0.offset) main_~x~0.base) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32))))} call remove(~x~0.base, ~x~0.offset); {2537#(and (= |#memory_$Pointer$.offset| |old(#memory_$Pointer$.offset)|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|))} is VALID [2018-11-23 11:04:34,532 INFO L273 TraceCheckUtils]: 24: Hoare triple {2537#(and (= |#memory_$Pointer$.offset| |old(#memory_$Pointer$.offset)|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|))} ~x.base, ~x.offset := #in~x.base, #in~x.offset;call #t~mem3.base, #t~mem3.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32); {2541#(and (= |remove_#t~mem3.offset| (select (select |old(#memory_$Pointer$.offset)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32)))) (= (select (select |old(#memory_$Pointer$.base)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) |remove_#t~mem3.base|))} is VALID [2018-11-23 11:04:34,533 INFO L273 TraceCheckUtils]: 25: Hoare triple {2541#(and (= |remove_#t~mem3.offset| (select (select |old(#memory_$Pointer$.offset)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32)))) (= (select (select |old(#memory_$Pointer$.base)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) |remove_#t~mem3.base|))} assume #t~mem3.base != 0bv32 || #t~mem3.offset != 0bv32;havoc #t~mem3.base, #t~mem3.offset;call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call write~$Pointer$(#t~mem5.base, #t~mem5.offset, #t~mem4.base, #t~mem4.offset, 4bv32);havoc #t~mem5.base, #t~mem5.offset;havoc #t~mem4.base, #t~mem4.offset; {2545#(or (not (= (select (select |old(#memory_$Pointer$.offset)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))) (not (= (select (select |old(#memory_$Pointer$.base)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))))} is VALID [2018-11-23 11:04:34,534 INFO L273 TraceCheckUtils]: 26: Hoare triple {2545#(or (not (= (select (select |old(#memory_$Pointer$.offset)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))) (not (= (select (select |old(#memory_$Pointer$.base)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))))} call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32); {2545#(or (not (= (select (select |old(#memory_$Pointer$.offset)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))) (not (= (select (select |old(#memory_$Pointer$.base)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))))} is VALID [2018-11-23 11:04:34,535 INFO L273 TraceCheckUtils]: 27: Hoare triple {2545#(or (not (= (select (select |old(#memory_$Pointer$.offset)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))) (not (= (select (select |old(#memory_$Pointer$.base)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))))} assume #t~mem6.base != 0bv32 || #t~mem6.offset != 0bv32;havoc #t~mem6.base, #t~mem6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~x.base, ~x.offset, 4bv32);call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~x.base, ~bvadd32(4bv32, ~x.offset), 4bv32);call write~$Pointer$(#t~mem8.base, #t~mem8.offset, #t~mem7.base, ~bvadd32(4bv32, #t~mem7.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;havoc #t~mem8.base, #t~mem8.offset; {2545#(or (not (= (select (select |old(#memory_$Pointer$.offset)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))) (not (= (select (select |old(#memory_$Pointer$.base)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))))} is VALID [2018-11-23 11:04:34,536 INFO L273 TraceCheckUtils]: 28: Hoare triple {2545#(or (not (= (select (select |old(#memory_$Pointer$.offset)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))) (not (= (select (select |old(#memory_$Pointer$.base)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))))} assume true; {2545#(or (not (= (select (select |old(#memory_$Pointer$.offset)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))) (not (= (select (select |old(#memory_$Pointer$.base)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))))} is VALID [2018-11-23 11:04:34,540 INFO L268 TraceCheckUtils]: 29: Hoare quadruple {2545#(or (not (= (select (select |old(#memory_$Pointer$.offset)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))) (not (= (select (select |old(#memory_$Pointer$.base)| |remove_#in~x.base|) (bvadd |remove_#in~x.offset| (_ bv4 32))) (_ bv0 32))))} {2490#(or (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32)))) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= |main_~#list~0.base| (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))))) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset) (_ bv4 32))) main_~x~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) main_~x~0.offset) main_~x~0.base)) (and (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) main_~x~0.offset)) (= (select (select |#memory_$Pointer$.base| |main_~#list~0.base|) main_~x~0.offset) main_~x~0.base) (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (= main_~x~0.offset (select (select |#memory_$Pointer$.offset| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32)))) (= (select (select |#memory_$Pointer$.base| main_~x~0.base) (bvadd main_~x~0.offset (_ bv4 32))) (_ bv0 32))))} #108#return; {2558#(and (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (not (= (_ bv0 32) main_~x~0.base)))} is VALID [2018-11-23 11:04:34,541 INFO L273 TraceCheckUtils]: 30: Hoare triple {2558#(and (= main_~x~0.offset (_ bv0 32)) (= |main_~#list~0.base| main_~x~0.base) (= |main_~#list~0.offset| (_ bv0 32)) (not (= (_ bv0 32) main_~x~0.base)))} #t~short21 := ~#list~0.base == ~x~0.base && ~#list~0.offset == ~x~0.offset; {2562#|main_#t~short21|} is VALID [2018-11-23 11:04:34,541 INFO L273 TraceCheckUtils]: 31: Hoare triple {2562#|main_#t~short21|} assume !#t~short21; {2459#false} is VALID [2018-11-23 11:04:34,541 INFO L256 TraceCheckUtils]: 32: Hoare triple {2459#false} call #t~ret20 := is_list_containing_x(~#list~0.base, ~#list~0.offset, ~x~0.base, ~x~0.offset); {2459#false} is VALID [2018-11-23 11:04:34,542 INFO L273 TraceCheckUtils]: 33: Hoare triple {2459#false} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {2459#false} is VALID [2018-11-23 11:04:34,542 INFO L273 TraceCheckUtils]: 34: Hoare triple {2459#false} assume !(~l.base == ~x.base && ~l.offset == ~x.offset);call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~l.base, ~bvadd32(4bv32, ~l.offset), 4bv32); {2459#false} is VALID [2018-11-23 11:04:34,542 INFO L273 TraceCheckUtils]: 35: Hoare triple {2459#false} assume #t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32;havoc #t~mem13.base, #t~mem13.offset;call #t~mem14.base, #t~mem14.offset := read~$Pointer$(~l.base, ~bvadd32(4bv32, ~l.offset), 4bv32); {2459#false} is VALID [2018-11-23 11:04:34,542 INFO L256 TraceCheckUtils]: 36: Hoare triple {2459#false} call #t~ret15 := is_list_containing_x(#t~mem14.base, #t~mem14.offset, ~x.base, ~x.offset); {2459#false} is VALID [2018-11-23 11:04:34,542 INFO L273 TraceCheckUtils]: 37: Hoare triple {2459#false} ~l.base, ~l.offset := #in~l.base, #in~l.offset;~x.base, ~x.offset := #in~x.base, #in~x.offset; {2459#false} is VALID [2018-11-23 11:04:34,542 INFO L273 TraceCheckUtils]: 38: Hoare triple {2459#false} assume ~l.base == ~x.base && ~l.offset == ~x.offset;#res := 1bv8; {2459#false} is VALID [2018-11-23 11:04:34,543 INFO L273 TraceCheckUtils]: 39: Hoare triple {2459#false} assume true; {2459#false} is VALID [2018-11-23 11:04:34,543 INFO L268 TraceCheckUtils]: 40: Hoare quadruple {2459#false} {2459#false} #120#return; {2459#false} is VALID [2018-11-23 11:04:34,543 INFO L273 TraceCheckUtils]: 41: Hoare triple {2459#false} #res := #t~ret15;havoc #t~mem14.base, #t~mem14.offset;havoc #t~ret15; {2459#false} is VALID [2018-11-23 11:04:34,543 INFO L273 TraceCheckUtils]: 42: Hoare triple {2459#false} assume true; {2459#false} is VALID [2018-11-23 11:04:34,544 INFO L268 TraceCheckUtils]: 43: Hoare quadruple {2459#false} {2459#false} #110#return; {2459#false} is VALID [2018-11-23 11:04:34,544 INFO L273 TraceCheckUtils]: 44: Hoare triple {2459#false} #t~short21 := 0bv8 == #t~ret20; {2459#false} is VALID [2018-11-23 11:04:34,544 INFO L256 TraceCheckUtils]: 45: Hoare triple {2459#false} call __VERIFIER_assert((if #t~short21 then 1bv32 else 0bv32)); {2459#false} is VALID [2018-11-23 11:04:34,544 INFO L273 TraceCheckUtils]: 46: Hoare triple {2459#false} ~cond := #in~cond; {2459#false} is VALID [2018-11-23 11:04:34,544 INFO L273 TraceCheckUtils]: 47: Hoare triple {2459#false} assume 0bv32 == ~cond; {2459#false} is VALID [2018-11-23 11:04:34,545 INFO L273 TraceCheckUtils]: 48: Hoare triple {2459#false} assume !false; {2459#false} is VALID [2018-11-23 11:04:34,570 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 19 proven. 1 refuted. 0 times theorem prover too weak. 8 trivial. 0 not checked. [2018-11-23 11:04:34,570 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:04:40,452 WARN L180 SmtUtils]: Spent 503.00 ms on a formula simplification. DAG size of input: 57 DAG size of output: 54 [2018-11-23 11:04:40,469 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:04:40,487 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 76 treesize of output 64 [2018-11-23 11:04:40,691 WARN L521 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:04:40,692 FATAL L292 ToolchainWalker]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.NullPointerException at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSort.areDimensionsConsistent(MultiDimensionalSort.java:84) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelect.classInvariant(MultiDimensionalSelect.java:113) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelect.(MultiDimensionalSelect.java:90) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalStore.isCompatibleSelect(MultiDimensionalStore.java:105) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalStore.(MultiDimensionalStore.java:73) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelectOverStore.(MultiDimensionalSelectOverStore.java:48) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelectOverStore.convert(MultiDimensionalSelectOverStore.java:75) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ArrayQuantifierEliminationUtils.elimAllSos(ArrayQuantifierEliminationUtils.java:57) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.doElimAllRec(ElimStorePlain.java:232) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.doElimOneRec(ElimStorePlain.java:225) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.doElimAllRec(ElimStorePlain.java:247) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.elimAllRec(ElimStorePlain.java:199) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.PartialQuantifierElimination.elim(PartialQuantifierElimination.java:293) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.PartialQuantifierElimination.tryToEliminate(PartialQuantifierElimination.java:101) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer$QuantifierEliminationPostprocessor.postprocess(IterativePredicateTransformer.java:245) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer.applyPostprocessors(IterativePredicateTransformer.java:439) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer.computeBackwardSequence(IterativePredicateTransformer.java:418) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer.computeWeakestPreconditionSequence(IterativePredicateTransformer.java:290) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.singletracecheck.TraceCheckSpWp.computeInterpolantsUsingUnsatCore(TraceCheckSpWp.java:330) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.singletracecheck.TraceCheckSpWp.computeInterpolants(TraceCheckSpWp.java:175) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.singletracecheck.TraceCheckSpWp.(TraceCheckSpWp.java:162) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceCheckConstructor.constructForwardBackward(TraceCheckConstructor.java:224) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceCheckConstructor.constructTraceCheck(TraceCheckConstructor.java:188) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceCheckConstructor.get(TraceCheckConstructor.java:165) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.MultiTrackRefinementStrategy.getTraceCheck(MultiTrackRefinementStrategy.java:232) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseRefinementStrategy.checkFeasibility(BaseRefinementStrategy.java:223) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseRefinementStrategy.executeStrategy(BaseRefinementStrategy.java:197) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceAbstractionRefinementEngine.(TraceAbstractionRefinementEngine.java:70) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.BasicCegarLoop.isCounterexampleFeasible(BasicCegarLoop.java:456) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.AbstractCegarLoop.iterateInternal(AbstractCegarLoop.java:434) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.AbstractCegarLoop.iterate(AbstractCegarLoop.java:376) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.iterate(TraceAbstractionStarter.java:334) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:174) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:126) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:316) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55) [2018-11-23 11:04:40,698 INFO L168 Benchmark]: Toolchain (without parser) took 28286.10 ms. Allocated memory was 1.5 GB in the beginning and 2.4 GB in the end (delta: 858.3 MB). Free memory was 1.4 GB in the beginning and 1.6 GB in the end (delta: -215.5 MB). Peak memory consumption was 642.7 MB. Max. memory is 7.1 GB. [2018-11-23 11:04:40,699 INFO L168 Benchmark]: CDTParser took 0.24 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-11-23 11:04:40,699 INFO L168 Benchmark]: CACSL2BoogieTranslator took 731.65 ms. Allocated memory is still 1.5 GB. Free memory was 1.4 GB in the beginning and 1.4 GB in the end (delta: 44.9 MB). Peak memory consumption was 44.9 MB. Max. memory is 7.1 GB. [2018-11-23 11:04:40,700 INFO L168 Benchmark]: Boogie Procedure Inliner took 119.63 ms. Allocated memory was 1.5 GB in the beginning and 2.3 GB in the end (delta: 719.8 MB). Free memory was 1.4 GB in the beginning and 2.2 GB in the end (delta: -811.3 MB). Peak memory consumption was 16.2 MB. Max. memory is 7.1 GB. [2018-11-23 11:04:40,700 INFO L168 Benchmark]: Boogie Preprocessor took 59.43 ms. Allocated memory is still 2.3 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-11-23 11:04:40,701 INFO L168 Benchmark]: RCFGBuilder took 1032.07 ms. Allocated memory is still 2.3 GB. Free memory was 2.2 GB in the beginning and 2.2 GB in the end (delta: 35.4 MB). Peak memory consumption was 35.4 MB. Max. memory is 7.1 GB. [2018-11-23 11:04:40,701 INFO L168 Benchmark]: TraceAbstraction took 26337.10 ms. Allocated memory was 2.3 GB in the beginning and 2.4 GB in the end (delta: 138.4 MB). Free memory was 2.2 GB in the beginning and 1.6 GB in the end (delta: 515.5 MB). Peak memory consumption was 653.9 MB. Max. memory is 7.1 GB. [2018-11-23 11:04:40,706 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - GenericResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.24 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. * CACSL2BoogieTranslator took 731.65 ms. Allocated memory is still 1.5 GB. Free memory was 1.4 GB in the beginning and 1.4 GB in the end (delta: 44.9 MB). Peak memory consumption was 44.9 MB. Max. memory is 7.1 GB. * Boogie Procedure Inliner took 119.63 ms. Allocated memory was 1.5 GB in the beginning and 2.3 GB in the end (delta: 719.8 MB). Free memory was 1.4 GB in the beginning and 2.2 GB in the end (delta: -811.3 MB). Peak memory consumption was 16.2 MB. Max. memory is 7.1 GB. * Boogie Preprocessor took 59.43 ms. Allocated memory is still 2.3 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. * RCFGBuilder took 1032.07 ms. Allocated memory is still 2.3 GB. Free memory was 2.2 GB in the beginning and 2.2 GB in the end (delta: 35.4 MB). Peak memory consumption was 35.4 MB. Max. memory is 7.1 GB. * TraceAbstraction took 26337.10 ms. Allocated memory was 2.3 GB in the beginning and 2.4 GB in the end (delta: 138.4 MB). Free memory was 2.2 GB in the beginning and 1.6 GB in the end (delta: 515.5 MB). Peak memory consumption was 653.9 MB. Max. memory is 7.1 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - ExceptionOrErrorResult: NullPointerException: null de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: NullPointerException: null: de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSort.areDimensionsConsistent(MultiDimensionalSort.java:84) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request...