java -ea -Xmx8000000000 -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc ../../../trunk/examples/toolchains/AutomizerCInline_WitnessPrinter.xml -s ../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf -i ../../../trunk/examples/svcomp/list-simple/dll2n_prepend_equal_true-unreach-call_true-valid-memsafety.i -------------------------------------------------------------------------------- This is Ultimate 0.1.23-61f4311 [2018-11-23 11:14:00,900 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-11-23 11:14:00,902 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-11-23 11:14:00,915 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-11-23 11:14:00,915 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-11-23 11:14:00,916 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-11-23 11:14:00,918 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-11-23 11:14:00,920 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-11-23 11:14:00,922 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-11-23 11:14:00,924 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-11-23 11:14:00,925 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-11-23 11:14:00,925 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-11-23 11:14:00,926 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2018-11-23 11:14:00,927 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-11-23 11:14:00,929 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2018-11-23 11:14:00,930 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-11-23 11:14:00,931 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-11-23 11:14:00,933 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-11-23 11:14:00,938 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-11-23 11:14:00,946 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-11-23 11:14:00,948 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-11-23 11:14:00,950 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-11-23 11:14:00,957 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-11-23 11:14:00,957 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-11-23 11:14:00,959 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2018-11-23 11:14:00,961 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-11-23 11:14:00,966 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-11-23 11:14:00,969 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2018-11-23 11:14:00,970 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-11-23 11:14:00,971 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-11-23 11:14:00,975 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-11-23 11:14:00,977 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-11-23 11:14:00,977 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2018-11-23 11:14:00,978 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2018-11-23 11:14:00,979 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-11-23 11:14:00,982 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-11-23 11:14:00,982 INFO L98 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf [2018-11-23 11:14:01,012 INFO L110 SettingsManager]: Loading preferences was successful [2018-11-23 11:14:01,013 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-11-23 11:14:01,014 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-11-23 11:14:01,014 INFO L133 SettingsManager]: * ... calls to implemented procedures=ONLY_FOR_CONCURRENT_PROGRAMS [2018-11-23 11:14:01,015 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2018-11-23 11:14:01,015 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2018-11-23 11:14:01,016 INFO L133 SettingsManager]: * Use SBE=true [2018-11-23 11:14:01,017 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-11-23 11:14:01,017 INFO L133 SettingsManager]: * sizeof long=4 [2018-11-23 11:14:01,017 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-11-23 11:14:01,017 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-11-23 11:14:01,017 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2018-11-23 11:14:01,017 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-11-23 11:14:01,018 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2018-11-23 11:14:01,018 INFO L133 SettingsManager]: * Use bitvectors instead of ints=true [2018-11-23 11:14:01,018 INFO L133 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2018-11-23 11:14:01,018 INFO L133 SettingsManager]: * sizeof long double=12 [2018-11-23 11:14:01,018 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2018-11-23 11:14:01,019 INFO L133 SettingsManager]: * Use constant arrays=true [2018-11-23 11:14:01,019 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2018-11-23 11:14:01,019 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-11-23 11:14:01,019 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-11-23 11:14:01,019 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-11-23 11:14:01,019 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-11-23 11:14:01,020 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:14:01,020 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-11-23 11:14:01,020 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-11-23 11:14:01,020 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-11-23 11:14:01,020 INFO L133 SettingsManager]: * Trace refinement strategy=WOLF [2018-11-23 11:14:01,022 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-11-23 11:14:01,023 INFO L133 SettingsManager]: * Command for external solver=cvc4nyu --tear-down-incremental --rewrite-divk --print-success --lang smt [2018-11-23 11:14:01,023 INFO L133 SettingsManager]: * Logic for external solver=AUFBV [2018-11-23 11:14:01,023 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2018-11-23 11:14:01,070 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-11-23 11:14:01,083 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2018-11-23 11:14:01,086 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2018-11-23 11:14:01,088 INFO L271 PluginConnector]: Initializing CDTParser... [2018-11-23 11:14:01,088 INFO L276 PluginConnector]: CDTParser initialized [2018-11-23 11:14:01,089 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/list-simple/dll2n_prepend_equal_true-unreach-call_true-valid-memsafety.i [2018-11-23 11:14:01,143 INFO L221 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/58eed50ea/f7d6bdbe99e240199c9147ce9b557203/FLAG11e433336 [2018-11-23 11:14:01,725 INFO L307 CDTParser]: Found 1 translation units. [2018-11-23 11:14:01,725 INFO L161 CDTParser]: Scanning /storage/repos/ultimate/trunk/examples/svcomp/list-simple/dll2n_prepend_equal_true-unreach-call_true-valid-memsafety.i [2018-11-23 11:14:01,739 INFO L355 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/58eed50ea/f7d6bdbe99e240199c9147ce9b557203/FLAG11e433336 [2018-11-23 11:14:01,992 INFO L363 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/58eed50ea/f7d6bdbe99e240199c9147ce9b557203 [2018-11-23 11:14:02,003 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-11-23 11:14:02,005 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2018-11-23 11:14:02,006 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-11-23 11:14:02,006 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-11-23 11:14:02,010 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-11-23 11:14:02,012 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:14:01" (1/1) ... [2018-11-23 11:14:02,015 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6f288c61 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02, skipping insertion in model container [2018-11-23 11:14:02,015 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:14:01" (1/1) ... [2018-11-23 11:14:02,027 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2018-11-23 11:14:02,088 INFO L176 MainTranslator]: Built tables and reachable declarations [2018-11-23 11:14:02,537 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:14:02,562 INFO L191 MainTranslator]: Completed pre-run [2018-11-23 11:14:02,748 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:14:02,809 INFO L195 MainTranslator]: Completed translation [2018-11-23 11:14:02,809 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02 WrapperNode [2018-11-23 11:14:02,810 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-11-23 11:14:02,811 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2018-11-23 11:14:02,811 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2018-11-23 11:14:02,811 INFO L276 PluginConnector]: Boogie Procedure Inliner initialized [2018-11-23 11:14:02,821 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02" (1/1) ... [2018-11-23 11:14:02,842 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02" (1/1) ... [2018-11-23 11:14:02,852 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2018-11-23 11:14:02,853 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-11-23 11:14:02,853 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-11-23 11:14:02,853 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-11-23 11:14:02,864 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02" (1/1) ... [2018-11-23 11:14:02,865 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02" (1/1) ... [2018-11-23 11:14:02,870 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02" (1/1) ... [2018-11-23 11:14:02,871 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02" (1/1) ... [2018-11-23 11:14:02,892 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02" (1/1) ... [2018-11-23 11:14:02,904 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02" (1/1) ... [2018-11-23 11:14:02,907 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02" (1/1) ... [2018-11-23 11:14:02,911 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-11-23 11:14:02,912 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-11-23 11:14:02,912 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-11-23 11:14:02,912 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-11-23 11:14:02,913 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:14:02,971 INFO L130 BoogieDeclarations]: Found specification of procedure dll_destroy [2018-11-23 11:14:02,971 INFO L138 BoogieDeclarations]: Found implementation of procedure dll_destroy [2018-11-23 11:14:02,972 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-11-23 11:14:02,972 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE4 [2018-11-23 11:14:02,972 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2018-11-23 11:14:02,972 INFO L138 BoogieDeclarations]: Found implementation of procedure exit [2018-11-23 11:14:02,973 INFO L130 BoogieDeclarations]: Found specification of procedure node_create [2018-11-23 11:14:02,973 INFO L138 BoogieDeclarations]: Found implementation of procedure node_create [2018-11-23 11:14:02,973 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-11-23 11:14:02,973 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-11-23 11:14:02,974 INFO L130 BoogieDeclarations]: Found specification of procedure main [2018-11-23 11:14:02,974 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2018-11-23 11:14:02,974 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2018-11-23 11:14:02,974 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2018-11-23 11:14:02,975 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2018-11-23 11:14:02,975 INFO L130 BoogieDeclarations]: Found specification of procedure write~intINTTYPE4 [2018-11-23 11:14:02,975 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$ [2018-11-23 11:14:02,975 INFO L130 BoogieDeclarations]: Found specification of procedure dll_create [2018-11-23 11:14:02,976 INFO L138 BoogieDeclarations]: Found implementation of procedure dll_create [2018-11-23 11:14:02,976 INFO L130 BoogieDeclarations]: Found specification of procedure dll_prepend [2018-11-23 11:14:02,976 INFO L138 BoogieDeclarations]: Found implementation of procedure dll_prepend [2018-11-23 11:14:02,976 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-11-23 11:14:02,976 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-11-23 11:14:04,154 INFO L275 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-11-23 11:14:04,155 INFO L280 CfgBuilder]: Removed 3 assue(true) statements. [2018-11-23 11:14:04,155 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:14:04 BoogieIcfgContainer [2018-11-23 11:14:04,155 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-11-23 11:14:04,156 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2018-11-23 11:14:04,157 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2018-11-23 11:14:04,160 INFO L276 PluginConnector]: TraceAbstraction initialized [2018-11-23 11:14:04,160 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 23.11 11:14:01" (1/3) ... [2018-11-23 11:14:04,161 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@4fadfea4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:14:04, skipping insertion in model container [2018-11-23 11:14:04,161 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:14:02" (2/3) ... [2018-11-23 11:14:04,164 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@4fadfea4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:14:04, skipping insertion in model container [2018-11-23 11:14:04,164 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:14:04" (3/3) ... [2018-11-23 11:14:04,166 INFO L112 eAbstractionObserver]: Analyzing ICFG dll2n_prepend_equal_true-unreach-call_true-valid-memsafety.i [2018-11-23 11:14:04,177 INFO L156 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2018-11-23 11:14:04,187 INFO L168 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2018-11-23 11:14:04,204 INFO L257 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2018-11-23 11:14:04,236 INFO L133 ementStrategyFactory]: Using default assertion order modulation [2018-11-23 11:14:04,237 INFO L382 AbstractCegarLoop]: Interprodecural is true [2018-11-23 11:14:04,237 INFO L383 AbstractCegarLoop]: Hoare is true [2018-11-23 11:14:04,237 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2018-11-23 11:14:04,237 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2018-11-23 11:14:04,237 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2018-11-23 11:14:04,238 INFO L387 AbstractCegarLoop]: Difference is false [2018-11-23 11:14:04,238 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2018-11-23 11:14:04,238 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2018-11-23 11:14:04,257 INFO L276 IsEmpty]: Start isEmpty. Operand 50 states. [2018-11-23 11:14:04,265 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2018-11-23 11:14:04,266 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:14:04,267 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:14:04,269 INFO L423 AbstractCegarLoop]: === Iteration 1 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:14:04,276 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:14:04,276 INFO L82 PathProgramCache]: Analyzing trace with hash -8262080, now seen corresponding path program 1 times [2018-11-23 11:14:04,282 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:14:04,282 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:14:04,313 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:14:04,415 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:04,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:04,477 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:14:04,684 INFO L256 TraceCheckUtils]: 0: Hoare triple {53#true} call ULTIMATE.init(); {53#true} is VALID [2018-11-23 11:14:04,688 INFO L273 TraceCheckUtils]: 1: Hoare triple {53#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {53#true} is VALID [2018-11-23 11:14:04,689 INFO L273 TraceCheckUtils]: 2: Hoare triple {53#true} assume true; {53#true} is VALID [2018-11-23 11:14:04,689 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {53#true} {53#true} #118#return; {53#true} is VALID [2018-11-23 11:14:04,690 INFO L256 TraceCheckUtils]: 4: Hoare triple {53#true} call #t~ret16 := main(); {53#true} is VALID [2018-11-23 11:14:04,690 INFO L273 TraceCheckUtils]: 5: Hoare triple {53#true} ~len~0 := 2bv32;~data~0 := 1bv32;call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4bv32); {53#true} is VALID [2018-11-23 11:14:04,691 INFO L256 TraceCheckUtils]: 6: Hoare triple {53#true} call #t~ret10.base, #t~ret10.offset := dll_create(~len~0, ~data~0); {53#true} is VALID [2018-11-23 11:14:04,691 INFO L273 TraceCheckUtils]: 7: Hoare triple {53#true} ~len := #in~len;~data := #in~data;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {53#true} is VALID [2018-11-23 11:14:04,691 INFO L273 TraceCheckUtils]: 8: Hoare triple {53#true} assume !~bvsgt32(~len, 0bv32); {53#true} is VALID [2018-11-23 11:14:04,692 INFO L273 TraceCheckUtils]: 9: Hoare triple {53#true} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {53#true} is VALID [2018-11-23 11:14:04,692 INFO L273 TraceCheckUtils]: 10: Hoare triple {53#true} assume true; {53#true} is VALID [2018-11-23 11:14:04,693 INFO L268 TraceCheckUtils]: 11: Hoare quadruple {53#true} {53#true} #108#return; {53#true} is VALID [2018-11-23 11:14:04,693 INFO L273 TraceCheckUtils]: 12: Hoare triple {53#true} call write~init~$Pointer$(#t~ret10.base, #t~ret10.offset, ~#s~0.base, ~#s~0.offset, 4bv32);havoc #t~ret10.base, #t~ret10.offset; {53#true} is VALID [2018-11-23 11:14:04,693 INFO L256 TraceCheckUtils]: 13: Hoare triple {53#true} call dll_prepend(~#s~0.base, ~#s~0.offset, ~data~0); {53#true} is VALID [2018-11-23 11:14:04,694 INFO L273 TraceCheckUtils]: 14: Hoare triple {53#true} ~head.base, ~head.offset := #in~head.base, #in~head.offset;~data := #in~data; {53#true} is VALID [2018-11-23 11:14:04,694 INFO L256 TraceCheckUtils]: 15: Hoare triple {53#true} call #t~ret6.base, #t~ret6.offset := node_create(~data); {53#true} is VALID [2018-11-23 11:14:04,694 INFO L273 TraceCheckUtils]: 16: Hoare triple {53#true} ~data := #in~data;call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(12bv32);~temp~0.base, ~temp~0.offset := #t~malloc2.base, #t~malloc2.offset; {53#true} is VALID [2018-11-23 11:14:04,695 INFO L273 TraceCheckUtils]: 17: Hoare triple {53#true} assume !(0bv32 == ~temp~0.base && 0bv32 == ~temp~0.offset); {53#true} is VALID [2018-11-23 11:14:04,695 INFO L273 TraceCheckUtils]: 18: Hoare triple {53#true} call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(4bv32, ~temp~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(8bv32, ~temp~0.offset), 4bv32);call write~intINTTYPE4(~data, ~temp~0.base, ~temp~0.offset, 4bv32);#res.base, #res.offset := ~temp~0.base, ~temp~0.offset; {53#true} is VALID [2018-11-23 11:14:04,696 INFO L273 TraceCheckUtils]: 19: Hoare triple {53#true} assume true; {53#true} is VALID [2018-11-23 11:14:04,696 INFO L268 TraceCheckUtils]: 20: Hoare quadruple {53#true} {53#true} #116#return; {53#true} is VALID [2018-11-23 11:14:04,697 INFO L273 TraceCheckUtils]: 21: Hoare triple {53#true} ~new_head~1.base, ~new_head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(#t~mem7.base, #t~mem7.offset, ~new_head~1.base, ~bvadd32(4bv32, ~new_head~1.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32); {53#true} is VALID [2018-11-23 11:14:04,697 INFO L273 TraceCheckUtils]: 22: Hoare triple {53#true} assume #t~mem8.base != 0bv32 || #t~mem8.offset != 0bv32;havoc #t~mem8.base, #t~mem8.offset;call #t~mem9.base, #t~mem9.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, #t~mem9.base, ~bvadd32(8bv32, #t~mem9.offset), 4bv32);havoc #t~mem9.base, #t~mem9.offset; {53#true} is VALID [2018-11-23 11:14:04,697 INFO L273 TraceCheckUtils]: 23: Hoare triple {53#true} call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, ~head.base, ~head.offset, 4bv32); {53#true} is VALID [2018-11-23 11:14:04,698 INFO L273 TraceCheckUtils]: 24: Hoare triple {53#true} assume true; {53#true} is VALID [2018-11-23 11:14:04,698 INFO L268 TraceCheckUtils]: 25: Hoare quadruple {53#true} {53#true} #110#return; {53#true} is VALID [2018-11-23 11:14:04,698 INFO L273 TraceCheckUtils]: 26: Hoare triple {53#true} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4bv32);~ptr~0.base, ~ptr~0.offset := #t~mem11.base, #t~mem11.offset;havoc #t~mem11.base, #t~mem11.offset;~count~0 := 0bv32; {53#true} is VALID [2018-11-23 11:14:04,712 INFO L273 TraceCheckUtils]: 27: Hoare triple {53#true} assume !true; {54#false} is VALID [2018-11-23 11:14:04,712 INFO L273 TraceCheckUtils]: 28: Hoare triple {54#false} assume ~count~0 != ~bvadd32(1bv32, ~len~0); {54#false} is VALID [2018-11-23 11:14:04,713 INFO L273 TraceCheckUtils]: 29: Hoare triple {54#false} assume !false; {54#false} is VALID [2018-11-23 11:14:04,720 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:14:04,720 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:14:04,730 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:14:04,730 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2018-11-23 11:14:04,738 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 30 [2018-11-23 11:14:04,743 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:14:04,748 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states. [2018-11-23 11:14:04,997 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:14:04,997 INFO L459 AbstractCegarLoop]: Interpolant automaton has 2 states [2018-11-23 11:14:05,008 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2018-11-23 11:14:05,008 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:14:05,011 INFO L87 Difference]: Start difference. First operand 50 states. Second operand 2 states. [2018-11-23 11:14:05,943 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:05,944 INFO L93 Difference]: Finished difference Result 86 states and 105 transitions. [2018-11-23 11:14:05,944 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2018-11-23 11:14:05,944 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 30 [2018-11-23 11:14:05,945 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:14:05,946 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:14:05,960 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 105 transitions. [2018-11-23 11:14:05,961 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:14:05,967 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 105 transitions. [2018-11-23 11:14:05,968 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 105 transitions. [2018-11-23 11:14:06,279 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:14:06,297 INFO L225 Difference]: With dead ends: 86 [2018-11-23 11:14:06,298 INFO L226 Difference]: Without dead ends: 36 [2018-11-23 11:14:06,302 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 29 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:14:06,319 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 36 states. [2018-11-23 11:14:06,349 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 36 to 36. [2018-11-23 11:14:06,350 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:14:06,350 INFO L82 GeneralOperation]: Start isEquivalent. First operand 36 states. Second operand 36 states. [2018-11-23 11:14:06,351 INFO L74 IsIncluded]: Start isIncluded. First operand 36 states. Second operand 36 states. [2018-11-23 11:14:06,351 INFO L87 Difference]: Start difference. First operand 36 states. Second operand 36 states. [2018-11-23 11:14:06,356 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:06,356 INFO L93 Difference]: Finished difference Result 36 states and 40 transitions. [2018-11-23 11:14:06,356 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 40 transitions. [2018-11-23 11:14:06,357 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:14:06,357 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:14:06,358 INFO L74 IsIncluded]: Start isIncluded. First operand 36 states. Second operand 36 states. [2018-11-23 11:14:06,358 INFO L87 Difference]: Start difference. First operand 36 states. Second operand 36 states. [2018-11-23 11:14:06,362 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:06,363 INFO L93 Difference]: Finished difference Result 36 states and 40 transitions. [2018-11-23 11:14:06,363 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 40 transitions. [2018-11-23 11:14:06,364 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:14:06,364 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:14:06,364 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:14:06,364 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:14:06,365 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 36 states. [2018-11-23 11:14:06,369 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 40 transitions. [2018-11-23 11:14:06,372 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 40 transitions. Word has length 30 [2018-11-23 11:14:06,373 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:14:06,373 INFO L480 AbstractCegarLoop]: Abstraction has 36 states and 40 transitions. [2018-11-23 11:14:06,373 INFO L481 AbstractCegarLoop]: Interpolant automaton has 2 states. [2018-11-23 11:14:06,373 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 40 transitions. [2018-11-23 11:14:06,375 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2018-11-23 11:14:06,375 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:14:06,375 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:14:06,377 INFO L423 AbstractCegarLoop]: === Iteration 2 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:14:06,378 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:14:06,378 INFO L82 PathProgramCache]: Analyzing trace with hash -8270729, now seen corresponding path program 1 times [2018-11-23 11:14:06,379 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:14:06,379 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:14:06,396 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:14:06,466 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:06,501 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:06,503 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:14:06,691 INFO L256 TraceCheckUtils]: 0: Hoare triple {383#true} call ULTIMATE.init(); {383#true} is VALID [2018-11-23 11:14:06,691 INFO L273 TraceCheckUtils]: 1: Hoare triple {383#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {383#true} is VALID [2018-11-23 11:14:06,692 INFO L273 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2018-11-23 11:14:06,692 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {383#true} {383#true} #118#return; {383#true} is VALID [2018-11-23 11:14:06,693 INFO L256 TraceCheckUtils]: 4: Hoare triple {383#true} call #t~ret16 := main(); {383#true} is VALID [2018-11-23 11:14:06,694 INFO L273 TraceCheckUtils]: 5: Hoare triple {383#true} ~len~0 := 2bv32;~data~0 := 1bv32;call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4bv32); {403#(= (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} is VALID [2018-11-23 11:14:06,694 INFO L256 TraceCheckUtils]: 6: Hoare triple {403#(= (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} call #t~ret10.base, #t~ret10.offset := dll_create(~len~0, ~data~0); {383#true} is VALID [2018-11-23 11:14:06,694 INFO L273 TraceCheckUtils]: 7: Hoare triple {383#true} ~len := #in~len;~data := #in~data;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {410#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:14:06,696 INFO L273 TraceCheckUtils]: 8: Hoare triple {410#(= dll_create_~len |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {414#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} is VALID [2018-11-23 11:14:06,696 INFO L273 TraceCheckUtils]: 9: Hoare triple {414#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {414#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} is VALID [2018-11-23 11:14:06,697 INFO L273 TraceCheckUtils]: 10: Hoare triple {414#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} assume true; {414#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} is VALID [2018-11-23 11:14:06,706 INFO L268 TraceCheckUtils]: 11: Hoare quadruple {414#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} {403#(= (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} #108#return; {384#false} is VALID [2018-11-23 11:14:06,707 INFO L273 TraceCheckUtils]: 12: Hoare triple {384#false} call write~init~$Pointer$(#t~ret10.base, #t~ret10.offset, ~#s~0.base, ~#s~0.offset, 4bv32);havoc #t~ret10.base, #t~ret10.offset; {384#false} is VALID [2018-11-23 11:14:06,707 INFO L256 TraceCheckUtils]: 13: Hoare triple {384#false} call dll_prepend(~#s~0.base, ~#s~0.offset, ~data~0); {384#false} is VALID [2018-11-23 11:14:06,708 INFO L273 TraceCheckUtils]: 14: Hoare triple {384#false} ~head.base, ~head.offset := #in~head.base, #in~head.offset;~data := #in~data; {384#false} is VALID [2018-11-23 11:14:06,708 INFO L256 TraceCheckUtils]: 15: Hoare triple {384#false} call #t~ret6.base, #t~ret6.offset := node_create(~data); {384#false} is VALID [2018-11-23 11:14:06,708 INFO L273 TraceCheckUtils]: 16: Hoare triple {384#false} ~data := #in~data;call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(12bv32);~temp~0.base, ~temp~0.offset := #t~malloc2.base, #t~malloc2.offset; {384#false} is VALID [2018-11-23 11:14:06,708 INFO L273 TraceCheckUtils]: 17: Hoare triple {384#false} assume !(0bv32 == ~temp~0.base && 0bv32 == ~temp~0.offset); {384#false} is VALID [2018-11-23 11:14:06,709 INFO L273 TraceCheckUtils]: 18: Hoare triple {384#false} call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(4bv32, ~temp~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(8bv32, ~temp~0.offset), 4bv32);call write~intINTTYPE4(~data, ~temp~0.base, ~temp~0.offset, 4bv32);#res.base, #res.offset := ~temp~0.base, ~temp~0.offset; {384#false} is VALID [2018-11-23 11:14:06,709 INFO L273 TraceCheckUtils]: 19: Hoare triple {384#false} assume true; {384#false} is VALID [2018-11-23 11:14:06,709 INFO L268 TraceCheckUtils]: 20: Hoare quadruple {384#false} {384#false} #116#return; {384#false} is VALID [2018-11-23 11:14:06,710 INFO L273 TraceCheckUtils]: 21: Hoare triple {384#false} ~new_head~1.base, ~new_head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(#t~mem7.base, #t~mem7.offset, ~new_head~1.base, ~bvadd32(4bv32, ~new_head~1.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32); {384#false} is VALID [2018-11-23 11:14:06,710 INFO L273 TraceCheckUtils]: 22: Hoare triple {384#false} assume #t~mem8.base != 0bv32 || #t~mem8.offset != 0bv32;havoc #t~mem8.base, #t~mem8.offset;call #t~mem9.base, #t~mem9.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, #t~mem9.base, ~bvadd32(8bv32, #t~mem9.offset), 4bv32);havoc #t~mem9.base, #t~mem9.offset; {384#false} is VALID [2018-11-23 11:14:06,710 INFO L273 TraceCheckUtils]: 23: Hoare triple {384#false} call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, ~head.base, ~head.offset, 4bv32); {384#false} is VALID [2018-11-23 11:14:06,711 INFO L273 TraceCheckUtils]: 24: Hoare triple {384#false} assume true; {384#false} is VALID [2018-11-23 11:14:06,711 INFO L268 TraceCheckUtils]: 25: Hoare quadruple {384#false} {384#false} #110#return; {384#false} is VALID [2018-11-23 11:14:06,711 INFO L273 TraceCheckUtils]: 26: Hoare triple {384#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4bv32);~ptr~0.base, ~ptr~0.offset := #t~mem11.base, #t~mem11.offset;havoc #t~mem11.base, #t~mem11.offset;~count~0 := 0bv32; {384#false} is VALID [2018-11-23 11:14:06,712 INFO L273 TraceCheckUtils]: 27: Hoare triple {384#false} assume !(~ptr~0.base != 0bv32 || ~ptr~0.offset != 0bv32); {384#false} is VALID [2018-11-23 11:14:06,712 INFO L273 TraceCheckUtils]: 28: Hoare triple {384#false} assume ~count~0 != ~bvadd32(1bv32, ~len~0); {384#false} is VALID [2018-11-23 11:14:06,712 INFO L273 TraceCheckUtils]: 29: Hoare triple {384#false} assume !false; {384#false} is VALID [2018-11-23 11:14:06,714 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:14:06,715 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:14:06,716 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:14:06,717 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2018-11-23 11:14:06,718 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 30 [2018-11-23 11:14:06,719 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:14:06,719 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2018-11-23 11:14:06,805 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:14:06,806 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2018-11-23 11:14:06,806 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2018-11-23 11:14:06,806 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2018-11-23 11:14:06,807 INFO L87 Difference]: Start difference. First operand 36 states and 40 transitions. Second operand 5 states. [2018-11-23 11:14:08,232 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:08,233 INFO L93 Difference]: Finished difference Result 64 states and 72 transitions. [2018-11-23 11:14:08,233 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2018-11-23 11:14:08,233 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 30 [2018-11-23 11:14:08,233 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:14:08,233 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2018-11-23 11:14:08,238 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 72 transitions. [2018-11-23 11:14:08,238 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2018-11-23 11:14:08,242 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 72 transitions. [2018-11-23 11:14:08,242 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 72 transitions. [2018-11-23 11:14:08,447 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 72 edges. 72 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:14:08,451 INFO L225 Difference]: With dead ends: 64 [2018-11-23 11:14:08,451 INFO L226 Difference]: Without dead ends: 41 [2018-11-23 11:14:08,452 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 30 GetRequests, 26 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2018-11-23 11:14:08,453 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 41 states. [2018-11-23 11:14:08,476 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 41 to 37. [2018-11-23 11:14:08,476 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:14:08,476 INFO L82 GeneralOperation]: Start isEquivalent. First operand 41 states. Second operand 37 states. [2018-11-23 11:14:08,476 INFO L74 IsIncluded]: Start isIncluded. First operand 41 states. Second operand 37 states. [2018-11-23 11:14:08,476 INFO L87 Difference]: Start difference. First operand 41 states. Second operand 37 states. [2018-11-23 11:14:08,480 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:08,480 INFO L93 Difference]: Finished difference Result 41 states and 46 transitions. [2018-11-23 11:14:08,480 INFO L276 IsEmpty]: Start isEmpty. Operand 41 states and 46 transitions. [2018-11-23 11:14:08,481 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:14:08,481 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:14:08,481 INFO L74 IsIncluded]: Start isIncluded. First operand 37 states. Second operand 41 states. [2018-11-23 11:14:08,481 INFO L87 Difference]: Start difference. First operand 37 states. Second operand 41 states. [2018-11-23 11:14:08,485 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:08,485 INFO L93 Difference]: Finished difference Result 41 states and 46 transitions. [2018-11-23 11:14:08,485 INFO L276 IsEmpty]: Start isEmpty. Operand 41 states and 46 transitions. [2018-11-23 11:14:08,486 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:14:08,486 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:14:08,486 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:14:08,486 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:14:08,487 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 37 states. [2018-11-23 11:14:08,489 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 37 states to 37 states and 41 transitions. [2018-11-23 11:14:08,489 INFO L78 Accepts]: Start accepts. Automaton has 37 states and 41 transitions. Word has length 30 [2018-11-23 11:14:08,489 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:14:08,490 INFO L480 AbstractCegarLoop]: Abstraction has 37 states and 41 transitions. [2018-11-23 11:14:08,490 INFO L481 AbstractCegarLoop]: Interpolant automaton has 5 states. [2018-11-23 11:14:08,490 INFO L276 IsEmpty]: Start isEmpty. Operand 37 states and 41 transitions. [2018-11-23 11:14:08,491 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2018-11-23 11:14:08,491 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:14:08,491 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:14:08,492 INFO L423 AbstractCegarLoop]: === Iteration 3 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:14:08,492 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:14:08,492 INFO L82 PathProgramCache]: Analyzing trace with hash 8418931, now seen corresponding path program 1 times [2018-11-23 11:14:08,493 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:14:08,493 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:14:08,511 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:14:08,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:08,599 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:08,601 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:14:08,670 INFO L256 TraceCheckUtils]: 0: Hoare triple {696#true} call ULTIMATE.init(); {696#true} is VALID [2018-11-23 11:14:08,671 INFO L273 TraceCheckUtils]: 1: Hoare triple {696#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {696#true} is VALID [2018-11-23 11:14:08,672 INFO L273 TraceCheckUtils]: 2: Hoare triple {696#true} assume true; {696#true} is VALID [2018-11-23 11:14:08,672 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {696#true} {696#true} #118#return; {696#true} is VALID [2018-11-23 11:14:08,673 INFO L256 TraceCheckUtils]: 4: Hoare triple {696#true} call #t~ret16 := main(); {696#true} is VALID [2018-11-23 11:14:08,673 INFO L273 TraceCheckUtils]: 5: Hoare triple {696#true} ~len~0 := 2bv32;~data~0 := 1bv32;call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4bv32); {696#true} is VALID [2018-11-23 11:14:08,673 INFO L256 TraceCheckUtils]: 6: Hoare triple {696#true} call #t~ret10.base, #t~ret10.offset := dll_create(~len~0, ~data~0); {696#true} is VALID [2018-11-23 11:14:08,678 INFO L273 TraceCheckUtils]: 7: Hoare triple {696#true} ~len := #in~len;~data := #in~data;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {722#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:14:08,680 INFO L273 TraceCheckUtils]: 8: Hoare triple {722#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(12bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; {722#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:14:08,682 INFO L273 TraceCheckUtils]: 9: Hoare triple {722#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {722#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:14:08,683 INFO L273 TraceCheckUtils]: 10: Hoare triple {722#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} call write~intINTTYPE4(~data, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {722#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:14:08,689 INFO L273 TraceCheckUtils]: 11: Hoare triple {722#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(8bv32, ~head~0.offset), 4bv32); {697#false} is VALID [2018-11-23 11:14:08,689 INFO L273 TraceCheckUtils]: 12: Hoare triple {697#false} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post4 := ~len;~len := ~bvsub32(#t~post4, 1bv32);havoc #t~post4; {697#false} is VALID [2018-11-23 11:14:08,689 INFO L273 TraceCheckUtils]: 13: Hoare triple {697#false} assume !~bvsgt32(~len, 0bv32); {697#false} is VALID [2018-11-23 11:14:08,690 INFO L273 TraceCheckUtils]: 14: Hoare triple {697#false} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {697#false} is VALID [2018-11-23 11:14:08,690 INFO L273 TraceCheckUtils]: 15: Hoare triple {697#false} assume true; {697#false} is VALID [2018-11-23 11:14:08,690 INFO L268 TraceCheckUtils]: 16: Hoare quadruple {697#false} {696#true} #108#return; {697#false} is VALID [2018-11-23 11:14:08,691 INFO L273 TraceCheckUtils]: 17: Hoare triple {697#false} call write~init~$Pointer$(#t~ret10.base, #t~ret10.offset, ~#s~0.base, ~#s~0.offset, 4bv32);havoc #t~ret10.base, #t~ret10.offset; {697#false} is VALID [2018-11-23 11:14:08,691 INFO L256 TraceCheckUtils]: 18: Hoare triple {697#false} call dll_prepend(~#s~0.base, ~#s~0.offset, ~data~0); {697#false} is VALID [2018-11-23 11:14:08,691 INFO L273 TraceCheckUtils]: 19: Hoare triple {697#false} ~head.base, ~head.offset := #in~head.base, #in~head.offset;~data := #in~data; {697#false} is VALID [2018-11-23 11:14:08,692 INFO L256 TraceCheckUtils]: 20: Hoare triple {697#false} call #t~ret6.base, #t~ret6.offset := node_create(~data); {697#false} is VALID [2018-11-23 11:14:08,692 INFO L273 TraceCheckUtils]: 21: Hoare triple {697#false} ~data := #in~data;call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(12bv32);~temp~0.base, ~temp~0.offset := #t~malloc2.base, #t~malloc2.offset; {697#false} is VALID [2018-11-23 11:14:08,692 INFO L273 TraceCheckUtils]: 22: Hoare triple {697#false} assume !(0bv32 == ~temp~0.base && 0bv32 == ~temp~0.offset); {697#false} is VALID [2018-11-23 11:14:08,693 INFO L273 TraceCheckUtils]: 23: Hoare triple {697#false} call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(4bv32, ~temp~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(8bv32, ~temp~0.offset), 4bv32);call write~intINTTYPE4(~data, ~temp~0.base, ~temp~0.offset, 4bv32);#res.base, #res.offset := ~temp~0.base, ~temp~0.offset; {697#false} is VALID [2018-11-23 11:14:08,693 INFO L273 TraceCheckUtils]: 24: Hoare triple {697#false} assume true; {697#false} is VALID [2018-11-23 11:14:08,693 INFO L268 TraceCheckUtils]: 25: Hoare quadruple {697#false} {697#false} #116#return; {697#false} is VALID [2018-11-23 11:14:08,693 INFO L273 TraceCheckUtils]: 26: Hoare triple {697#false} ~new_head~1.base, ~new_head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(#t~mem7.base, #t~mem7.offset, ~new_head~1.base, ~bvadd32(4bv32, ~new_head~1.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32); {697#false} is VALID [2018-11-23 11:14:08,694 INFO L273 TraceCheckUtils]: 27: Hoare triple {697#false} assume #t~mem8.base != 0bv32 || #t~mem8.offset != 0bv32;havoc #t~mem8.base, #t~mem8.offset;call #t~mem9.base, #t~mem9.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, #t~mem9.base, ~bvadd32(8bv32, #t~mem9.offset), 4bv32);havoc #t~mem9.base, #t~mem9.offset; {697#false} is VALID [2018-11-23 11:14:08,694 INFO L273 TraceCheckUtils]: 28: Hoare triple {697#false} call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, ~head.base, ~head.offset, 4bv32); {697#false} is VALID [2018-11-23 11:14:08,694 INFO L273 TraceCheckUtils]: 29: Hoare triple {697#false} assume true; {697#false} is VALID [2018-11-23 11:14:08,695 INFO L268 TraceCheckUtils]: 30: Hoare quadruple {697#false} {697#false} #110#return; {697#false} is VALID [2018-11-23 11:14:08,695 INFO L273 TraceCheckUtils]: 31: Hoare triple {697#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4bv32);~ptr~0.base, ~ptr~0.offset := #t~mem11.base, #t~mem11.offset;havoc #t~mem11.base, #t~mem11.offset;~count~0 := 0bv32; {697#false} is VALID [2018-11-23 11:14:08,695 INFO L273 TraceCheckUtils]: 32: Hoare triple {697#false} assume !(~ptr~0.base != 0bv32 || ~ptr~0.offset != 0bv32); {697#false} is VALID [2018-11-23 11:14:08,696 INFO L273 TraceCheckUtils]: 33: Hoare triple {697#false} assume ~count~0 != ~bvadd32(1bv32, ~len~0); {697#false} is VALID [2018-11-23 11:14:08,696 INFO L273 TraceCheckUtils]: 34: Hoare triple {697#false} assume !false; {697#false} is VALID [2018-11-23 11:14:08,699 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:14:08,699 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:14:08,702 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:14:08,702 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2018-11-23 11:14:08,702 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 35 [2018-11-23 11:14:08,703 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:14:08,703 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2018-11-23 11:14:08,779 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 35 edges. 35 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:14:08,779 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2018-11-23 11:14:08,779 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2018-11-23 11:14:08,779 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:14:08,780 INFO L87 Difference]: Start difference. First operand 37 states and 41 transitions. Second operand 3 states. [2018-11-23 11:14:09,788 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:09,789 INFO L93 Difference]: Finished difference Result 69 states and 78 transitions. [2018-11-23 11:14:09,789 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2018-11-23 11:14:09,789 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 35 [2018-11-23 11:14:09,789 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:14:09,790 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:14:09,793 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 78 transitions. [2018-11-23 11:14:09,794 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:14:09,797 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 78 transitions. [2018-11-23 11:14:09,798 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 78 transitions. [2018-11-23 11:14:09,960 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 78 edges. 78 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:14:09,962 INFO L225 Difference]: With dead ends: 69 [2018-11-23 11:14:09,962 INFO L226 Difference]: Without dead ends: 41 [2018-11-23 11:14:09,963 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 34 GetRequests, 33 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:14:09,963 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 41 states. [2018-11-23 11:14:09,999 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 41 to 40. [2018-11-23 11:14:09,999 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:14:10,000 INFO L82 GeneralOperation]: Start isEquivalent. First operand 41 states. Second operand 40 states. [2018-11-23 11:14:10,000 INFO L74 IsIncluded]: Start isIncluded. First operand 41 states. Second operand 40 states. [2018-11-23 11:14:10,000 INFO L87 Difference]: Start difference. First operand 41 states. Second operand 40 states. [2018-11-23 11:14:10,003 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:10,003 INFO L93 Difference]: Finished difference Result 41 states and 45 transitions. [2018-11-23 11:14:10,004 INFO L276 IsEmpty]: Start isEmpty. Operand 41 states and 45 transitions. [2018-11-23 11:14:10,004 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:14:10,004 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:14:10,005 INFO L74 IsIncluded]: Start isIncluded. First operand 40 states. Second operand 41 states. [2018-11-23 11:14:10,005 INFO L87 Difference]: Start difference. First operand 40 states. Second operand 41 states. [2018-11-23 11:14:10,007 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:10,008 INFO L93 Difference]: Finished difference Result 41 states and 45 transitions. [2018-11-23 11:14:10,008 INFO L276 IsEmpty]: Start isEmpty. Operand 41 states and 45 transitions. [2018-11-23 11:14:10,008 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:14:10,009 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:14:10,009 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:14:10,009 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:14:10,009 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 40 states. [2018-11-23 11:14:10,011 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 40 states to 40 states and 44 transitions. [2018-11-23 11:14:10,011 INFO L78 Accepts]: Start accepts. Automaton has 40 states and 44 transitions. Word has length 35 [2018-11-23 11:14:10,012 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:14:10,012 INFO L480 AbstractCegarLoop]: Abstraction has 40 states and 44 transitions. [2018-11-23 11:14:10,012 INFO L481 AbstractCegarLoop]: Interpolant automaton has 3 states. [2018-11-23 11:14:10,012 INFO L276 IsEmpty]: Start isEmpty. Operand 40 states and 44 transitions. [2018-11-23 11:14:10,013 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2018-11-23 11:14:10,014 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:14:10,014 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:14:10,014 INFO L423 AbstractCegarLoop]: === Iteration 4 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:14:10,014 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:14:10,014 INFO L82 PathProgramCache]: Analyzing trace with hash -125594575, now seen corresponding path program 1 times [2018-11-23 11:14:10,015 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:14:10,015 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:14:10,033 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:14:10,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:10,132 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:10,134 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:14:10,244 INFO L256 TraceCheckUtils]: 0: Hoare triple {1029#true} call ULTIMATE.init(); {1029#true} is VALID [2018-11-23 11:14:10,245 INFO L273 TraceCheckUtils]: 1: Hoare triple {1029#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1029#true} is VALID [2018-11-23 11:14:10,245 INFO L273 TraceCheckUtils]: 2: Hoare triple {1029#true} assume true; {1029#true} is VALID [2018-11-23 11:14:10,246 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1029#true} {1029#true} #118#return; {1029#true} is VALID [2018-11-23 11:14:10,246 INFO L256 TraceCheckUtils]: 4: Hoare triple {1029#true} call #t~ret16 := main(); {1029#true} is VALID [2018-11-23 11:14:10,247 INFO L273 TraceCheckUtils]: 5: Hoare triple {1029#true} ~len~0 := 2bv32;~data~0 := 1bv32;call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4bv32); {1049#(= (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} is VALID [2018-11-23 11:14:10,248 INFO L256 TraceCheckUtils]: 6: Hoare triple {1049#(= (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} call #t~ret10.base, #t~ret10.offset := dll_create(~len~0, ~data~0); {1029#true} is VALID [2018-11-23 11:14:10,248 INFO L273 TraceCheckUtils]: 7: Hoare triple {1029#true} ~len := #in~len;~data := #in~data;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1056#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:14:10,249 INFO L273 TraceCheckUtils]: 8: Hoare triple {1056#(= dll_create_~len |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(12bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; {1056#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:14:10,254 INFO L273 TraceCheckUtils]: 9: Hoare triple {1056#(= dll_create_~len |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1056#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:14:10,255 INFO L273 TraceCheckUtils]: 10: Hoare triple {1056#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(~data, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1056#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:14:10,257 INFO L273 TraceCheckUtils]: 11: Hoare triple {1056#(= dll_create_~len |dll_create_#in~len|)} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1056#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:14:10,257 INFO L273 TraceCheckUtils]: 12: Hoare triple {1056#(= dll_create_~len |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post4 := ~len;~len := ~bvsub32(#t~post4, 1bv32);havoc #t~post4; {1072#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:14:10,258 INFO L273 TraceCheckUtils]: 13: Hoare triple {1072#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:14:10,258 INFO L273 TraceCheckUtils]: 14: Hoare triple {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:14:10,261 INFO L273 TraceCheckUtils]: 15: Hoare triple {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} assume true; {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:14:10,264 INFO L268 TraceCheckUtils]: 16: Hoare quadruple {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} {1049#(= (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} #108#return; {1030#false} is VALID [2018-11-23 11:14:10,265 INFO L273 TraceCheckUtils]: 17: Hoare triple {1030#false} call write~init~$Pointer$(#t~ret10.base, #t~ret10.offset, ~#s~0.base, ~#s~0.offset, 4bv32);havoc #t~ret10.base, #t~ret10.offset; {1030#false} is VALID [2018-11-23 11:14:10,265 INFO L256 TraceCheckUtils]: 18: Hoare triple {1030#false} call dll_prepend(~#s~0.base, ~#s~0.offset, ~data~0); {1030#false} is VALID [2018-11-23 11:14:10,266 INFO L273 TraceCheckUtils]: 19: Hoare triple {1030#false} ~head.base, ~head.offset := #in~head.base, #in~head.offset;~data := #in~data; {1030#false} is VALID [2018-11-23 11:14:10,266 INFO L256 TraceCheckUtils]: 20: Hoare triple {1030#false} call #t~ret6.base, #t~ret6.offset := node_create(~data); {1030#false} is VALID [2018-11-23 11:14:10,266 INFO L273 TraceCheckUtils]: 21: Hoare triple {1030#false} ~data := #in~data;call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(12bv32);~temp~0.base, ~temp~0.offset := #t~malloc2.base, #t~malloc2.offset; {1030#false} is VALID [2018-11-23 11:14:10,267 INFO L273 TraceCheckUtils]: 22: Hoare triple {1030#false} assume !(0bv32 == ~temp~0.base && 0bv32 == ~temp~0.offset); {1030#false} is VALID [2018-11-23 11:14:10,267 INFO L273 TraceCheckUtils]: 23: Hoare triple {1030#false} call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(4bv32, ~temp~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(8bv32, ~temp~0.offset), 4bv32);call write~intINTTYPE4(~data, ~temp~0.base, ~temp~0.offset, 4bv32);#res.base, #res.offset := ~temp~0.base, ~temp~0.offset; {1030#false} is VALID [2018-11-23 11:14:10,268 INFO L273 TraceCheckUtils]: 24: Hoare triple {1030#false} assume true; {1030#false} is VALID [2018-11-23 11:14:10,268 INFO L268 TraceCheckUtils]: 25: Hoare quadruple {1030#false} {1030#false} #116#return; {1030#false} is VALID [2018-11-23 11:14:10,268 INFO L273 TraceCheckUtils]: 26: Hoare triple {1030#false} ~new_head~1.base, ~new_head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(#t~mem7.base, #t~mem7.offset, ~new_head~1.base, ~bvadd32(4bv32, ~new_head~1.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32); {1030#false} is VALID [2018-11-23 11:14:10,268 INFO L273 TraceCheckUtils]: 27: Hoare triple {1030#false} assume #t~mem8.base != 0bv32 || #t~mem8.offset != 0bv32;havoc #t~mem8.base, #t~mem8.offset;call #t~mem9.base, #t~mem9.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, #t~mem9.base, ~bvadd32(8bv32, #t~mem9.offset), 4bv32);havoc #t~mem9.base, #t~mem9.offset; {1030#false} is VALID [2018-11-23 11:14:10,269 INFO L273 TraceCheckUtils]: 28: Hoare triple {1030#false} call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, ~head.base, ~head.offset, 4bv32); {1030#false} is VALID [2018-11-23 11:14:10,269 INFO L273 TraceCheckUtils]: 29: Hoare triple {1030#false} assume true; {1030#false} is VALID [2018-11-23 11:14:10,269 INFO L268 TraceCheckUtils]: 30: Hoare quadruple {1030#false} {1030#false} #110#return; {1030#false} is VALID [2018-11-23 11:14:10,270 INFO L273 TraceCheckUtils]: 31: Hoare triple {1030#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4bv32);~ptr~0.base, ~ptr~0.offset := #t~mem11.base, #t~mem11.offset;havoc #t~mem11.base, #t~mem11.offset;~count~0 := 0bv32; {1030#false} is VALID [2018-11-23 11:14:10,270 INFO L273 TraceCheckUtils]: 32: Hoare triple {1030#false} assume !(~ptr~0.base != 0bv32 || ~ptr~0.offset != 0bv32); {1030#false} is VALID [2018-11-23 11:14:10,270 INFO L273 TraceCheckUtils]: 33: Hoare triple {1030#false} assume ~count~0 != ~bvadd32(1bv32, ~len~0); {1030#false} is VALID [2018-11-23 11:14:10,271 INFO L273 TraceCheckUtils]: 34: Hoare triple {1030#false} assume !false; {1030#false} is VALID [2018-11-23 11:14:10,273 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:14:10,274 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:14:10,755 INFO L273 TraceCheckUtils]: 34: Hoare triple {1030#false} assume !false; {1030#false} is VALID [2018-11-23 11:14:10,756 INFO L273 TraceCheckUtils]: 33: Hoare triple {1030#false} assume ~count~0 != ~bvadd32(1bv32, ~len~0); {1030#false} is VALID [2018-11-23 11:14:10,756 INFO L273 TraceCheckUtils]: 32: Hoare triple {1030#false} assume !(~ptr~0.base != 0bv32 || ~ptr~0.offset != 0bv32); {1030#false} is VALID [2018-11-23 11:14:10,757 INFO L273 TraceCheckUtils]: 31: Hoare triple {1030#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4bv32);~ptr~0.base, ~ptr~0.offset := #t~mem11.base, #t~mem11.offset;havoc #t~mem11.base, #t~mem11.offset;~count~0 := 0bv32; {1030#false} is VALID [2018-11-23 11:14:10,757 INFO L268 TraceCheckUtils]: 30: Hoare quadruple {1029#true} {1030#false} #110#return; {1030#false} is VALID [2018-11-23 11:14:10,757 INFO L273 TraceCheckUtils]: 29: Hoare triple {1029#true} assume true; {1029#true} is VALID [2018-11-23 11:14:10,758 INFO L273 TraceCheckUtils]: 28: Hoare triple {1029#true} call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, ~head.base, ~head.offset, 4bv32); {1029#true} is VALID [2018-11-23 11:14:10,758 INFO L273 TraceCheckUtils]: 27: Hoare triple {1029#true} assume #t~mem8.base != 0bv32 || #t~mem8.offset != 0bv32;havoc #t~mem8.base, #t~mem8.offset;call #t~mem9.base, #t~mem9.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, #t~mem9.base, ~bvadd32(8bv32, #t~mem9.offset), 4bv32);havoc #t~mem9.base, #t~mem9.offset; {1029#true} is VALID [2018-11-23 11:14:10,759 INFO L273 TraceCheckUtils]: 26: Hoare triple {1029#true} ~new_head~1.base, ~new_head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(#t~mem7.base, #t~mem7.offset, ~new_head~1.base, ~bvadd32(4bv32, ~new_head~1.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32); {1029#true} is VALID [2018-11-23 11:14:10,759 INFO L268 TraceCheckUtils]: 25: Hoare quadruple {1029#true} {1029#true} #116#return; {1029#true} is VALID [2018-11-23 11:14:10,760 INFO L273 TraceCheckUtils]: 24: Hoare triple {1029#true} assume true; {1029#true} is VALID [2018-11-23 11:14:10,761 INFO L273 TraceCheckUtils]: 23: Hoare triple {1029#true} call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(4bv32, ~temp~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(8bv32, ~temp~0.offset), 4bv32);call write~intINTTYPE4(~data, ~temp~0.base, ~temp~0.offset, 4bv32);#res.base, #res.offset := ~temp~0.base, ~temp~0.offset; {1029#true} is VALID [2018-11-23 11:14:10,761 INFO L273 TraceCheckUtils]: 22: Hoare triple {1029#true} assume !(0bv32 == ~temp~0.base && 0bv32 == ~temp~0.offset); {1029#true} is VALID [2018-11-23 11:14:10,761 INFO L273 TraceCheckUtils]: 21: Hoare triple {1029#true} ~data := #in~data;call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(12bv32);~temp~0.base, ~temp~0.offset := #t~malloc2.base, #t~malloc2.offset; {1029#true} is VALID [2018-11-23 11:14:10,762 INFO L256 TraceCheckUtils]: 20: Hoare triple {1029#true} call #t~ret6.base, #t~ret6.offset := node_create(~data); {1029#true} is VALID [2018-11-23 11:14:10,762 INFO L273 TraceCheckUtils]: 19: Hoare triple {1029#true} ~head.base, ~head.offset := #in~head.base, #in~head.offset;~data := #in~data; {1029#true} is VALID [2018-11-23 11:14:10,762 INFO L256 TraceCheckUtils]: 18: Hoare triple {1030#false} call dll_prepend(~#s~0.base, ~#s~0.offset, ~data~0); {1029#true} is VALID [2018-11-23 11:14:10,762 INFO L273 TraceCheckUtils]: 17: Hoare triple {1030#false} call write~init~$Pointer$(#t~ret10.base, #t~ret10.offset, ~#s~0.base, ~#s~0.offset, 4bv32);havoc #t~ret10.base, #t~ret10.offset; {1030#false} is VALID [2018-11-23 11:14:10,765 INFO L268 TraceCheckUtils]: 16: Hoare quadruple {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} {1194#(bvsgt (bvadd main_~len~0 (_ bv4294967295 32)) (_ bv0 32))} #108#return; {1030#false} is VALID [2018-11-23 11:14:10,766 INFO L273 TraceCheckUtils]: 15: Hoare triple {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} assume true; {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:14:10,767 INFO L273 TraceCheckUtils]: 14: Hoare triple {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:14:10,778 INFO L273 TraceCheckUtils]: 13: Hoare triple {1207#(or (bvsgt dll_create_~len (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !~bvsgt32(~len, 0bv32); {1076#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:14:10,794 INFO L273 TraceCheckUtils]: 12: Hoare triple {1211#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post4 := ~len;~len := ~bvsub32(#t~post4, 1bv32);havoc #t~post4; {1207#(or (bvsgt dll_create_~len (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:14:10,805 INFO L273 TraceCheckUtils]: 11: Hoare triple {1211#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1211#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:14:10,806 INFO L273 TraceCheckUtils]: 10: Hoare triple {1211#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} call write~intINTTYPE4(~data, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1211#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:14:10,807 INFO L273 TraceCheckUtils]: 9: Hoare triple {1211#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1211#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:14:10,809 INFO L273 TraceCheckUtils]: 8: Hoare triple {1211#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(12bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; {1211#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:14:10,810 INFO L273 TraceCheckUtils]: 7: Hoare triple {1029#true} ~len := #in~len;~data := #in~data;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1211#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:14:10,811 INFO L256 TraceCheckUtils]: 6: Hoare triple {1194#(bvsgt (bvadd main_~len~0 (_ bv4294967295 32)) (_ bv0 32))} call #t~ret10.base, #t~ret10.offset := dll_create(~len~0, ~data~0); {1029#true} is VALID [2018-11-23 11:14:10,816 INFO L273 TraceCheckUtils]: 5: Hoare triple {1029#true} ~len~0 := 2bv32;~data~0 := 1bv32;call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4bv32); {1194#(bvsgt (bvadd main_~len~0 (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:14:10,816 INFO L256 TraceCheckUtils]: 4: Hoare triple {1029#true} call #t~ret16 := main(); {1029#true} is VALID [2018-11-23 11:14:10,816 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1029#true} {1029#true} #118#return; {1029#true} is VALID [2018-11-23 11:14:10,816 INFO L273 TraceCheckUtils]: 2: Hoare triple {1029#true} assume true; {1029#true} is VALID [2018-11-23 11:14:10,817 INFO L273 TraceCheckUtils]: 1: Hoare triple {1029#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1029#true} is VALID [2018-11-23 11:14:10,817 INFO L256 TraceCheckUtils]: 0: Hoare triple {1029#true} call ULTIMATE.init(); {1029#true} is VALID [2018-11-23 11:14:10,820 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:14:10,825 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:14:10,825 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 6] total 9 [2018-11-23 11:14:10,826 INFO L78 Accepts]: Start accepts. Automaton has 9 states. Word has length 35 [2018-11-23 11:14:10,831 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:14:10,831 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states. [2018-11-23 11:14:10,990 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 58 edges. 58 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:14:10,990 INFO L459 AbstractCegarLoop]: Interpolant automaton has 9 states [2018-11-23 11:14:10,991 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2018-11-23 11:14:10,991 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=52, Unknown=0, NotChecked=0, Total=72 [2018-11-23 11:14:10,991 INFO L87 Difference]: Start difference. First operand 40 states and 44 transitions. Second operand 9 states. [2018-11-23 11:14:12,978 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:12,979 INFO L93 Difference]: Finished difference Result 69 states and 77 transitions. [2018-11-23 11:14:12,979 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2018-11-23 11:14:12,979 INFO L78 Accepts]: Start accepts. Automaton has 9 states. Word has length 35 [2018-11-23 11:14:12,980 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:14:12,980 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 9 states. [2018-11-23 11:14:12,983 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 77 transitions. [2018-11-23 11:14:12,984 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 9 states. [2018-11-23 11:14:12,987 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 77 transitions. [2018-11-23 11:14:12,987 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 77 transitions. [2018-11-23 11:14:13,205 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 77 edges. 77 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:14:13,207 INFO L225 Difference]: With dead ends: 69 [2018-11-23 11:14:13,207 INFO L226 Difference]: Without dead ends: 46 [2018-11-23 11:14:13,208 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 71 GetRequests, 62 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=31, Invalid=79, Unknown=0, NotChecked=0, Total=110 [2018-11-23 11:14:13,209 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 46 states. [2018-11-23 11:14:13,243 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 46 to 42. [2018-11-23 11:14:13,244 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:14:13,244 INFO L82 GeneralOperation]: Start isEquivalent. First operand 46 states. Second operand 42 states. [2018-11-23 11:14:13,244 INFO L74 IsIncluded]: Start isIncluded. First operand 46 states. Second operand 42 states. [2018-11-23 11:14:13,244 INFO L87 Difference]: Start difference. First operand 46 states. Second operand 42 states. [2018-11-23 11:14:13,247 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:13,248 INFO L93 Difference]: Finished difference Result 46 states and 51 transitions. [2018-11-23 11:14:13,248 INFO L276 IsEmpty]: Start isEmpty. Operand 46 states and 51 transitions. [2018-11-23 11:14:13,248 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:14:13,249 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:14:13,249 INFO L74 IsIncluded]: Start isIncluded. First operand 42 states. Second operand 46 states. [2018-11-23 11:14:13,249 INFO L87 Difference]: Start difference. First operand 42 states. Second operand 46 states. [2018-11-23 11:14:13,252 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:13,252 INFO L93 Difference]: Finished difference Result 46 states and 51 transitions. [2018-11-23 11:14:13,252 INFO L276 IsEmpty]: Start isEmpty. Operand 46 states and 51 transitions. [2018-11-23 11:14:13,253 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:14:13,253 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:14:13,253 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:14:13,253 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:14:13,254 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 42 states. [2018-11-23 11:14:13,256 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 42 states to 42 states and 46 transitions. [2018-11-23 11:14:13,256 INFO L78 Accepts]: Start accepts. Automaton has 42 states and 46 transitions. Word has length 35 [2018-11-23 11:14:13,256 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:14:13,256 INFO L480 AbstractCegarLoop]: Abstraction has 42 states and 46 transitions. [2018-11-23 11:14:13,257 INFO L481 AbstractCegarLoop]: Interpolant automaton has 9 states. [2018-11-23 11:14:13,257 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 46 transitions. [2018-11-23 11:14:13,258 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2018-11-23 11:14:13,258 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:14:13,258 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:14:13,259 INFO L423 AbstractCegarLoop]: === Iteration 5 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:14:13,259 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:14:13,259 INFO L82 PathProgramCache]: Analyzing trace with hash 1374188281, now seen corresponding path program 1 times [2018-11-23 11:14:13,260 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:14:13,260 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:14:13,293 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:14:13,392 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:13,425 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:13,427 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:14:13,705 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:14:13,725 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:14:13,726 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:13,732 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:13,743 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:13,744 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:16, output treesize:8 [2018-11-23 11:14:13,753 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:14:13,754 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_49|, dll_prepend_~new_head~1.base]. (and (not (= dll_prepend_~new_head~1.base (_ bv0 32))) (= (store |v_#memory_$Pointer$.base_49| |dll_prepend_#in~head.base| (store (select |v_#memory_$Pointer$.base_49| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset| dll_prepend_~new_head~1.base)) |#memory_$Pointer$.base|)) [2018-11-23 11:14:13,754 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (not (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (_ bv0 32))) [2018-11-23 11:14:13,879 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 12 [2018-11-23 11:14:13,940 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 4 [2018-11-23 11:14:13,962 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:13,997 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:14,004 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:14,005 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:16, output treesize:4 [2018-11-23 11:14:14,007 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:14:14,008 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, |main_~#s~0.base|]. (let ((.cse0 (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) (_ bv0 32)))) (and (= .cse0 main_~ptr~0.base) (not (= (_ bv0 32) .cse0)))) [2018-11-23 11:14:14,008 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (not (= (_ bv0 32) main_~ptr~0.base)) [2018-11-23 11:14:14,024 INFO L256 TraceCheckUtils]: 0: Hoare triple {1490#true} call ULTIMATE.init(); {1490#true} is VALID [2018-11-23 11:14:14,025 INFO L273 TraceCheckUtils]: 1: Hoare triple {1490#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1490#true} is VALID [2018-11-23 11:14:14,025 INFO L273 TraceCheckUtils]: 2: Hoare triple {1490#true} assume true; {1490#true} is VALID [2018-11-23 11:14:14,025 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1490#true} {1490#true} #118#return; {1490#true} is VALID [2018-11-23 11:14:14,026 INFO L256 TraceCheckUtils]: 4: Hoare triple {1490#true} call #t~ret16 := main(); {1490#true} is VALID [2018-11-23 11:14:14,039 INFO L273 TraceCheckUtils]: 5: Hoare triple {1490#true} ~len~0 := 2bv32;~data~0 := 1bv32;call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4bv32); {1510#(= |main_~#s~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:14:14,039 INFO L256 TraceCheckUtils]: 6: Hoare triple {1510#(= |main_~#s~0.offset| (_ bv0 32))} call #t~ret10.base, #t~ret10.offset := dll_create(~len~0, ~data~0); {1490#true} is VALID [2018-11-23 11:14:14,040 INFO L273 TraceCheckUtils]: 7: Hoare triple {1490#true} ~len := #in~len;~data := #in~data;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1490#true} is VALID [2018-11-23 11:14:14,040 INFO L273 TraceCheckUtils]: 8: Hoare triple {1490#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(12bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; {1490#true} is VALID [2018-11-23 11:14:14,040 INFO L273 TraceCheckUtils]: 9: Hoare triple {1490#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1490#true} is VALID [2018-11-23 11:14:14,040 INFO L273 TraceCheckUtils]: 10: Hoare triple {1490#true} call write~intINTTYPE4(~data, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1490#true} is VALID [2018-11-23 11:14:14,040 INFO L273 TraceCheckUtils]: 11: Hoare triple {1490#true} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1490#true} is VALID [2018-11-23 11:14:14,041 INFO L273 TraceCheckUtils]: 12: Hoare triple {1490#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post4 := ~len;~len := ~bvsub32(#t~post4, 1bv32);havoc #t~post4; {1490#true} is VALID [2018-11-23 11:14:14,041 INFO L273 TraceCheckUtils]: 13: Hoare triple {1490#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(12bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; {1490#true} is VALID [2018-11-23 11:14:14,041 INFO L273 TraceCheckUtils]: 14: Hoare triple {1490#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1490#true} is VALID [2018-11-23 11:14:14,041 INFO L273 TraceCheckUtils]: 15: Hoare triple {1490#true} call write~intINTTYPE4(~data, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1490#true} is VALID [2018-11-23 11:14:14,042 INFO L273 TraceCheckUtils]: 16: Hoare triple {1490#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(8bv32, ~head~0.offset), 4bv32); {1490#true} is VALID [2018-11-23 11:14:14,042 INFO L273 TraceCheckUtils]: 17: Hoare triple {1490#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post4 := ~len;~len := ~bvsub32(#t~post4, 1bv32);havoc #t~post4; {1490#true} is VALID [2018-11-23 11:14:14,042 INFO L273 TraceCheckUtils]: 18: Hoare triple {1490#true} assume !~bvsgt32(~len, 0bv32); {1490#true} is VALID [2018-11-23 11:14:14,042 INFO L273 TraceCheckUtils]: 19: Hoare triple {1490#true} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1490#true} is VALID [2018-11-23 11:14:14,042 INFO L273 TraceCheckUtils]: 20: Hoare triple {1490#true} assume true; {1490#true} is VALID [2018-11-23 11:14:14,044 INFO L268 TraceCheckUtils]: 21: Hoare quadruple {1490#true} {1510#(= |main_~#s~0.offset| (_ bv0 32))} #108#return; {1510#(= |main_~#s~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:14:14,045 INFO L273 TraceCheckUtils]: 22: Hoare triple {1510#(= |main_~#s~0.offset| (_ bv0 32))} call write~init~$Pointer$(#t~ret10.base, #t~ret10.offset, ~#s~0.base, ~#s~0.offset, 4bv32);havoc #t~ret10.base, #t~ret10.offset; {1510#(= |main_~#s~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:14:14,045 INFO L256 TraceCheckUtils]: 23: Hoare triple {1510#(= |main_~#s~0.offset| (_ bv0 32))} call dll_prepend(~#s~0.base, ~#s~0.offset, ~data~0); {1490#true} is VALID [2018-11-23 11:14:14,046 INFO L273 TraceCheckUtils]: 24: Hoare triple {1490#true} ~head.base, ~head.offset := #in~head.base, #in~head.offset;~data := #in~data; {1568#(and (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} is VALID [2018-11-23 11:14:14,046 INFO L256 TraceCheckUtils]: 25: Hoare triple {1568#(and (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} call #t~ret6.base, #t~ret6.offset := node_create(~data); {1490#true} is VALID [2018-11-23 11:14:14,055 INFO L273 TraceCheckUtils]: 26: Hoare triple {1490#true} ~data := #in~data;call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(12bv32);~temp~0.base, ~temp~0.offset := #t~malloc2.base, #t~malloc2.offset; {1575#(not (= (_ bv0 32) node_create_~temp~0.base))} is VALID [2018-11-23 11:14:14,059 INFO L273 TraceCheckUtils]: 27: Hoare triple {1575#(not (= (_ bv0 32) node_create_~temp~0.base))} assume !(0bv32 == ~temp~0.base && 0bv32 == ~temp~0.offset); {1575#(not (= (_ bv0 32) node_create_~temp~0.base))} is VALID [2018-11-23 11:14:14,060 INFO L273 TraceCheckUtils]: 28: Hoare triple {1575#(not (= (_ bv0 32) node_create_~temp~0.base))} call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(4bv32, ~temp~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(8bv32, ~temp~0.offset), 4bv32);call write~intINTTYPE4(~data, ~temp~0.base, ~temp~0.offset, 4bv32);#res.base, #res.offset := ~temp~0.base, ~temp~0.offset; {1582#(not (= (_ bv0 32) |node_create_#res.base|))} is VALID [2018-11-23 11:14:14,061 INFO L273 TraceCheckUtils]: 29: Hoare triple {1582#(not (= (_ bv0 32) |node_create_#res.base|))} assume true; {1582#(not (= (_ bv0 32) |node_create_#res.base|))} is VALID [2018-11-23 11:14:14,062 INFO L268 TraceCheckUtils]: 30: Hoare quadruple {1582#(not (= (_ bv0 32) |node_create_#res.base|))} {1568#(and (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} #116#return; {1589#(and (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base) (not (= (_ bv0 32) |dll_prepend_#t~ret6.base|)))} is VALID [2018-11-23 11:14:14,064 INFO L273 TraceCheckUtils]: 31: Hoare triple {1589#(and (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base) (not (= (_ bv0 32) |dll_prepend_#t~ret6.base|)))} ~new_head~1.base, ~new_head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(#t~mem7.base, #t~mem7.offset, ~new_head~1.base, ~bvadd32(4bv32, ~new_head~1.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32); {1593#(and (not (= dll_prepend_~new_head~1.base (_ bv0 32))) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} is VALID [2018-11-23 11:14:14,066 INFO L273 TraceCheckUtils]: 32: Hoare triple {1593#(and (not (= dll_prepend_~new_head~1.base (_ bv0 32))) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} assume #t~mem8.base != 0bv32 || #t~mem8.offset != 0bv32;havoc #t~mem8.base, #t~mem8.offset;call #t~mem9.base, #t~mem9.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, #t~mem9.base, ~bvadd32(8bv32, #t~mem9.offset), 4bv32);havoc #t~mem9.base, #t~mem9.offset; {1593#(and (not (= dll_prepend_~new_head~1.base (_ bv0 32))) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} is VALID [2018-11-23 11:14:14,067 INFO L273 TraceCheckUtils]: 33: Hoare triple {1593#(and (not (= dll_prepend_~new_head~1.base (_ bv0 32))) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, ~head.base, ~head.offset, 4bv32); {1600#(not (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (_ bv0 32)))} is VALID [2018-11-23 11:14:14,068 INFO L273 TraceCheckUtils]: 34: Hoare triple {1600#(not (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (_ bv0 32)))} assume true; {1600#(not (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (_ bv0 32)))} is VALID [2018-11-23 11:14:14,070 INFO L268 TraceCheckUtils]: 35: Hoare quadruple {1600#(not (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (_ bv0 32)))} {1510#(= |main_~#s~0.offset| (_ bv0 32))} #110#return; {1607#(and (= |main_~#s~0.offset| (_ bv0 32)) (not (= (_ bv0 32) (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} is VALID [2018-11-23 11:14:14,078 INFO L273 TraceCheckUtils]: 36: Hoare triple {1607#(and (= |main_~#s~0.offset| (_ bv0 32)) (not (= (_ bv0 32) (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4bv32);~ptr~0.base, ~ptr~0.offset := #t~mem11.base, #t~mem11.offset;havoc #t~mem11.base, #t~mem11.offset;~count~0 := 0bv32; {1611#(not (= (_ bv0 32) main_~ptr~0.base))} is VALID [2018-11-23 11:14:14,079 INFO L273 TraceCheckUtils]: 37: Hoare triple {1611#(not (= (_ bv0 32) main_~ptr~0.base))} assume !(~ptr~0.base != 0bv32 || ~ptr~0.offset != 0bv32); {1491#false} is VALID [2018-11-23 11:14:14,079 INFO L273 TraceCheckUtils]: 38: Hoare triple {1491#false} assume ~count~0 != ~bvadd32(1bv32, ~len~0); {1491#false} is VALID [2018-11-23 11:14:14,079 INFO L273 TraceCheckUtils]: 39: Hoare triple {1491#false} assume !false; {1491#false} is VALID [2018-11-23 11:14:14,083 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2018-11-23 11:14:14,083 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:14:14,086 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:14:14,086 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2018-11-23 11:14:14,087 INFO L78 Accepts]: Start accepts. Automaton has 11 states. Word has length 40 [2018-11-23 11:14:14,087 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:14:14,087 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states. [2018-11-23 11:14:14,173 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:14:14,173 INFO L459 AbstractCegarLoop]: Interpolant automaton has 11 states [2018-11-23 11:14:14,174 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2018-11-23 11:14:14,174 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2018-11-23 11:14:14,174 INFO L87 Difference]: Start difference. First operand 42 states and 46 transitions. Second operand 11 states. [2018-11-23 11:14:16,349 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:16,349 INFO L93 Difference]: Finished difference Result 49 states and 53 transitions. [2018-11-23 11:14:16,350 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2018-11-23 11:14:16,350 INFO L78 Accepts]: Start accepts. Automaton has 11 states. Word has length 40 [2018-11-23 11:14:16,350 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:14:16,350 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2018-11-23 11:14:16,352 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 47 transitions. [2018-11-23 11:14:16,353 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2018-11-23 11:14:16,354 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 47 transitions. [2018-11-23 11:14:16,354 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 47 transitions. [2018-11-23 11:14:16,430 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 47 edges. 47 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:14:16,432 INFO L225 Difference]: With dead ends: 49 [2018-11-23 11:14:16,432 INFO L226 Difference]: Without dead ends: 46 [2018-11-23 11:14:16,433 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 30 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 16 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=36, Invalid=146, Unknown=0, NotChecked=0, Total=182 [2018-11-23 11:14:16,433 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 46 states. [2018-11-23 11:14:16,473 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 46 to 43. [2018-11-23 11:14:16,473 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:14:16,473 INFO L82 GeneralOperation]: Start isEquivalent. First operand 46 states. Second operand 43 states. [2018-11-23 11:14:16,473 INFO L74 IsIncluded]: Start isIncluded. First operand 46 states. Second operand 43 states. [2018-11-23 11:14:16,474 INFO L87 Difference]: Start difference. First operand 46 states. Second operand 43 states. [2018-11-23 11:14:16,476 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:16,477 INFO L93 Difference]: Finished difference Result 46 states and 50 transitions. [2018-11-23 11:14:16,477 INFO L276 IsEmpty]: Start isEmpty. Operand 46 states and 50 transitions. [2018-11-23 11:14:16,478 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:14:16,478 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:14:16,478 INFO L74 IsIncluded]: Start isIncluded. First operand 43 states. Second operand 46 states. [2018-11-23 11:14:16,478 INFO L87 Difference]: Start difference. First operand 43 states. Second operand 46 states. [2018-11-23 11:14:16,480 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:14:16,480 INFO L93 Difference]: Finished difference Result 46 states and 50 transitions. [2018-11-23 11:14:16,480 INFO L276 IsEmpty]: Start isEmpty. Operand 46 states and 50 transitions. [2018-11-23 11:14:16,481 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:14:16,481 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:14:16,481 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:14:16,481 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:14:16,481 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 43 states. [2018-11-23 11:14:16,483 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 43 states to 43 states and 47 transitions. [2018-11-23 11:14:16,483 INFO L78 Accepts]: Start accepts. Automaton has 43 states and 47 transitions. Word has length 40 [2018-11-23 11:14:16,484 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:14:16,484 INFO L480 AbstractCegarLoop]: Abstraction has 43 states and 47 transitions. [2018-11-23 11:14:16,484 INFO L481 AbstractCegarLoop]: Interpolant automaton has 11 states. [2018-11-23 11:14:16,484 INFO L276 IsEmpty]: Start isEmpty. Operand 43 states and 47 transitions. [2018-11-23 11:14:16,485 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2018-11-23 11:14:16,485 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:14:16,485 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:14:16,485 INFO L423 AbstractCegarLoop]: === Iteration 6 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:14:16,486 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:14:16,486 INFO L82 PathProgramCache]: Analyzing trace with hash 1374189955, now seen corresponding path program 1 times [2018-11-23 11:14:16,486 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:14:16,486 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:14:16,504 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:14:16,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:16,742 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:14:16,748 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:14:16,843 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:14:16,865 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:16,976 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:16,976 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:13, output treesize:12 [2018-11-23 11:14:16,979 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:14:16,980 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_46|]. (and (= main_~data~0 (_ bv1 32)) (= |main_~#s~0.offset| (_ bv0 32)) (= |#valid| (store |v_#valid_46| |main_~#s~0.base| (_ bv1 1)))) [2018-11-23 11:14:16,980 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~data~0 (_ bv1 32)) (= (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (= |main_~#s~0.offset| (_ bv0 32))) [2018-11-23 11:14:19,183 WARN L854 $PredicateComparison]: unable to prove that (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |c_#valid| (store |c_old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |c_old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1)))) is different from true [2018-11-23 11:14:20,217 WARN L854 $PredicateComparison]: unable to prove that (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |c_#valid| (store (store |c_old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) c_dll_create_~new_head~0.base (_ bv1 1))) (= (select |c_old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1)))) is different from true [2018-11-23 11:14:21,336 WARN L854 $PredicateComparison]: unable to prove that (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |c_#valid| (store (store |c_old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) c_dll_create_~head~0.base (_ bv1 1))) (= (select |c_old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1)))) is different from true [2018-11-23 11:14:23,418 WARN L854 $PredicateComparison]: unable to prove that (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |c_#valid| (store (store |c_old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |c_dll_create_#res.base| (_ bv1 1))) (= (select |c_old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1)))) is different from true [2018-11-23 11:14:23,490 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:14:23,498 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:14:23,500 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 29 [2018-11-23 11:14:23,528 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 20 [2018-11-23 11:14:23,531 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:23,545 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:23,566 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:14:23,566 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:30, output treesize:28 [2018-11-23 11:14:25,589 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:14:25,589 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_old(#valid)_AFTER_CALL_28|, |dll_create_#t~malloc3.base|]. (and (= (store (store |v_old(#valid)_AFTER_CALL_28| |dll_create_#t~malloc3.base| (_ bv1 1)) |main_#t~ret10.base| (_ bv1 1)) |#valid|) (= |main_~#s~0.offset| (_ bv0 32)) (= (bvadd (select |v_old(#valid)_AFTER_CALL_28| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1)) (= (select |v_old(#valid)_AFTER_CALL_28| |dll_create_#t~malloc3.base|) (_ bv0 1)) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32))) [2018-11-23 11:14:25,589 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [|dll_create_#t~malloc3.base|]. (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (= (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (= |main_~#s~0.offset| (_ bv0 32)) (= (_ bv1 1) (select |#valid| |main_#t~ret10.base|)) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|)) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32))) [2018-11-23 11:14:25,839 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:14:25,849 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:14:25,850 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:25,859 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:25,897 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:25,897 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:45, output treesize:41 [2018-11-23 11:14:26,274 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:14:26,311 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:14:26,585 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 22 [2018-11-23 11:14:26,608 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:14:26,621 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 14 [2018-11-23 11:14:26,631 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:26,677 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:26,829 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:14:26,829 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:83, output treesize:70 [2018-11-23 11:14:29,467 WARN L180 SmtUtils]: Spent 2.12 s on a formula simplification that was a NOOP. DAG size: 38 [2018-11-23 11:14:29,528 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 174 treesize of output 170 [2018-11-23 11:14:29,543 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 170 treesize of output 166 [2018-11-23 11:14:29,551 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:14:29,579 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:14:29,822 INFO L303 Elim1Store]: Index analysis took 120 ms [2018-11-23 11:14:29,942 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 174 treesize of output 235 [2018-11-23 11:14:30,146 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 2 case distinctions, treesize of input 172 treesize of output 115 [2018-11-23 11:14:30,155 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 2 xjuncts. [2018-11-23 11:14:30,381 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 122 treesize of output 7 [2018-11-23 11:14:30,383 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:30,446 INFO L267 ElimStorePlain]: Start of recursive call 4: 2 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:14:30,548 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: 1 dim-0 vars, and 2 xjuncts. [2018-11-23 11:14:30,548 INFO L202 ElimStorePlain]: Needed 6 recursive calls to eliminate 3 variables, input treesize:196, output treesize:90 [2018-11-23 11:14:35,528 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:14:35,528 WARN L384 uantifierElimination]: Input elimination task: ∃ [v_DerPreprocessor_2, |v_#memory_$Pointer$.offset_49|, |v_#memory_int_49|]. (and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= (select (select |v_#memory_int_49| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= |#memory_int| (let ((.cse0 (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (let ((.cse3 (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)))) (let ((.cse2 (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) .cse3 (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2))) (store .cse2 .cse3 (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base .cse2) dll_prepend_~head.base) dll_prepend_~head.offset))))) dll_prepend_~head.base) dll_prepend_~head.offset))) (store |v_#memory_int_49| .cse0 (let ((.cse1 (bvadd (select (select |v_#memory_$Pointer$.offset_49| dll_prepend_~head.base) dll_prepend_~head.offset) (_ bv8 32)))) (store (select |v_#memory_int_49| .cse0) .cse1 (select (select |#memory_int| .cse0) .cse1)))))) (= |dll_prepend_#in~head.base| dll_prepend_~head.base)) [2018-11-23 11:14:35,528 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_DerPreprocessor_2]. (let ((.cse0 (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base))) (.cse1 (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|)) (.cse2 (= (_ bv0 32) dll_prepend_~new_head~1.offset)) (.cse5 (= |dll_prepend_#in~head.base| dll_prepend_~head.base))) (or (and .cse0 .cse1 .cse2 (= dll_prepend_~new_head~1.base (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (let ((.cse4 (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)))) (let ((.cse3 (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) .cse4 (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2))) (store .cse3 .cse4 (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base .cse3) dll_prepend_~head.base) dll_prepend_~head.offset))))) dll_prepend_~head.base) dll_prepend_~head.offset)) .cse5) (and .cse0 .cse1 .cse2 (= (select (select |#memory_int| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) .cse5))) [2018-11-23 11:14:35,844 WARN L180 SmtUtils]: Spent 152.00 ms on a formula simplification that was a NOOP. DAG size: 41 [2018-11-23 11:14:36,058 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 50 treesize of output 62 [2018-11-23 11:14:36,084 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 51 treesize of output 39 [2018-11-23 11:14:36,095 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:36,295 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 2 case distinctions, treesize of input 48 treesize of output 42 [2018-11-23 11:14:36,299 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 2 xjuncts. [2018-11-23 11:14:36,428 INFO L267 ElimStorePlain]: Start of recursive call 2: 2 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:14:36,970 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 35 treesize of output 32 [2018-11-23 11:14:36,976 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:14:36,980 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:37,003 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:37,045 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 85 treesize of output 82 [2018-11-23 11:14:37,078 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:14:37,079 INFO L267 ElimStorePlain]: Start of recursive call 8: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:37,188 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:37,237 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 34 treesize of output 31 [2018-11-23 11:14:37,245 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:14:37,247 INFO L267 ElimStorePlain]: Start of recursive call 10: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:37,271 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:37,751 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 28 [2018-11-23 11:14:37,760 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:14:37,762 INFO L267 ElimStorePlain]: Start of recursive call 12: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:37,779 INFO L267 ElimStorePlain]: Start of recursive call 11: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:37,788 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 27 [2018-11-23 11:14:37,794 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:14:37,796 INFO L267 ElimStorePlain]: Start of recursive call 14: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:37,830 INFO L267 ElimStorePlain]: Start of recursive call 13: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:37,882 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 81 treesize of output 78 [2018-11-23 11:14:37,898 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:14:37,899 INFO L267 ElimStorePlain]: Start of recursive call 16: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:38,012 INFO L267 ElimStorePlain]: Start of recursive call 15: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:38,257 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 77 treesize of output 74 [2018-11-23 11:14:38,271 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 1 [2018-11-23 11:14:38,272 INFO L267 ElimStorePlain]: Start of recursive call 18: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:38,337 INFO L267 ElimStorePlain]: Start of recursive call 17: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:38,616 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 4 dim-2 vars, End of recursive call: 1 dim-0 vars, and 3 xjuncts. [2018-11-23 11:14:38,617 INFO L202 ElimStorePlain]: Needed 18 recursive calls to eliminate 6 variables, input treesize:136, output treesize:135 [2018-11-23 11:14:40,648 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:14:40,649 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_53|, dll_prepend_~new_head~1.base, |v_#memory_int_50|, |v_#memory_$Pointer$.offset_50|, v_DerPreprocessor_2, v_prenex_2]. (let ((.cse0 (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base))) (.cse3 (select (select |#memory_int| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (.cse1 (= (store |v_#memory_$Pointer$.offset_50| |dll_prepend_#in~head.base| (store (select |v_#memory_$Pointer$.offset_50| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset| (_ bv0 32))) |#memory_$Pointer$.offset|)) (.cse2 (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_53| |dll_prepend_#in~head.base| (store (select |v_#memory_$Pointer$.base_53| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset| dll_prepend_~new_head~1.base))))) (or (and .cse0 .cse1 .cse2 (= (select (select v_prenex_2 dll_prepend_~new_head~1.base) (_ bv0 32)) |dll_prepend_#in~data|) (= (store v_prenex_2 |dll_prepend_#in~head.base| (store (select v_prenex_2 |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset| .cse3)) |#memory_int|)) (and .cse0 (= (store |v_#memory_int_50| |dll_prepend_#in~head.base| (store (select |v_#memory_int_50| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset| .cse3)) |#memory_int|) .cse1 .cse2 (= (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (let ((.cse4 (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2))) (store .cse4 (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base .cse4) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) dll_prepend_~new_head~1.base)))) [2018-11-23 11:14:40,649 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_DerPreprocessor_2]. (let ((.cse0 (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (let ((.cse1 (= (_ bv0 1) (select |old(#valid)| .cse0))) (.cse2 (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) (or (and (= |dll_prepend_#in~head.base| .cse0) .cse1 (= (_ bv0 32) |dll_prepend_#in~head.offset|) .cse2) (and .cse1 (= .cse0 (select (select (store |old(#memory_$Pointer$.base)| .cse0 (let ((.cse3 (store (store (store (select |old(#memory_$Pointer$.base)| .cse0) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2))) (store .cse3 (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| .cse0 .cse3) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) .cse2) (and .cse1 (= |dll_prepend_#in~data| (select (select |#memory_int| .cse0) (_ bv0 32))) .cse2)))) [2018-11-23 11:14:40,963 WARN L180 SmtUtils]: Spent 160.00 ms on a formula simplification. DAG size of input: 42 DAG size of output: 39 [2018-11-23 11:14:41,152 WARN L180 SmtUtils]: Spent 104.00 ms on a formula simplification. DAG size of input: 75 DAG size of output: 38 [2018-11-23 11:14:41,199 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:14:41,202 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:14:41,204 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:14:41,210 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:14:41,212 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 4 select indices, 4 select index equivalence classes, 5 disjoint index pairs (out of 6 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 33 [2018-11-23 11:14:41,215 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,278 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 10 [2018-11-23 11:14:41,287 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 8 [2018-11-23 11:14:41,291 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,293 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,320 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,321 INFO L202 ElimStorePlain]: Needed 4 recursive calls to eliminate 7 variables, input treesize:178, output treesize:35 [2018-11-23 11:14:41,335 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:14:41,336 WARN L384 uantifierElimination]: Input elimination task: ∃ [v_prenex_6, v_DerPreprocessor_2, v_prenex_5, v_prenex_4, |v_#valid_BEFORE_CALL_6|, |v_old(#memory_$Pointer$.base)_AFTER_CALL_23|, |dll_create_#t~malloc3.base|]. (let ((.cse1 (= (select (select |#memory_$Pointer$.offset| |main_~#s~0.base|) |main_~#s~0.offset|) (_ bv0 32))) (.cse2 (= |main_~#s~0.offset| (_ bv0 32))) (.cse0 (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|)) (.cse3 (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)))) (or (and (= (select v_prenex_5 .cse0) (_ bv0 1)) (not (= |main_~#s~0.base| v_prenex_4)) (= (_ bv1 1) (select v_prenex_5 v_prenex_4)) (= (bvadd (select v_prenex_5 (select (select v_prenex_6 |main_~#s~0.base|) |main_~#s~0.offset|)) (_ bv1 1)) (_ bv0 1)) .cse1 .cse2 (= (_ bv0 1) (bvadd (select v_prenex_5 |main_~#s~0.base|) (_ bv1 1))) .cse3 (= .cse0 (select (select (store v_prenex_6 .cse0 (let ((.cse4 (store (store (store (select v_prenex_6 .cse0) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2))) (store .cse4 (_ bv4 32) (select (select (store v_prenex_6 .cse0 .cse4) |main_~#s~0.base|) |main_~#s~0.offset|)))) |main_~#s~0.base|) |main_~#s~0.offset|))) (and (= (select |v_#valid_BEFORE_CALL_6| .cse0) (_ bv0 1)) (= (bvadd (select |v_#valid_BEFORE_CALL_6| (select (select |v_old(#memory_$Pointer$.base)_AFTER_CALL_23| |main_~#s~0.base|) |main_~#s~0.offset|)) (_ bv1 1)) (_ bv0 1)) (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) .cse1 .cse2 (= (_ bv1 1) (select |v_#valid_BEFORE_CALL_6| |dll_create_#t~malloc3.base|)) (= (_ bv0 1) (bvadd (select |v_#valid_BEFORE_CALL_6| |main_~#s~0.base|) (_ bv1 1))) (= (select (select |#memory_int| .cse0) (_ bv0 32)) main_~data~0) .cse3))) [2018-11-23 11:14:41,336 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))) (and (= (select (select |#memory_$Pointer$.offset| |main_~#s~0.base|) |main_~#s~0.offset|) (_ bv0 32)) (= |main_~#s~0.offset| (_ bv0 32)) (= (select (select |#memory_int| .cse0) (_ bv0 32)) main_~data~0) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |main_~#s~0.base| .cse0)))) [2018-11-23 11:14:41,486 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2018-11-23 11:14:41,491 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 3 [2018-11-23 11:14:41,493 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,499 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,527 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 21 [2018-11-23 11:14:41,536 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 12 [2018-11-23 11:14:41,540 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,547 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,562 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,563 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 3 variables, input treesize:46, output treesize:16 [2018-11-23 11:14:41,570 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:14:41,570 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, |main_~#s~0.base|, |#memory_$Pointer$.offset|]. (let ((.cse1 (select (select |#memory_$Pointer$.offset| |main_~#s~0.base|) (_ bv0 32))) (.cse0 (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) (_ bv0 32)))) (and (= .cse0 main_~ptr~0.base) (= (_ bv0 32) .cse1) (= main_~data~0 (select (select |#memory_int| .cse0) (_ bv0 32))) (= main_~ptr~0.offset .cse1) (not (= |main_~#s~0.base| .cse0)) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)))) [2018-11-23 11:14:41,570 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~data~0 (select (select |#memory_int| main_~ptr~0.base) (_ bv0 32))) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)) (= main_~ptr~0.offset (_ bv0 32))) [2018-11-23 11:14:41,666 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2018-11-23 11:14:41,671 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 3 [2018-11-23 11:14:41,675 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,677 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,683 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:14:41,683 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:20, output treesize:9 [2018-11-23 11:14:41,688 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:14:41,689 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~ptr~0.base]. (let ((.cse0 (select (select |#memory_int| main_~ptr~0.base) (_ bv0 32)))) (and (= |main_#t~mem13| .cse0) (= main_~data~0 .cse0) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)))) [2018-11-23 11:14:41,689 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= |main_#t~mem13| main_~data~0) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32))) [2018-11-23 11:14:41,764 INFO L256 TraceCheckUtils]: 0: Hoare triple {1844#true} call ULTIMATE.init(); {1844#true} is VALID [2018-11-23 11:14:41,765 INFO L273 TraceCheckUtils]: 1: Hoare triple {1844#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1844#true} is VALID [2018-11-23 11:14:41,765 INFO L273 TraceCheckUtils]: 2: Hoare triple {1844#true} assume true; {1844#true} is VALID [2018-11-23 11:14:41,765 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1844#true} {1844#true} #118#return; {1844#true} is VALID [2018-11-23 11:14:41,766 INFO L256 TraceCheckUtils]: 4: Hoare triple {1844#true} call #t~ret16 := main(); {1844#true} is VALID [2018-11-23 11:14:41,767 INFO L273 TraceCheckUtils]: 5: Hoare triple {1844#true} ~len~0 := 2bv32;~data~0 := 1bv32;call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4bv32); {1864#(and (= (bvadd (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1)) (= |main_~#s~0.offset| (_ bv0 32)) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:14:41,768 INFO L256 TraceCheckUtils]: 6: Hoare triple {1864#(and (= (bvadd (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1)) (= |main_~#s~0.offset| (_ bv0 32)) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)))} call #t~ret10.base, #t~ret10.offset := dll_create(~len~0, ~data~0); {1868#(= |#valid| |old(#valid)|)} is VALID [2018-11-23 11:14:41,769 INFO L273 TraceCheckUtils]: 7: Hoare triple {1868#(= |#valid| |old(#valid)|)} ~len := #in~len;~data := #in~data;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1868#(= |#valid| |old(#valid)|)} is VALID [2018-11-23 11:14:41,771 INFO L273 TraceCheckUtils]: 8: Hoare triple {1868#(= |#valid| |old(#valid)|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(12bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,772 INFO L273 TraceCheckUtils]: 9: Hoare triple {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,772 INFO L273 TraceCheckUtils]: 10: Hoare triple {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} call write~intINTTYPE4(~data, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,773 INFO L273 TraceCheckUtils]: 11: Hoare triple {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,774 INFO L273 TraceCheckUtils]: 12: Hoare triple {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post4 := ~len;~len := ~bvsub32(#t~post4, 1bv32);havoc #t~post4; {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,776 INFO L273 TraceCheckUtils]: 13: Hoare triple {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(12bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; {1891#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,777 INFO L273 TraceCheckUtils]: 14: Hoare triple {1891#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1891#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,778 INFO L273 TraceCheckUtils]: 15: Hoare triple {1891#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} call write~intINTTYPE4(~data, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1891#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,778 INFO L273 TraceCheckUtils]: 16: Hoare triple {1891#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(8bv32, ~head~0.offset), 4bv32); {1891#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,780 INFO L273 TraceCheckUtils]: 17: Hoare triple {1891#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post4 := ~len;~len := ~bvsub32(#t~post4, 1bv32);havoc #t~post4; {1904#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,780 INFO L273 TraceCheckUtils]: 18: Hoare triple {1904#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume !~bvsgt32(~len, 0bv32); {1904#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,782 INFO L273 TraceCheckUtils]: 19: Hoare triple {1904#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1911#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,782 INFO L273 TraceCheckUtils]: 20: Hoare triple {1911#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume true; {1911#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:14:41,789 INFO L268 TraceCheckUtils]: 21: Hoare quadruple {1911#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} {1864#(and (= (bvadd (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1)) (= |main_~#s~0.offset| (_ bv0 32)) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)))} #108#return; {1918#(and (= (bvadd (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1)) (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|)))) (= |main_~#s~0.offset| (_ bv0 32)) (= (_ bv1 1) (select |#valid| |main_#t~ret10.base|)) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:14:41,790 INFO L273 TraceCheckUtils]: 22: Hoare triple {1918#(and (= (bvadd (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1)) (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|)))) (= |main_~#s~0.offset| (_ bv0 32)) (= (_ bv1 1) (select |#valid| |main_#t~ret10.base|)) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)))} call write~init~$Pointer$(#t~ret10.base, #t~ret10.offset, ~#s~0.base, ~#s~0.offset, 4bv32);havoc #t~ret10.base, #t~ret10.offset; {1922#(and (= (bvadd (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1)) (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|)))) (= |main_~#s~0.offset| (_ bv0 32)) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)) (= (_ bv1 1) (select |#valid| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} is VALID [2018-11-23 11:14:41,791 INFO L256 TraceCheckUtils]: 23: Hoare triple {1922#(and (= (bvadd (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1)) (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|)))) (= |main_~#s~0.offset| (_ bv0 32)) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)) (= (_ bv1 1) (select |#valid| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} call dll_prepend(~#s~0.base, ~#s~0.offset, ~data~0); {1926#(and (= |#valid| |old(#valid)|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|))} is VALID [2018-11-23 11:14:41,791 INFO L273 TraceCheckUtils]: 24: Hoare triple {1926#(and (= |#valid| |old(#valid)|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|))} ~head.base, ~head.offset := #in~head.base, #in~head.offset;~data := #in~data; {1930#(and (= dll_prepend_~data |dll_prepend_#in~data|) (= |#valid| |old(#valid)|) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} is VALID [2018-11-23 11:14:41,792 INFO L256 TraceCheckUtils]: 25: Hoare triple {1930#(and (= dll_prepend_~data |dll_prepend_#in~data|) (= |#valid| |old(#valid)|) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} call #t~ret6.base, #t~ret6.offset := node_create(~data); {1926#(and (= |#valid| |old(#valid)|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|))} is VALID [2018-11-23 11:14:41,794 INFO L273 TraceCheckUtils]: 26: Hoare triple {1926#(and (= |#valid| |old(#valid)|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|))} ~data := #in~data;call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(12bv32);~temp~0.base, ~temp~0.offset := #t~malloc2.base, #t~malloc2.offset; {1937#(and (= node_create_~data |node_create_#in~data|) (= node_create_~temp~0.offset (_ bv0 32)) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= (_ bv0 1) (select |old(#valid)| node_create_~temp~0.base)))} is VALID [2018-11-23 11:14:41,813 INFO L273 TraceCheckUtils]: 27: Hoare triple {1937#(and (= node_create_~data |node_create_#in~data|) (= node_create_~temp~0.offset (_ bv0 32)) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= (_ bv0 1) (select |old(#valid)| node_create_~temp~0.base)))} assume !(0bv32 == ~temp~0.base && 0bv32 == ~temp~0.offset); {1937#(and (= node_create_~data |node_create_#in~data|) (= node_create_~temp~0.offset (_ bv0 32)) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= (_ bv0 1) (select |old(#valid)| node_create_~temp~0.base)))} is VALID [2018-11-23 11:14:41,828 INFO L273 TraceCheckUtils]: 28: Hoare triple {1937#(and (= node_create_~data |node_create_#in~data|) (= node_create_~temp~0.offset (_ bv0 32)) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= (_ bv0 1) (select |old(#valid)| node_create_~temp~0.base)))} call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(4bv32, ~temp~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(8bv32, ~temp~0.offset), 4bv32);call write~intINTTYPE4(~data, ~temp~0.base, ~temp~0.offset, 4bv32);#res.base, #res.offset := ~temp~0.base, ~temp~0.offset; {1944#(and (= (_ bv0 1) (select |old(#valid)| |node_create_#res.base|)) (= (store |old(#memory_$Pointer$.base)| |node_create_#res.base| (store (store (store (select |old(#memory_$Pointer$.base)| |node_create_#res.base|) (bvadd |node_create_#res.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |node_create_#res.offset| (_ bv8 32)) (_ bv0 32)) |node_create_#res.offset| (select (select |#memory_$Pointer$.base| |node_create_#res.base|) |node_create_#res.offset|))) |#memory_$Pointer$.base|) (= |node_create_#in~data| (select (select |#memory_int| |node_create_#res.base|) |node_create_#res.offset|)) (= |node_create_#res.offset| (_ bv0 32)))} is VALID [2018-11-23 11:14:41,843 INFO L273 TraceCheckUtils]: 29: Hoare triple {1944#(and (= (_ bv0 1) (select |old(#valid)| |node_create_#res.base|)) (= (store |old(#memory_$Pointer$.base)| |node_create_#res.base| (store (store (store (select |old(#memory_$Pointer$.base)| |node_create_#res.base|) (bvadd |node_create_#res.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |node_create_#res.offset| (_ bv8 32)) (_ bv0 32)) |node_create_#res.offset| (select (select |#memory_$Pointer$.base| |node_create_#res.base|) |node_create_#res.offset|))) |#memory_$Pointer$.base|) (= |node_create_#in~data| (select (select |#memory_int| |node_create_#res.base|) |node_create_#res.offset|)) (= |node_create_#res.offset| (_ bv0 32)))} assume true; {1944#(and (= (_ bv0 1) (select |old(#valid)| |node_create_#res.base|)) (= (store |old(#memory_$Pointer$.base)| |node_create_#res.base| (store (store (store (select |old(#memory_$Pointer$.base)| |node_create_#res.base|) (bvadd |node_create_#res.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |node_create_#res.offset| (_ bv8 32)) (_ bv0 32)) |node_create_#res.offset| (select (select |#memory_$Pointer$.base| |node_create_#res.base|) |node_create_#res.offset|))) |#memory_$Pointer$.base|) (= |node_create_#in~data| (select (select |#memory_int| |node_create_#res.base|) |node_create_#res.offset|)) (= |node_create_#res.offset| (_ bv0 32)))} is VALID [2018-11-23 11:14:41,850 INFO L268 TraceCheckUtils]: 30: Hoare quadruple {1944#(and (= (_ bv0 1) (select |old(#valid)| |node_create_#res.base|)) (= (store |old(#memory_$Pointer$.base)| |node_create_#res.base| (store (store (store (select |old(#memory_$Pointer$.base)| |node_create_#res.base|) (bvadd |node_create_#res.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |node_create_#res.offset| (_ bv8 32)) (_ bv0 32)) |node_create_#res.offset| (select (select |#memory_$Pointer$.base| |node_create_#res.base|) |node_create_#res.offset|))) |#memory_$Pointer$.base|) (= |node_create_#in~data| (select (select |#memory_int| |node_create_#res.base|) |node_create_#res.offset|)) (= |node_create_#res.offset| (_ bv0 32)))} {1930#(and (= dll_prepend_~data |dll_prepend_#in~data|) (= |#valid| |old(#valid)|) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} #116#return; {1951#(and (= (select |old(#valid)| |dll_prepend_#t~ret6.base|) (_ bv0 1)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= (select (select |#memory_int| |dll_prepend_#t~ret6.base|) |dll_prepend_#t~ret6.offset|) |dll_prepend_#in~data|) (= (store |old(#memory_$Pointer$.base)| |dll_prepend_#t~ret6.base| (store (store (store (select |old(#memory_$Pointer$.base)| |dll_prepend_#t~ret6.base|) (bvadd |dll_prepend_#t~ret6.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |dll_prepend_#t~ret6.offset| (_ bv8 32)) (_ bv0 32)) |dll_prepend_#t~ret6.offset| (select (select |#memory_$Pointer$.base| |dll_prepend_#t~ret6.base|) |dll_prepend_#t~ret6.offset|))) |#memory_$Pointer$.base|) (= |dll_prepend_#t~ret6.offset| (_ bv0 32)) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} is VALID [2018-11-23 11:14:41,862 INFO L273 TraceCheckUtils]: 31: Hoare triple {1951#(and (= (select |old(#valid)| |dll_prepend_#t~ret6.base|) (_ bv0 1)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= (select (select |#memory_int| |dll_prepend_#t~ret6.base|) |dll_prepend_#t~ret6.offset|) |dll_prepend_#in~data|) (= (store |old(#memory_$Pointer$.base)| |dll_prepend_#t~ret6.base| (store (store (store (select |old(#memory_$Pointer$.base)| |dll_prepend_#t~ret6.base|) (bvadd |dll_prepend_#t~ret6.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |dll_prepend_#t~ret6.offset| (_ bv8 32)) (_ bv0 32)) |dll_prepend_#t~ret6.offset| (select (select |#memory_$Pointer$.base| |dll_prepend_#t~ret6.base|) |dll_prepend_#t~ret6.offset|))) |#memory_$Pointer$.base|) (= |dll_prepend_#t~ret6.offset| (_ bv0 32)) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} ~new_head~1.base, ~new_head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(#t~mem7.base, #t~mem7.offset, ~new_head~1.base, ~bvadd32(4bv32, ~new_head~1.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32); {1955#(and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2)) dll_prepend_~head.base) dll_prepend_~head.offset))) |#memory_$Pointer$.base|)) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= (select (select |#memory_int| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} is VALID [2018-11-23 11:14:41,867 INFO L273 TraceCheckUtils]: 32: Hoare triple {1955#(and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2)) dll_prepend_~head.base) dll_prepend_~head.offset))) |#memory_$Pointer$.base|)) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= (select (select |#memory_int| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} assume #t~mem8.base != 0bv32 || #t~mem8.offset != 0bv32;havoc #t~mem8.base, #t~mem8.offset;call #t~mem9.base, #t~mem9.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, #t~mem9.base, ~bvadd32(8bv32, #t~mem9.offset), 4bv32);havoc #t~mem9.base, #t~mem9.offset; {1959#(or (and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= dll_prepend_~new_head~1.base (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2)) dll_prepend_~head.base) dll_prepend_~head.offset))) dll_prepend_~head.base) dll_prepend_~head.offset))) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= |dll_prepend_#in~head.base| dll_prepend_~head.base)) (and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= (select (select |#memory_int| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base)))} is VALID [2018-11-23 11:14:41,899 INFO L273 TraceCheckUtils]: 33: Hoare triple {1959#(or (and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= dll_prepend_~new_head~1.base (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2)) dll_prepend_~head.base) dll_prepend_~head.offset))) dll_prepend_~head.base) dll_prepend_~head.offset))) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= |dll_prepend_#in~head.base| dll_prepend_~head.base)) (and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= (select (select |#memory_int| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base)))} call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, ~head.base, ~head.offset, 4bv32); {1963#(or (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2) (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2)) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= |dll_prepend_#in~data| (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv0 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))))} is VALID [2018-11-23 11:14:41,900 INFO L273 TraceCheckUtils]: 34: Hoare triple {1963#(or (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2) (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2)) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= |dll_prepend_#in~data| (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv0 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))))} assume true; {1963#(or (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2) (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2)) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= |dll_prepend_#in~data| (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv0 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))))} is VALID [2018-11-23 11:14:41,904 INFO L268 TraceCheckUtils]: 35: Hoare quadruple {1963#(or (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2) (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2)) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= |dll_prepend_#in~data| (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv0 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))))} {1922#(and (= (bvadd (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1)) (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|)))) (= |main_~#s~0.offset| (_ bv0 32)) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)) (= (_ bv1 1) (select |#valid| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} #110#return; {1970#(and (= (select (select |#memory_$Pointer$.offset| |main_~#s~0.base|) |main_~#s~0.offset|) (_ bv0 32)) (= |main_~#s~0.offset| (_ bv0 32)) (= (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|)) (_ bv0 32)) main_~data~0) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |main_~#s~0.base| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} is VALID [2018-11-23 11:14:41,905 INFO L273 TraceCheckUtils]: 36: Hoare triple {1970#(and (= (select (select |#memory_$Pointer$.offset| |main_~#s~0.base|) |main_~#s~0.offset|) (_ bv0 32)) (= |main_~#s~0.offset| (_ bv0 32)) (= (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|)) (_ bv0 32)) main_~data~0) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |main_~#s~0.base| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4bv32);~ptr~0.base, ~ptr~0.offset := #t~mem11.base, #t~mem11.offset;havoc #t~mem11.base, #t~mem11.offset;~count~0 := 0bv32; {1974#(and (= main_~data~0 (select (select |#memory_int| main_~ptr~0.base) (_ bv0 32))) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)) (= main_~ptr~0.offset (_ bv0 32)))} is VALID [2018-11-23 11:14:41,906 INFO L273 TraceCheckUtils]: 37: Hoare triple {1974#(and (= main_~data~0 (select (select |#memory_int| main_~ptr~0.base) (_ bv0 32))) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)) (= main_~ptr~0.offset (_ bv0 32)))} assume !!(~ptr~0.base != 0bv32 || ~ptr~0.offset != 0bv32);call #t~mem12.base, #t~mem12.offset := read~$Pointer$(~ptr~0.base, ~bvadd32(4bv32, ~ptr~0.offset), 4bv32);~temp~2.base, ~temp~2.offset := #t~mem12.base, #t~mem12.offset;havoc #t~mem12.base, #t~mem12.offset;call #t~mem13 := read~intINTTYPE4(~ptr~0.base, ~ptr~0.offset, 4bv32); {1978#(and (= |main_#t~mem13| main_~data~0) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:14:41,906 INFO L273 TraceCheckUtils]: 38: Hoare triple {1978#(and (= |main_#t~mem13| main_~data~0) (= (bvadd main_~data~0 (_ bv4294967295 32)) (_ bv0 32)))} assume ~data~0 != #t~mem13;havoc #t~mem13; {1845#false} is VALID [2018-11-23 11:14:41,907 INFO L273 TraceCheckUtils]: 39: Hoare triple {1845#false} assume !false; {1845#false} is VALID [2018-11-23 11:14:41,920 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 7 not checked. [2018-11-23 11:14:41,920 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:14:42,334 WARN L180 SmtUtils]: Spent 146.00 ms on a formula simplification that was a NOOP. DAG size: 40 [2018-11-23 11:14:42,470 WARN L180 SmtUtils]: Spent 135.00 ms on a formula simplification that was a NOOP. DAG size: 40 [2018-11-23 11:14:42,708 WARN L180 SmtUtils]: Spent 235.00 ms on a formula simplification that was a NOOP. DAG size: 54 [2018-11-23 11:14:42,923 WARN L180 SmtUtils]: Spent 214.00 ms on a formula simplification that was a NOOP. DAG size: 50 [2018-11-23 11:14:52,151 WARN L180 SmtUtils]: Spent 9.18 s on a formula simplification that was a NOOP. DAG size: 109 [2018-11-23 11:14:53,977 WARN L180 SmtUtils]: Spent 1.81 s on a formula simplification that was a NOOP. DAG size: 76 [2018-11-23 11:14:56,732 WARN L180 SmtUtils]: Spent 2.75 s on a formula simplification that was a NOOP. DAG size: 90 [2018-11-23 11:14:59,417 WARN L180 SmtUtils]: Spent 2.68 s on a formula simplification that was a NOOP. DAG size: 86 [2018-11-23 11:15:01,774 WARN L833 TransFormulaUtils]: predicate-based correctness check returned UNKNOWN, hence correctness of interprocedural sequential composition was not checked. [2018-11-23 11:15:04,250 WARN L180 SmtUtils]: Spent 332.00 ms on a formula simplification that was a NOOP. DAG size: 59 [2018-11-23 11:15:04,275 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:04,322 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:04,643 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:04,692 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:04,998 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:05,053 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:05,246 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 160 treesize of output 129 [2018-11-23 11:15:05,273 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 16 [2018-11-23 11:15:05,317 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 17 [2018-11-23 11:15:05,319 INFO L267 ElimStorePlain]: Start of recursive call 10: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:05,393 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:05,647 INFO L303 Elim1Store]: Index analysis took 156 ms [2018-11-23 11:15:05,772 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 3 new quantified variables, introduced 3 case distinctions, treesize of input 133 treesize of output 117 [2018-11-23 11:15:05,907 INFO L303 Elim1Store]: Index analysis took 120 ms [2018-11-23 11:15:05,997 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 4 case distinctions, treesize of input 84 treesize of output 145 [2018-11-23 11:15:06,004 INFO L267 ElimStorePlain]: Start of recursive call 12: End of recursive call: and 4 xjuncts. [2018-11-23 11:15:08,519 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 87 treesize of output 86 [2018-11-23 11:15:08,525 INFO L267 ElimStorePlain]: Start of recursive call 13: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:10,628 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:10,685 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:15:10,731 INFO L303 Elim1Store]: Index analysis took 144 ms [2018-11-23 11:15:10,854 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 2 new quantified variables, introduced 4 case distinctions, treesize of input 68 treesize of output 125 [2018-11-23 11:15:11,059 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:15:11,091 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:11,171 INFO L303 Elim1Store]: Index analysis took 138 ms [2018-11-23 11:15:11,239 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 2 stores, 3 select indices, 3 select index equivalence classes, 2 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 6 case distinctions, treesize of input 93 treesize of output 170 [2018-11-23 11:15:11,250 INFO L267 ElimStorePlain]: Start of recursive call 15: End of recursive call: and 4 xjuncts. [2018-11-23 11:15:11,813 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:15:11,827 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:11,850 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:15:11,902 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 2 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 4 case distinctions, treesize of input 64 treesize of output 100 [2018-11-23 11:15:11,910 INFO L267 ElimStorePlain]: Start of recursive call 16: End of recursive call: and 3 xjuncts. [2018-11-23 11:15:12,450 INFO L267 ElimStorePlain]: Start of recursive call 14: 2 dim-1 vars, End of recursive call: and 5 xjuncts. [2018-11-23 11:15:14,224 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:14,293 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:15:14,333 INFO L303 Elim1Store]: Index analysis took 128 ms [2018-11-23 11:15:14,398 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 2 new quantified variables, introduced 4 case distinctions, treesize of input 65 treesize of output 124 [2018-11-23 11:15:14,443 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:15:14,451 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:14,466 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 2 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 92 treesize of output 92 [2018-11-23 11:15:14,469 INFO L267 ElimStorePlain]: Start of recursive call 18: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:14,716 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:15:14,731 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:14,758 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:15:14,821 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 2 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 4 case distinctions, treesize of input 64 treesize of output 100 [2018-11-23 11:15:14,829 INFO L267 ElimStorePlain]: Start of recursive call 19: End of recursive call: and 3 xjuncts. [2018-11-23 11:15:15,220 INFO L267 ElimStorePlain]: Start of recursive call 17: 2 dim-1 vars, End of recursive call: and 3 xjuncts. [2018-11-23 11:15:16,034 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 107 treesize of output 137 [2018-11-23 11:15:16,062 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 125 treesize of output 112 [2018-11-23 11:15:16,066 INFO L267 ElimStorePlain]: Start of recursive call 21: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:16,287 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:15:16,355 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 4 case distinctions, treesize of input 86 treesize of output 102 [2018-11-23 11:15:16,366 INFO L267 ElimStorePlain]: Start of recursive call 22: End of recursive call: and 4 xjuncts. [2018-11-23 11:15:16,561 INFO L267 ElimStorePlain]: Start of recursive call 20: 2 dim-1 vars, End of recursive call: and 3 xjuncts. [2018-11-23 11:15:16,586 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:16,588 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:15:16,589 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 107 treesize of output 113 [2018-11-23 11:15:16,610 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:15:16,614 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:16,630 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 2 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 59 treesize of output 83 [2018-11-23 11:15:16,633 INFO L267 ElimStorePlain]: Start of recursive call 24: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:16,677 INFO L267 ElimStorePlain]: Start of recursive call 23: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:17,185 INFO L267 ElimStorePlain]: Start of recursive call 11: 2 dim-1 vars, 3 dim-2 vars, End of recursive call: and 5 xjuncts. [2018-11-23 11:15:17,421 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 5 xjuncts. [2018-11-23 11:15:17,737 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 91 treesize of output 87 [2018-11-23 11:15:17,747 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 26 [2018-11-23 11:15:17,749 INFO L267 ElimStorePlain]: Start of recursive call 26: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:17,778 INFO L267 ElimStorePlain]: Start of recursive call 25: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:17,786 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 91 treesize of output 87 [2018-11-23 11:15:17,808 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 26 [2018-11-23 11:15:17,812 INFO L267 ElimStorePlain]: Start of recursive call 28: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:17,841 INFO L267 ElimStorePlain]: Start of recursive call 27: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:17,849 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 73 treesize of output 69 [2018-11-23 11:15:17,885 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 4 [2018-11-23 11:15:17,890 INFO L267 ElimStorePlain]: Start of recursive call 30: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:17,915 INFO L267 ElimStorePlain]: Start of recursive call 29: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:17,922 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 49 treesize of output 47 [2018-11-23 11:15:17,932 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 28 [2018-11-23 11:15:17,936 INFO L267 ElimStorePlain]: Start of recursive call 32: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:17,972 INFO L267 ElimStorePlain]: Start of recursive call 31: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:17,980 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 73 treesize of output 69 [2018-11-23 11:15:17,992 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 8 [2018-11-23 11:15:17,998 INFO L267 ElimStorePlain]: Start of recursive call 34: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:18,029 INFO L267 ElimStorePlain]: Start of recursive call 33: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:18,314 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 82 treesize of output 60 [2018-11-23 11:15:18,327 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 3 [2018-11-23 11:15:18,328 INFO L267 ElimStorePlain]: Start of recursive call 36: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:18,344 INFO L267 ElimStorePlain]: Start of recursive call 35: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:18,350 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:18,351 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 64 treesize of output 64 [2018-11-23 11:15:18,411 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 3 [2018-11-23 11:15:18,428 INFO L267 ElimStorePlain]: Start of recursive call 38: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:18,556 INFO L267 ElimStorePlain]: Start of recursive call 37: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:18,596 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 82 treesize of output 40 [2018-11-23 11:15:18,703 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 18 treesize of output 3 [2018-11-23 11:15:18,727 INFO L267 ElimStorePlain]: Start of recursive call 40: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:18,774 INFO L267 ElimStorePlain]: Start of recursive call 39: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:18,785 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:18,786 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 64 treesize of output 64 [2018-11-23 11:15:18,810 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 3 [2018-11-23 11:15:18,831 INFO L267 ElimStorePlain]: Start of recursive call 42: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:18,881 INFO L267 ElimStorePlain]: Start of recursive call 41: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:18,919 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 52 treesize of output 54 [2018-11-23 11:15:18,965 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 49 treesize of output 41 [2018-11-23 11:15:18,967 INFO L267 ElimStorePlain]: Start of recursive call 44: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:19,108 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 2 disjoint index pairs (out of 3 index pairs), introduced 1 new quantified variables, introduced 2 case distinctions, treesize of input 28 treesize of output 32 [2018-11-23 11:15:19,114 INFO L267 ElimStorePlain]: Start of recursive call 45: End of recursive call: and 4 xjuncts. [2018-11-23 11:15:19,236 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 41 treesize of output 33 [2018-11-23 11:15:19,240 INFO L267 ElimStorePlain]: Start of recursive call 46: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:19,337 INFO L267 ElimStorePlain]: Start of recursive call 43: 3 dim-1 vars, End of recursive call: and 4 xjuncts. [2018-11-23 11:15:19,427 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 6 dim-2 vars, End of recursive call: 2 dim-0 vars, and 2 xjuncts. [2018-11-23 11:15:19,428 INFO L202 ElimStorePlain]: Needed 46 recursive calls to eliminate 7 variables, input treesize:147, output treesize:41 [2018-11-23 11:15:21,765 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:15:21,765 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_$Pointer$.base_71|, v_dll_prepend_~new_head~1.base_9, |v_#memory_int_69|, |v_#memory_$Pointer$.offset_63|, |v_#memory_int_68|, |v_#memory_int_70|, |v_#memory_int_67|]. (let ((.cse0 (select |v_#memory_$Pointer$.base_71| v_dll_prepend_~new_head~1.base_9))) (or (not (= (store |v_#memory_int_69| |main_~#s~0.base| (store (select |v_#memory_int_69| |main_~#s~0.base|) |main_~#s~0.offset| (select (select |v_#memory_int_70| |main_~#s~0.base|) |main_~#s~0.offset|))) |v_#memory_int_70|)) (not (= (store |#memory_$Pointer$.base| v_dll_prepend_~new_head~1.base_9 (store (store (store (select |#memory_$Pointer$.base| v_dll_prepend_~new_head~1.base_9) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) (select .cse0 (_ bv0 32)))) |v_#memory_$Pointer$.base_71|)) (not (= (store |v_#memory_int_67| v_dll_prepend_~new_head~1.base_9 (store (store (select |v_#memory_int_67| v_dll_prepend_~new_head~1.base_9) (_ bv0 32) main_~data~0) (_ bv4 32) (select (select |v_#memory_int_68| v_dll_prepend_~new_head~1.base_9) (_ bv4 32)))) |v_#memory_int_68|)) (= (select (select |v_#memory_int_70| v_dll_prepend_~new_head~1.base_9) (_ bv0 32)) main_~data~0) (not (= (select |#valid| v_dll_prepend_~new_head~1.base_9) (_ bv0 1))) (not (= (let ((.cse1 (select (select (store |v_#memory_$Pointer$.base_71| v_dll_prepend_~new_head~1.base_9 (store .cse0 (_ bv4 32) (select (select |v_#memory_$Pointer$.base_71| |main_~#s~0.base|) |main_~#s~0.offset|))) |main_~#s~0.base|) |main_~#s~0.offset|))) (store |v_#memory_int_68| .cse1 (let ((.cse2 (bvadd (select (select |v_#memory_$Pointer$.offset_63| |main_~#s~0.base|) |main_~#s~0.offset|) (_ bv8 32)))) (store (select |v_#memory_int_68| .cse1) .cse2 (select (select |v_#memory_int_69| .cse1) .cse2))))) |v_#memory_int_69|)))) [2018-11-23 11:15:21,766 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_dll_prepend_~new_head~1.base_9, v_DerPreprocessor_8]. (and (or (not (= v_dll_prepend_~new_head~1.base_9 (select (select (store |#memory_$Pointer$.base| v_dll_prepend_~new_head~1.base_9 (store (store (store (select |#memory_$Pointer$.base| v_dll_prepend_~new_head~1.base_9) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_8)) |main_~#s~0.base|) |main_~#s~0.offset|))) (not (= (select |#valid| v_dll_prepend_~new_head~1.base_9) (_ bv0 1)))) (or (not (= (select |#valid| |main_~#s~0.base|) (_ bv0 1))) (not (= |main_~#s~0.offset| (_ bv0 32))))) [2018-11-23 11:15:21,942 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-11-23 11:15:21,942 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FPBP No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 8 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 8 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-11-23 11:15:21,952 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:15:22,054 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:15:22,088 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:15:22,091 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:15:22,136 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:15:22,137 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:22,140 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:22,140 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2018-11-23 11:15:22,145 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:15:22,145 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_65|]. (= |#valid| (store |v_#valid_65| |main_~#s~0.base| (_ bv1 1))) [2018-11-23 11:15:22,145 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (select |#valid| |main_~#s~0.base|) (_ bv1 1)) [2018-11-23 11:15:24,317 WARN L854 $PredicateComparison]: unable to prove that (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (let ((.cse0 (store |c_old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)))) (and (= (select .cse0 c_dll_create_~new_head~0.base) (_ bv0 1)) (= |c_#valid| (store .cse0 c_dll_create_~new_head~0.base (_ bv1 1))) (= (select |c_old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))) is different from true [2018-11-23 11:15:55,655 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:55,657 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:55,660 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:55,661 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 4 disjoint index pairs (out of 3 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 42 [2018-11-23 11:15:55,675 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 4 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 36 [2018-11-23 11:15:55,680 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:55,746 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:55,768 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:55,769 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:30, output treesize:29 [2018-11-23 11:15:55,787 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:15:55,787 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_BEFORE_CALL_12|, |dll_create_#t~malloc3.base|]. (let ((.cse0 (store |v_#valid_BEFORE_CALL_12| |dll_create_#t~malloc3.base| (_ bv1 1)))) (and (= (_ bv0 1) (select |v_#valid_BEFORE_CALL_12| |dll_create_#t~malloc3.base|)) (= (_ bv0 1) (select .cse0 |main_#t~ret10.base|)) (= (bvadd (select |v_#valid_BEFORE_CALL_12| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1)) (= |#valid| (store .cse0 |main_#t~ret10.base| (_ bv1 1))))) [2018-11-23 11:15:55,788 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [|dll_create_#t~malloc3.base|]. (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (not (= |dll_create_#t~malloc3.base| |main_#t~ret10.base|)) (not (= |main_~#s~0.base| |main_#t~ret10.base|)) (= (_ bv1 1) (select |#valid| |main_#t~ret10.base|)) (not (= (select |#valid| |main_~#s~0.base|) (_ bv0 1))) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|))) [2018-11-23 11:15:56,478 WARN L180 SmtUtils]: Spent 141.00 ms on a formula simplification that was a NOOP. DAG size: 22 [2018-11-23 11:15:56,902 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:15:56,911 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:15:56,913 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:56,922 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:56,966 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:56,967 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:45, output treesize:41 [2018-11-23 11:15:57,011 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:57,045 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:57,278 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 22 [2018-11-23 11:15:57,310 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:15:57,321 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 14 [2018-11-23 11:15:57,335 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:15:57,365 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:15:57,461 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:15:57,462 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:79, output treesize:62 [2018-11-23 11:16:05,580 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:16:05,581 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_77|, |v_#memory_int_72|]. (let ((.cse0 (select |v_#memory_int_72| dll_prepend_~new_head~1.base)) (.cse2 (select |v_#memory_$Pointer$.base_77| dll_prepend_~new_head~1.base)) (.cse1 (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)))) (and (= (store |v_#memory_int_72| dll_prepend_~new_head~1.base (store .cse0 .cse1 (select (select |#memory_int| dll_prepend_~new_head~1.base) .cse1))) |#memory_int|) (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= (select .cse0 (_ bv0 32)) |dll_prepend_#in~data|) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |v_#memory_$Pointer$.base_77| (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) (select .cse2 (_ bv0 32))))) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= (store |v_#memory_$Pointer$.base_77| dll_prepend_~new_head~1.base (store .cse2 .cse1 (select (select |v_#memory_$Pointer$.base_77| dll_prepend_~head.base) dll_prepend_~head.offset))) |#memory_$Pointer$.base|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))) [2018-11-23 11:16:05,581 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_DerPreprocessor_10]. (and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |dll_prepend_#in~data| (select (select |#memory_int| dll_prepend_~new_head~1.base) (_ bv0 32))) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= |#memory_$Pointer$.base| (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (let ((.cse0 (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_10))) (store .cse0 (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base .cse0) dll_prepend_~head.base) dll_prepend_~head.offset))))) (= |dll_prepend_#in~head.base| dll_prepend_~head.base)) [2018-11-23 11:16:05,751 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 174 treesize of output 170 [2018-11-23 11:16:05,770 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 170 treesize of output 166 [2018-11-23 11:16:05,780 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:16:05,808 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:16:06,159 INFO L303 Elim1Store]: Index analysis took 109 ms [2018-11-23 11:16:06,346 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 174 treesize of output 235 [2018-11-23 11:16:06,367 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 175 treesize of output 61 [2018-11-23 11:16:06,369 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:06,610 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 2 case distinctions, treesize of input 172 treesize of output 115 [2018-11-23 11:16:06,614 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 2 xjuncts. [2018-11-23 11:16:06,717 INFO L267 ElimStorePlain]: Start of recursive call 4: 2 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:16:06,852 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: 1 dim-0 vars, and 2 xjuncts. [2018-11-23 11:16:06,853 INFO L202 ElimStorePlain]: Needed 6 recursive calls to eliminate 3 variables, input treesize:196, output treesize:90 [2018-11-23 11:16:11,037 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:16:11,037 WARN L384 uantifierElimination]: Input elimination task: ∃ [v_DerPreprocessor_2, |v_#memory_$Pointer$.offset_65|, |v_#memory_int_73|]. (and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= (let ((.cse0 (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (let ((.cse3 (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)))) (let ((.cse2 (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) .cse3 (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2))) (store .cse2 .cse3 (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base .cse2) dll_prepend_~head.base) dll_prepend_~head.offset))))) dll_prepend_~head.base) dll_prepend_~head.offset))) (store |v_#memory_int_73| .cse0 (let ((.cse1 (bvadd (select (select |v_#memory_$Pointer$.offset_65| dll_prepend_~head.base) dll_prepend_~head.offset) (_ bv8 32)))) (store (select |v_#memory_int_73| .cse0) .cse1 (select (select |#memory_int| .cse0) .cse1))))) |#memory_int|) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= (select (select |v_#memory_int_73| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= |dll_prepend_#in~head.base| dll_prepend_~head.base)) [2018-11-23 11:16:11,038 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_DerPreprocessor_2]. (let ((.cse0 (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base))) (.cse1 (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|)) (.cse2 (= (_ bv0 32) dll_prepend_~new_head~1.offset)) (.cse5 (= |dll_prepend_#in~head.base| dll_prepend_~head.base))) (or (and .cse0 .cse1 .cse2 (= dll_prepend_~new_head~1.base (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (let ((.cse4 (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)))) (let ((.cse3 (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) .cse4 (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2))) (store .cse3 .cse4 (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base .cse3) dll_prepend_~head.base) dll_prepend_~head.offset))))) dll_prepend_~head.base) dll_prepend_~head.offset)) .cse5) (and .cse0 .cse1 .cse2 (= (select (select |#memory_int| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) .cse5))) [2018-11-23 11:16:11,155 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 50 treesize of output 47 [2018-11-23 11:16:11,164 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:16:11,165 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:11,211 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:11,285 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 85 treesize of output 82 [2018-11-23 11:16:11,305 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:16:11,306 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:11,434 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:11,952 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 81 treesize of output 78 [2018-11-23 11:16:11,966 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 1 [2018-11-23 11:16:11,967 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:12,057 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:12,385 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 46 treesize of output 58 [2018-11-23 11:16:12,394 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 47 treesize of output 35 [2018-11-23 11:16:12,396 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:12,541 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 2 case distinctions, treesize of input 44 treesize of output 38 [2018-11-23 11:16:12,547 INFO L267 ElimStorePlain]: Start of recursive call 10: End of recursive call: and 2 xjuncts. [2018-11-23 11:16:12,627 INFO L267 ElimStorePlain]: Start of recursive call 8: 2 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:16:12,896 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 27 [2018-11-23 11:16:12,904 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:16:12,906 INFO L267 ElimStorePlain]: Start of recursive call 12: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:12,929 INFO L267 ElimStorePlain]: Start of recursive call 11: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:12,958 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 66 treesize of output 63 [2018-11-23 11:16:12,976 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:16:12,977 INFO L267 ElimStorePlain]: Start of recursive call 14: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:13,033 INFO L267 ElimStorePlain]: Start of recursive call 13: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:13,040 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 28 [2018-11-23 11:16:13,047 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:16:13,048 INFO L267 ElimStorePlain]: Start of recursive call 16: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:13,066 INFO L267 ElimStorePlain]: Start of recursive call 15: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:13,269 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 4 dim-2 vars, End of recursive call: 1 dim-0 vars, and 3 xjuncts. [2018-11-23 11:16:13,270 INFO L202 ElimStorePlain]: Needed 16 recursive calls to eliminate 6 variables, input treesize:136, output treesize:135 [2018-11-23 11:16:15,300 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:16:15,301 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_79|, dll_prepend_~new_head~1.base, |v_#memory_$Pointer$.offset_66|, v_DerPreprocessor_2, v_prenex_13, |v_#memory_int_74|]. (let ((.cse0 (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base))) (.cse1 (= (store |v_#memory_$Pointer$.offset_66| |dll_prepend_#in~head.base| (store (select |v_#memory_$Pointer$.offset_66| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset| (_ bv0 32))) |#memory_$Pointer$.offset|)) (.cse2 (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_79| |dll_prepend_#in~head.base| (store (select |v_#memory_$Pointer$.base_79| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset| dll_prepend_~new_head~1.base)))) (.cse3 (select (select |#memory_int| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (or (and .cse0 .cse1 (= (select (select |v_#memory_int_74| dll_prepend_~new_head~1.base) (_ bv0 32)) |dll_prepend_#in~data|) .cse2 (= (store |v_#memory_int_74| |dll_prepend_#in~head.base| (store (select |v_#memory_int_74| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset| .cse3)) |#memory_int|)) (and .cse0 .cse1 .cse2 (= (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (let ((.cse4 (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2))) (store .cse4 (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base .cse4) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) dll_prepend_~new_head~1.base) (= (store v_prenex_13 |dll_prepend_#in~head.base| (store (select v_prenex_13 |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset| .cse3)) |#memory_int|)))) [2018-11-23 11:16:15,301 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_DerPreprocessor_2]. (let ((.cse0 (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (let ((.cse1 (= (_ bv0 1) (select |old(#valid)| .cse0))) (.cse2 (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) (or (and (= |dll_prepend_#in~head.base| .cse0) .cse1 (= (_ bv0 32) |dll_prepend_#in~head.offset|) .cse2) (and .cse1 (= .cse0 (select (select (store |old(#memory_$Pointer$.base)| .cse0 (let ((.cse3 (store (store (store (select |old(#memory_$Pointer$.base)| .cse0) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2))) (store .cse3 (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| .cse0 .cse3) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) .cse2) (and .cse1 (= |dll_prepend_#in~data| (select (select |#memory_int| .cse0) (_ bv0 32))) .cse2)))) [2018-11-23 11:16:15,504 WARN L180 SmtUtils]: Spent 115.00 ms on a formula simplification. DAG size of input: 81 DAG size of output: 39 [2018-11-23 11:16:15,603 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:16:15,605 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:16:15,608 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:16:15,609 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:16:15,610 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 4 select indices, 4 select index equivalence classes, 8 disjoint index pairs (out of 6 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 32 treesize of output 49 [2018-11-23 11:16:15,612 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:15,670 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 23 [2018-11-23 11:16:15,682 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 17 [2018-11-23 11:16:15,685 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:15,687 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:15,726 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:15,726 INFO L202 ElimStorePlain]: Needed 4 recursive calls to eliminate 7 variables, input treesize:188, output treesize:27 [2018-11-23 11:16:15,759 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:16:15,759 WARN L384 uantifierElimination]: Input elimination task: ∃ [v_prenex_16, v_prenex_15, v_prenex_14, |v_#memory_$Pointer$.base_BEFORE_CALL_12|, v_DerPreprocessor_2, |v_#valid_BEFORE_CALL_16|, |dll_create_#t~malloc3.base|]. (let ((.cse1 (= (select (select |#memory_$Pointer$.offset| |main_~#s~0.base|) |main_~#s~0.offset|) (_ bv0 32))) (.cse2 (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))) (or (let ((.cse0 (select (select v_prenex_15 |main_~#s~0.base|) |main_~#s~0.offset|))) (and (not (= (select v_prenex_16 |main_~#s~0.base|) (_ bv0 1))) (not (= v_prenex_14 .cse0)) (not (= |main_~#s~0.base| v_prenex_14)) (= (select v_prenex_16 v_prenex_14) (_ bv1 1)) .cse1 (= (select (select |#memory_int| .cse2) (_ bv0 32)) main_~data~0) (= (select v_prenex_16 .cse2) (_ bv0 1)) (not (= |main_~#s~0.base| .cse0)) (= (_ bv1 1) (select v_prenex_16 .cse0)))) (let ((.cse3 (select (select |v_#memory_$Pointer$.base_BEFORE_CALL_12| |main_~#s~0.base|) |main_~#s~0.offset|))) (and (not (= (select |v_#valid_BEFORE_CALL_16| |main_~#s~0.base|) (_ bv0 1))) (= (_ bv1 1) (select |v_#valid_BEFORE_CALL_16| .cse3)) (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (not (= |main_~#s~0.base| .cse3)) (= (select |v_#valid_BEFORE_CALL_16| |dll_create_#t~malloc3.base|) (_ bv1 1)) .cse1 (not (= |dll_create_#t~malloc3.base| .cse3)) (= (select |v_#valid_BEFORE_CALL_16| .cse2) (_ bv0 1)) (= .cse2 (select (select (store |v_#memory_$Pointer$.base_BEFORE_CALL_12| .cse2 (let ((.cse4 (store (store (store (select |v_#memory_$Pointer$.base_BEFORE_CALL_12| .cse2) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2))) (store .cse4 (_ bv4 32) (select (select (store |v_#memory_$Pointer$.base_BEFORE_CALL_12| .cse2 .cse4) |main_~#s~0.base|) |main_~#s~0.offset|)))) |main_~#s~0.base|) |main_~#s~0.offset|)))))) [2018-11-23 11:16:15,759 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))) (and (= (select (select |#memory_$Pointer$.offset| |main_~#s~0.base|) |main_~#s~0.offset|) (_ bv0 32)) (= (select (select |#memory_int| .cse0) (_ bv0 32)) main_~data~0) (not (= |main_~#s~0.base| .cse0)))) [2018-11-23 11:16:17,933 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2018-11-23 11:16:17,944 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 3 [2018-11-23 11:16:17,953 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:17,957 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:17,982 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 21 [2018-11-23 11:16:17,989 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 12 [2018-11-23 11:16:17,991 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:18,003 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:18,018 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:18,018 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 4 variables, input treesize:41, output treesize:11 [2018-11-23 11:16:18,026 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:16:18,026 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, |main_~#s~0.base|, |main_~#s~0.offset|, |#memory_$Pointer$.offset|]. (let ((.cse0 (select (select |#memory_$Pointer$.offset| |main_~#s~0.base|) |main_~#s~0.offset|)) (.cse1 (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))) (and (= .cse0 main_~ptr~0.offset) (= main_~ptr~0.base .cse1) (= .cse0 (_ bv0 32)) (= (select (select |#memory_int| .cse1) (_ bv0 32)) main_~data~0) (not (= |main_~#s~0.base| .cse1)))) [2018-11-23 11:16:18,026 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~data~0 (select (select |#memory_int| main_~ptr~0.base) (_ bv0 32))) (= main_~ptr~0.offset (_ bv0 32))) [2018-11-23 11:16:18,411 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2018-11-23 11:16:18,415 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 3 [2018-11-23 11:16:18,416 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:18,420 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:18,423 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:18,424 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:15, output treesize:3 [2018-11-23 11:16:18,427 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:16:18,427 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~ptr~0.base]. (let ((.cse0 (select (select |#memory_int| main_~ptr~0.base) (_ bv0 32)))) (and (= |main_#t~mem13| .cse0) (= main_~data~0 .cse0))) [2018-11-23 11:16:18,427 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem13| main_~data~0) [2018-11-23 11:16:18,428 INFO L256 TraceCheckUtils]: 0: Hoare triple {1844#true} call ULTIMATE.init(); {1844#true} is VALID [2018-11-23 11:16:18,428 INFO L273 TraceCheckUtils]: 1: Hoare triple {1844#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1844#true} is VALID [2018-11-23 11:16:18,429 INFO L273 TraceCheckUtils]: 2: Hoare triple {1844#true} assume true; {1844#true} is VALID [2018-11-23 11:16:18,429 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1844#true} {1844#true} #118#return; {1844#true} is VALID [2018-11-23 11:16:18,429 INFO L256 TraceCheckUtils]: 4: Hoare triple {1844#true} call #t~ret16 := main(); {1844#true} is VALID [2018-11-23 11:16:18,430 INFO L273 TraceCheckUtils]: 5: Hoare triple {1844#true} ~len~0 := 2bv32;~data~0 := 1bv32;call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4bv32); {2019#(= (bvadd (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:16:18,432 INFO L256 TraceCheckUtils]: 6: Hoare triple {2019#(= (bvadd (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1))} call #t~ret10.base, #t~ret10.offset := dll_create(~len~0, ~data~0); {1868#(= |#valid| |old(#valid)|)} is VALID [2018-11-23 11:16:18,432 INFO L273 TraceCheckUtils]: 7: Hoare triple {1868#(= |#valid| |old(#valid)|)} ~len := #in~len;~data := #in~data;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1868#(= |#valid| |old(#valid)|)} is VALID [2018-11-23 11:16:18,434 INFO L273 TraceCheckUtils]: 8: Hoare triple {1868#(= |#valid| |old(#valid)|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(12bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,436 INFO L273 TraceCheckUtils]: 9: Hoare triple {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,440 INFO L273 TraceCheckUtils]: 10: Hoare triple {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} call write~intINTTYPE4(~data, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,454 INFO L273 TraceCheckUtils]: 11: Hoare triple {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,456 INFO L273 TraceCheckUtils]: 12: Hoare triple {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post4 := ~len;~len := ~bvsub32(#t~post4, 1bv32);havoc #t~post4; {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,458 INFO L273 TraceCheckUtils]: 13: Hoare triple {1875#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(12bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; {2044#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base) (_ bv0 1)) (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,459 INFO L273 TraceCheckUtils]: 14: Hoare triple {2044#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base) (_ bv0 1)) (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2044#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base) (_ bv0 1)) (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,460 INFO L273 TraceCheckUtils]: 15: Hoare triple {2044#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base) (_ bv0 1)) (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} call write~intINTTYPE4(~data, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2044#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base) (_ bv0 1)) (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,460 INFO L273 TraceCheckUtils]: 16: Hoare triple {2044#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base) (_ bv0 1)) (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(8bv32, ~head~0.offset), 4bv32); {2044#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base) (_ bv0 1)) (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,462 INFO L273 TraceCheckUtils]: 17: Hoare triple {2044#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base) (_ bv0 1)) (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~new_head~0.base (_ bv1 1))) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post4 := ~len;~len := ~bvsub32(#t~post4, 1bv32);havoc #t~post4; {2057#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base (_ bv1 1))) (= (_ bv0 1) (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base)) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,462 INFO L273 TraceCheckUtils]: 18: Hoare triple {2057#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base (_ bv1 1))) (= (_ bv0 1) (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base)) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume !~bvsgt32(~len, 0bv32); {2057#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base (_ bv1 1))) (= (_ bv0 1) (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base)) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,463 INFO L273 TraceCheckUtils]: 19: Hoare triple {2057#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base (_ bv1 1))) (= (_ bv0 1) (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) dll_create_~head~0.base)) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {2064#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base| (_ bv1 1))) (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base|) (_ bv0 1)) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,464 INFO L273 TraceCheckUtils]: 20: Hoare triple {2064#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base| (_ bv1 1))) (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base|) (_ bv0 1)) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} assume true; {2064#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base| (_ bv1 1))) (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base|) (_ bv0 1)) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,469 INFO L268 TraceCheckUtils]: 21: Hoare quadruple {2064#(exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (= |#valid| (store (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base| (_ bv1 1))) (= (select (store |old(#valid)| |dll_create_#t~malloc3.base| (_ bv1 1)) |dll_create_#res.base|) (_ bv0 1)) (= (select |old(#valid)| |dll_create_#t~malloc3.base|) (_ bv0 1))))} {2019#(= (bvadd (select |#valid| |main_~#s~0.base|) (_ bv1 1)) (_ bv0 1))} #108#return; {2071#(and (not (= |main_~#s~0.base| |main_#t~ret10.base|)) (= (_ bv1 1) (select |#valid| |main_#t~ret10.base|)) (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (not (= |dll_create_#t~malloc3.base| |main_#t~ret10.base|)) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|)))) (not (= (select |#valid| |main_~#s~0.base|) (_ bv0 1))))} is VALID [2018-11-23 11:16:18,471 INFO L273 TraceCheckUtils]: 22: Hoare triple {2071#(and (not (= |main_~#s~0.base| |main_#t~ret10.base|)) (= (_ bv1 1) (select |#valid| |main_#t~ret10.base|)) (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (not (= |dll_create_#t~malloc3.base| |main_#t~ret10.base|)) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|)))) (not (= (select |#valid| |main_~#s~0.base|) (_ bv0 1))))} call write~init~$Pointer$(#t~ret10.base, #t~ret10.offset, ~#s~0.base, ~#s~0.offset, 4bv32);havoc #t~ret10.base, #t~ret10.offset; {2075#(and (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (not (= |dll_create_#t~malloc3.base| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|)))) (not (= (select |#valid| |main_~#s~0.base|) (_ bv0 1))) (not (= |main_~#s~0.base| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))) (= (_ bv1 1) (select |#valid| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} is VALID [2018-11-23 11:16:18,472 INFO L256 TraceCheckUtils]: 23: Hoare triple {2075#(and (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (not (= |dll_create_#t~malloc3.base| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|)))) (not (= (select |#valid| |main_~#s~0.base|) (_ bv0 1))) (not (= |main_~#s~0.base| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))) (= (_ bv1 1) (select |#valid| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} call dll_prepend(~#s~0.base, ~#s~0.offset, ~data~0); {1926#(and (= |#valid| |old(#valid)|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|))} is VALID [2018-11-23 11:16:18,472 INFO L273 TraceCheckUtils]: 24: Hoare triple {1926#(and (= |#valid| |old(#valid)|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|))} ~head.base, ~head.offset := #in~head.base, #in~head.offset;~data := #in~data; {1930#(and (= dll_prepend_~data |dll_prepend_#in~data|) (= |#valid| |old(#valid)|) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} is VALID [2018-11-23 11:16:18,473 INFO L256 TraceCheckUtils]: 25: Hoare triple {1930#(and (= dll_prepend_~data |dll_prepend_#in~data|) (= |#valid| |old(#valid)|) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} call #t~ret6.base, #t~ret6.offset := node_create(~data); {1926#(and (= |#valid| |old(#valid)|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|))} is VALID [2018-11-23 11:16:18,474 INFO L273 TraceCheckUtils]: 26: Hoare triple {1926#(and (= |#valid| |old(#valid)|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|))} ~data := #in~data;call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(12bv32);~temp~0.base, ~temp~0.offset := #t~malloc2.base, #t~malloc2.offset; {1937#(and (= node_create_~data |node_create_#in~data|) (= node_create_~temp~0.offset (_ bv0 32)) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= (_ bv0 1) (select |old(#valid)| node_create_~temp~0.base)))} is VALID [2018-11-23 11:16:18,475 INFO L273 TraceCheckUtils]: 27: Hoare triple {1937#(and (= node_create_~data |node_create_#in~data|) (= node_create_~temp~0.offset (_ bv0 32)) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= (_ bv0 1) (select |old(#valid)| node_create_~temp~0.base)))} assume !(0bv32 == ~temp~0.base && 0bv32 == ~temp~0.offset); {1937#(and (= node_create_~data |node_create_#in~data|) (= node_create_~temp~0.offset (_ bv0 32)) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= (_ bv0 1) (select |old(#valid)| node_create_~temp~0.base)))} is VALID [2018-11-23 11:16:18,478 INFO L273 TraceCheckUtils]: 28: Hoare triple {1937#(and (= node_create_~data |node_create_#in~data|) (= node_create_~temp~0.offset (_ bv0 32)) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= (_ bv0 1) (select |old(#valid)| node_create_~temp~0.base)))} call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(4bv32, ~temp~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~temp~0.base, ~bvadd32(8bv32, ~temp~0.offset), 4bv32);call write~intINTTYPE4(~data, ~temp~0.base, ~temp~0.offset, 4bv32);#res.base, #res.offset := ~temp~0.base, ~temp~0.offset; {1944#(and (= (_ bv0 1) (select |old(#valid)| |node_create_#res.base|)) (= (store |old(#memory_$Pointer$.base)| |node_create_#res.base| (store (store (store (select |old(#memory_$Pointer$.base)| |node_create_#res.base|) (bvadd |node_create_#res.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |node_create_#res.offset| (_ bv8 32)) (_ bv0 32)) |node_create_#res.offset| (select (select |#memory_$Pointer$.base| |node_create_#res.base|) |node_create_#res.offset|))) |#memory_$Pointer$.base|) (= |node_create_#in~data| (select (select |#memory_int| |node_create_#res.base|) |node_create_#res.offset|)) (= |node_create_#res.offset| (_ bv0 32)))} is VALID [2018-11-23 11:16:18,479 INFO L273 TraceCheckUtils]: 29: Hoare triple {1944#(and (= (_ bv0 1) (select |old(#valid)| |node_create_#res.base|)) (= (store |old(#memory_$Pointer$.base)| |node_create_#res.base| (store (store (store (select |old(#memory_$Pointer$.base)| |node_create_#res.base|) (bvadd |node_create_#res.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |node_create_#res.offset| (_ bv8 32)) (_ bv0 32)) |node_create_#res.offset| (select (select |#memory_$Pointer$.base| |node_create_#res.base|) |node_create_#res.offset|))) |#memory_$Pointer$.base|) (= |node_create_#in~data| (select (select |#memory_int| |node_create_#res.base|) |node_create_#res.offset|)) (= |node_create_#res.offset| (_ bv0 32)))} assume true; {1944#(and (= (_ bv0 1) (select |old(#valid)| |node_create_#res.base|)) (= (store |old(#memory_$Pointer$.base)| |node_create_#res.base| (store (store (store (select |old(#memory_$Pointer$.base)| |node_create_#res.base|) (bvadd |node_create_#res.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |node_create_#res.offset| (_ bv8 32)) (_ bv0 32)) |node_create_#res.offset| (select (select |#memory_$Pointer$.base| |node_create_#res.base|) |node_create_#res.offset|))) |#memory_$Pointer$.base|) (= |node_create_#in~data| (select (select |#memory_int| |node_create_#res.base|) |node_create_#res.offset|)) (= |node_create_#res.offset| (_ bv0 32)))} is VALID [2018-11-23 11:16:18,481 INFO L268 TraceCheckUtils]: 30: Hoare quadruple {1944#(and (= (_ bv0 1) (select |old(#valid)| |node_create_#res.base|)) (= (store |old(#memory_$Pointer$.base)| |node_create_#res.base| (store (store (store (select |old(#memory_$Pointer$.base)| |node_create_#res.base|) (bvadd |node_create_#res.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |node_create_#res.offset| (_ bv8 32)) (_ bv0 32)) |node_create_#res.offset| (select (select |#memory_$Pointer$.base| |node_create_#res.base|) |node_create_#res.offset|))) |#memory_$Pointer$.base|) (= |node_create_#in~data| (select (select |#memory_int| |node_create_#res.base|) |node_create_#res.offset|)) (= |node_create_#res.offset| (_ bv0 32)))} {1930#(and (= dll_prepend_~data |dll_prepend_#in~data|) (= |#valid| |old(#valid)|) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= |old(#memory_$Pointer$.base)| |#memory_$Pointer$.base|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} #116#return; {1951#(and (= (select |old(#valid)| |dll_prepend_#t~ret6.base|) (_ bv0 1)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= (select (select |#memory_int| |dll_prepend_#t~ret6.base|) |dll_prepend_#t~ret6.offset|) |dll_prepend_#in~data|) (= (store |old(#memory_$Pointer$.base)| |dll_prepend_#t~ret6.base| (store (store (store (select |old(#memory_$Pointer$.base)| |dll_prepend_#t~ret6.base|) (bvadd |dll_prepend_#t~ret6.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |dll_prepend_#t~ret6.offset| (_ bv8 32)) (_ bv0 32)) |dll_prepend_#t~ret6.offset| (select (select |#memory_$Pointer$.base| |dll_prepend_#t~ret6.base|) |dll_prepend_#t~ret6.offset|))) |#memory_$Pointer$.base|) (= |dll_prepend_#t~ret6.offset| (_ bv0 32)) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} is VALID [2018-11-23 11:16:18,493 INFO L273 TraceCheckUtils]: 31: Hoare triple {1951#(and (= (select |old(#valid)| |dll_prepend_#t~ret6.base|) (_ bv0 1)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= (select (select |#memory_int| |dll_prepend_#t~ret6.base|) |dll_prepend_#t~ret6.offset|) |dll_prepend_#in~data|) (= (store |old(#memory_$Pointer$.base)| |dll_prepend_#t~ret6.base| (store (store (store (select |old(#memory_$Pointer$.base)| |dll_prepend_#t~ret6.base|) (bvadd |dll_prepend_#t~ret6.offset| (_ bv4 32)) (_ bv0 32)) (bvadd |dll_prepend_#t~ret6.offset| (_ bv8 32)) (_ bv0 32)) |dll_prepend_#t~ret6.offset| (select (select |#memory_$Pointer$.base| |dll_prepend_#t~ret6.base|) |dll_prepend_#t~ret6.offset|))) |#memory_$Pointer$.base|) (= |dll_prepend_#t~ret6.offset| (_ bv0 32)) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} ~new_head~1.base, ~new_head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset;call #t~mem7.base, #t~mem7.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(#t~mem7.base, #t~mem7.offset, ~new_head~1.base, ~bvadd32(4bv32, ~new_head~1.offset), 4bv32);havoc #t~mem7.base, #t~mem7.offset;call #t~mem8.base, #t~mem8.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32); {1955#(and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2)) dll_prepend_~head.base) dll_prepend_~head.offset))) |#memory_$Pointer$.base|)) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= (select (select |#memory_int| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} is VALID [2018-11-23 11:16:18,497 INFO L273 TraceCheckUtils]: 32: Hoare triple {1955#(and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2)) dll_prepend_~head.base) dll_prepend_~head.offset))) |#memory_$Pointer$.base|)) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= (select (select |#memory_int| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base))} assume #t~mem8.base != 0bv32 || #t~mem8.offset != 0bv32;havoc #t~mem8.base, #t~mem8.offset;call #t~mem9.base, #t~mem9.offset := read~$Pointer$(~head.base, ~head.offset, 4bv32);call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, #t~mem9.base, ~bvadd32(8bv32, #t~mem9.offset), 4bv32);havoc #t~mem9.base, #t~mem9.offset; {1959#(or (and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= dll_prepend_~new_head~1.base (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2)) dll_prepend_~head.base) dll_prepend_~head.offset))) dll_prepend_~head.base) dll_prepend_~head.offset))) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= |dll_prepend_#in~head.base| dll_prepend_~head.base)) (and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= (select (select |#memory_int| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base)))} is VALID [2018-11-23 11:16:18,589 INFO L273 TraceCheckUtils]: 33: Hoare triple {1959#(or (and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= dll_prepend_~new_head~1.base (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (select (select (store |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base (store (store (store (select |old(#memory_$Pointer$.base)| dll_prepend_~new_head~1.base) (bvadd dll_prepend_~new_head~1.offset (_ bv4 32)) (_ bv0 32)) (bvadd dll_prepend_~new_head~1.offset (_ bv8 32)) (_ bv0 32)) dll_prepend_~new_head~1.offset v_DerPreprocessor_2)) dll_prepend_~head.base) dll_prepend_~head.offset))) dll_prepend_~head.base) dll_prepend_~head.offset))) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= |dll_prepend_#in~head.base| dll_prepend_~head.base)) (and (= (_ bv0 1) (select |old(#valid)| dll_prepend_~new_head~1.base)) (= dll_prepend_~head.offset |dll_prepend_#in~head.offset|) (= (_ bv0 32) dll_prepend_~new_head~1.offset) (= (select (select |#memory_int| dll_prepend_~new_head~1.base) dll_prepend_~new_head~1.offset) |dll_prepend_#in~data|) (= |dll_prepend_#in~head.base| dll_prepend_~head.base)))} call write~$Pointer$(~new_head~1.base, ~new_head~1.offset, ~head.base, ~head.offset, 4bv32); {1963#(or (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2) (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2)) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= |dll_prepend_#in~data| (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv0 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))))} is VALID [2018-11-23 11:16:18,590 INFO L273 TraceCheckUtils]: 34: Hoare triple {1963#(or (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2) (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2)) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= |dll_prepend_#in~data| (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv0 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))))} assume true; {1963#(or (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2) (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2)) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= |dll_prepend_#in~data| (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv0 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))))} is VALID [2018-11-23 11:16:18,608 INFO L268 TraceCheckUtils]: 35: Hoare quadruple {1963#(or (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (exists ((v_DerPreprocessor_2 (_ BitVec 32))) (= (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2) (_ bv4 32) (select (select (store |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|) (store (store (store (select |old(#memory_$Pointer$.base)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_2)) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)))) (and (= (_ bv0 1) (select |old(#valid)| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))) (= |dll_prepend_#in~data| (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|)) (_ bv0 32))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |dll_prepend_#in~head.base|) |dll_prepend_#in~head.offset|))))} {2075#(and (exists ((|dll_create_#t~malloc3.base| (_ BitVec 32))) (and (not (= |main_~#s~0.base| |dll_create_#t~malloc3.base|)) (not (= |dll_create_#t~malloc3.base| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))) (= (_ bv1 1) (select |#valid| |dll_create_#t~malloc3.base|)))) (not (= (select |#valid| |main_~#s~0.base|) (_ bv0 1))) (not (= |main_~#s~0.base| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))) (= (_ bv1 1) (select |#valid| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} #110#return; {2115#(and (= (select (select |#memory_$Pointer$.offset| |main_~#s~0.base|) |main_~#s~0.offset|) (_ bv0 32)) (= (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|)) (_ bv0 32)) main_~data~0) (not (= |main_~#s~0.base| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} is VALID [2018-11-23 11:16:18,620 INFO L273 TraceCheckUtils]: 36: Hoare triple {2115#(and (= (select (select |#memory_$Pointer$.offset| |main_~#s~0.base|) |main_~#s~0.offset|) (_ bv0 32)) (= (select (select |#memory_int| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|)) (_ bv0 32)) main_~data~0) (not (= |main_~#s~0.base| (select (select |#memory_$Pointer$.base| |main_~#s~0.base|) |main_~#s~0.offset|))))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4bv32);~ptr~0.base, ~ptr~0.offset := #t~mem11.base, #t~mem11.offset;havoc #t~mem11.base, #t~mem11.offset;~count~0 := 0bv32; {2119#(and (= main_~data~0 (select (select |#memory_int| main_~ptr~0.base) (_ bv0 32))) (= main_~ptr~0.offset (_ bv0 32)))} is VALID [2018-11-23 11:16:18,621 INFO L273 TraceCheckUtils]: 37: Hoare triple {2119#(and (= main_~data~0 (select (select |#memory_int| main_~ptr~0.base) (_ bv0 32))) (= main_~ptr~0.offset (_ bv0 32)))} assume !!(~ptr~0.base != 0bv32 || ~ptr~0.offset != 0bv32);call #t~mem12.base, #t~mem12.offset := read~$Pointer$(~ptr~0.base, ~bvadd32(4bv32, ~ptr~0.offset), 4bv32);~temp~2.base, ~temp~2.offset := #t~mem12.base, #t~mem12.offset;havoc #t~mem12.base, #t~mem12.offset;call #t~mem13 := read~intINTTYPE4(~ptr~0.base, ~ptr~0.offset, 4bv32); {1988#(= |main_#t~mem13| main_~data~0)} is VALID [2018-11-23 11:16:18,621 INFO L273 TraceCheckUtils]: 38: Hoare triple {1988#(= |main_#t~mem13| main_~data~0)} assume ~data~0 != #t~mem13;havoc #t~mem13; {1845#false} is VALID [2018-11-23 11:16:18,621 INFO L273 TraceCheckUtils]: 39: Hoare triple {1845#false} assume !false; {1845#false} is VALID [2018-11-23 11:16:18,628 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 6 not checked. [2018-11-23 11:16:18,628 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:16:18,762 WARN L180 SmtUtils]: Spent 124.00 ms on a formula simplification that was a NOOP. DAG size: 40 [2018-11-23 11:16:18,885 WARN L180 SmtUtils]: Spent 122.00 ms on a formula simplification that was a NOOP. DAG size: 40 [2018-11-23 11:16:19,171 WARN L180 SmtUtils]: Spent 283.00 ms on a formula simplification that was a NOOP. DAG size: 54 [2018-11-23 11:16:19,409 WARN L180 SmtUtils]: Spent 236.00 ms on a formula simplification that was a NOOP. DAG size: 50 [2018-11-23 11:16:25,688 WARN L180 SmtUtils]: Spent 6.24 s on a formula simplification that was a NOOP. DAG size: 109 [2018-11-23 11:16:27,312 WARN L180 SmtUtils]: Spent 1.62 s on a formula simplification that was a NOOP. DAG size: 77 [2018-11-23 11:16:29,460 WARN L180 SmtUtils]: Spent 2.14 s on a formula simplification that was a NOOP. DAG size: 91 [2018-11-23 11:16:32,546 WARN L180 SmtUtils]: Spent 3.08 s on a formula simplification that was a NOOP. DAG size: 87 [2018-11-23 11:16:35,048 WARN L833 TransFormulaUtils]: predicate-based correctness check returned UNKNOWN, hence correctness of interprocedural sequential composition was not checked. [2018-11-23 11:16:37,465 WARN L180 SmtUtils]: Spent 360.00 ms on a formula simplification that was a NOOP. DAG size: 59 [2018-11-23 11:16:37,494 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 40 treesize of output 36 [2018-11-23 11:16:37,514 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 36 treesize of output 32 [2018-11-23 11:16:37,517 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:16:37,573 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:16:37,894 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:16:37,934 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:16:38,156 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 16 [2018-11-23 11:16:38,176 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 20 [2018-11-23 11:16:38,212 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 8 [2018-11-23 11:16:38,218 INFO L267 ElimStorePlain]: Start of recursive call 8: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:38,238 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:38,262 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:38,460 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:16:38,483 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:16:38,587 INFO L267 ElimStorePlain]: Start of recursive call 12: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:16:38,609 INFO L267 ElimStorePlain]: Start of recursive call 11: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:16:38,792 INFO L303 Elim1Store]: Index analysis took 108 ms [2018-11-23 11:16:38,946 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 3 new quantified variables, introduced 3 case distinctions, treesize of input 116 treesize of output 106 [2018-11-23 11:16:39,609 WARN L180 SmtUtils]: Spent 633.00 ms on a formula simplification. DAG size of input: 66 DAG size of output: 64 [2018-11-23 11:16:39,625 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:16:39,626 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:16:39,627 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 68 treesize of output 70 [2018-11-23 11:16:39,632 INFO L267 ElimStorePlain]: Start of recursive call 14: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:39,654 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:16:39,654 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:16:39,655 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 68 treesize of output 70 [2018-11-23 11:16:39,657 INFO L267 ElimStorePlain]: Start of recursive call 15: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:39,666 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:16:39,667 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:16:39,668 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 68 treesize of output 70 [2018-11-23 11:16:39,670 INFO L267 ElimStorePlain]: Start of recursive call 16: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:39,713 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 2 case distinctions, treesize of input 69 treesize of output 95 [2018-11-23 11:16:39,720 INFO L267 ElimStorePlain]: Start of recursive call 17: End of recursive call: and 2 xjuncts. [2018-11-23 11:16:40,339 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 70 treesize of output 69 [2018-11-23 11:16:40,343 INFO L267 ElimStorePlain]: Start of recursive call 18: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:40,967 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 88 treesize of output 48 [2018-11-23 11:16:40,991 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 1 case distinctions, treesize of input 15 treesize of output 10 [2018-11-23 11:16:40,993 INFO L267 ElimStorePlain]: Start of recursive call 20: End of recursive call: and 2 xjuncts. [2018-11-23 11:16:41,031 INFO L267 ElimStorePlain]: Start of recursive call 19: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:16:41,038 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 63 treesize of output 43 [2018-11-23 11:16:41,051 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:16:41,052 INFO L267 ElimStorePlain]: Start of recursive call 22: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:41,122 INFO L267 ElimStorePlain]: Start of recursive call 21: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:41,127 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 63 treesize of output 43 [2018-11-23 11:16:41,135 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:16:41,136 INFO L267 ElimStorePlain]: Start of recursive call 24: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:41,162 INFO L267 ElimStorePlain]: Start of recursive call 23: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:41,171 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 63 treesize of output 43 [2018-11-23 11:16:41,186 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:16:41,186 INFO L267 ElimStorePlain]: Start of recursive call 26: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:41,241 INFO L267 ElimStorePlain]: Start of recursive call 25: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:16:41,749 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 51 treesize of output 53 [2018-11-23 11:16:41,762 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 33 [2018-11-23 11:16:41,764 INFO L267 ElimStorePlain]: Start of recursive call 28: End of recursive call: and 1 xjuncts. [2018-11-23 11:16:41,892 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 1 case distinctions, treesize of input 26 treesize of output 22 [2018-11-23 11:16:41,895 INFO L267 ElimStorePlain]: Start of recursive call 29: End of recursive call: and 2 xjuncts. [2018-11-23 11:16:42,018 INFO L267 ElimStorePlain]: Start of recursive call 27: 2 dim-1 vars, End of recursive call: and 3 xjuncts. [2018-11-23 11:16:42,375 INFO L267 ElimStorePlain]: Start of recursive call 13: 2 dim-1 vars, 3 dim-2 vars, End of recursive call: and 3 xjuncts. [2018-11-23 11:16:42,536 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 6 dim-2 vars, End of recursive call: 4 dim-0 vars, and 3 xjuncts. [2018-11-23 11:16:42,536 INFO L202 ElimStorePlain]: Needed 29 recursive calls to eliminate 8 variables, input treesize:147, output treesize:76 [2018-11-23 11:16:44,869 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:16:44,869 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_$Pointer$.base_97|, v_dll_prepend_~new_head~1.base_12, |v_#memory_int_91|, |v_#memory_$Pointer$.offset_79|, |v_#memory_int_92|, |v_#memory_int_93|, main_~data~0, |v_#memory_int_94|]. (let ((.cse2 (select |v_#memory_$Pointer$.base_97| v_dll_prepend_~new_head~1.base_12))) (or (not (= |v_#memory_int_92| (store |v_#memory_int_93| v_dll_prepend_~new_head~1.base_12 (store (store (select |v_#memory_int_93| v_dll_prepend_~new_head~1.base_12) (_ bv0 32) main_~data~0) (_ bv4 32) (select (select |v_#memory_int_92| v_dll_prepend_~new_head~1.base_12) (_ bv4 32)))))) (not (= |v_#memory_int_91| (let ((.cse0 (select (select (store |v_#memory_$Pointer$.base_97| v_dll_prepend_~new_head~1.base_12 (store .cse2 (_ bv4 32) (select (select |v_#memory_$Pointer$.base_97| |main_~#s~0.base|) |main_~#s~0.offset|))) |main_~#s~0.base|) |main_~#s~0.offset|))) (store |v_#memory_int_92| .cse0 (let ((.cse1 (bvadd (select (select |v_#memory_$Pointer$.offset_79| |main_~#s~0.base|) |main_~#s~0.offset|) (_ bv8 32)))) (store (select |v_#memory_int_92| .cse0) .cse1 (select (select |v_#memory_int_91| .cse0) .cse1))))))) (= main_~data~0 (select (select |v_#memory_int_94| v_dll_prepend_~new_head~1.base_12) (_ bv0 32))) (not (= |v_#memory_int_94| (store |v_#memory_int_91| |main_~#s~0.base| (store (select |v_#memory_int_91| |main_~#s~0.base|) |main_~#s~0.offset| (select (select |v_#memory_int_94| |main_~#s~0.base|) |main_~#s~0.offset|))))) (not (= (_ bv0 1) (select |#valid| v_dll_prepend_~new_head~1.base_12))) (not (= |v_#memory_$Pointer$.base_97| (store |#memory_$Pointer$.base| v_dll_prepend_~new_head~1.base_12 (store (store (store (select |#memory_$Pointer$.base| v_dll_prepend_~new_head~1.base_12) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) (select .cse2 (_ bv0 32)))))))) [2018-11-23 11:16:44,869 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_dll_prepend_~new_head~1.base_12, v_DerPreprocessor_12, v_prenex_20, v_prenex_21]. (let ((.cse0 (= |main_~#s~0.offset| (_ bv0 32)))) (and (or (not (= (select (select (store |#memory_$Pointer$.base| v_dll_prepend_~new_head~1.base_12 (store (store (store (select |#memory_$Pointer$.base| v_dll_prepend_~new_head~1.base_12) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_DerPreprocessor_12)) |main_~#s~0.base|) |main_~#s~0.offset|) v_dll_prepend_~new_head~1.base_12)) .cse0 (not (= (_ bv0 1) (select |#valid| v_dll_prepend_~new_head~1.base_12)))) (or (= v_prenex_20 |main_~#s~0.base|) (not (= (select (select (store |#memory_$Pointer$.base| v_prenex_20 (store (store (store (select |#memory_$Pointer$.base| v_prenex_20) (_ bv4 32) (_ bv0 32)) (_ bv8 32) (_ bv0 32)) (_ bv0 32) v_prenex_21)) |main_~#s~0.base|) |main_~#s~0.offset|) v_prenex_20)) (not (= (_ bv0 1) (select |#valid| v_prenex_20)))) (or (not .cse0) (not (= (select |#valid| |main_~#s~0.base|) (_ bv0 1)))))) [2018-11-23 11:16:45,117 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:16:45,117 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [21, 21] total 30 [2018-11-23 11:16:45,118 INFO L78 Accepts]: Start accepts. Automaton has 30 states. Word has length 40 [2018-11-23 11:16:45,118 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:16:45,119 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 30 states. [2018-11-23 11:16:45,365 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 57 edges. 57 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:16:45,365 INFO L459 AbstractCegarLoop]: Interpolant automaton has 30 states [2018-11-23 11:16:45,365 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 30 interpolants. [2018-11-23 11:16:45,366 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=83, Invalid=674, Unknown=19, NotChecked=280, Total=1056 [2018-11-23 11:16:45,366 INFO L87 Difference]: Start difference. First operand 43 states and 47 transitions. Second operand 30 states.