java -ea -Xmx8000000000 -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc ../../../trunk/examples/toolchains/AutomizerCInline_WitnessPrinter.xml -s ../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf -i ../../../trunk/examples/svcomp/list-ext3-properties/dll_nullified_false-unreach-call_false-valid-memcleanup.i -------------------------------------------------------------------------------- This is Ultimate 0.1.23-61f4311 [2018-11-23 11:20:37,118 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-11-23 11:20:37,120 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-11-23 11:20:37,132 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-11-23 11:20:37,132 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-11-23 11:20:37,133 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-11-23 11:20:37,135 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-11-23 11:20:37,138 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-11-23 11:20:37,140 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-11-23 11:20:37,143 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-11-23 11:20:37,145 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-11-23 11:20:37,146 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-11-23 11:20:37,147 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2018-11-23 11:20:37,148 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-11-23 11:20:37,152 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2018-11-23 11:20:37,153 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-11-23 11:20:37,153 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-11-23 11:20:37,161 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-11-23 11:20:37,167 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-11-23 11:20:37,169 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-11-23 11:20:37,172 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-11-23 11:20:37,174 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-11-23 11:20:37,178 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-11-23 11:20:37,180 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-11-23 11:20:37,180 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2018-11-23 11:20:37,181 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-11-23 11:20:37,182 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-11-23 11:20:37,186 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2018-11-23 11:20:37,187 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-11-23 11:20:37,188 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-11-23 11:20:37,188 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-11-23 11:20:37,191 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-11-23 11:20:37,191 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2018-11-23 11:20:37,191 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2018-11-23 11:20:37,194 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-11-23 11:20:37,195 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-11-23 11:20:37,195 INFO L98 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf [2018-11-23 11:20:37,227 INFO L110 SettingsManager]: Loading preferences was successful [2018-11-23 11:20:37,227 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-11-23 11:20:37,228 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-11-23 11:20:37,229 INFO L133 SettingsManager]: * ... calls to implemented procedures=ONLY_FOR_CONCURRENT_PROGRAMS [2018-11-23 11:20:37,230 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2018-11-23 11:20:37,230 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2018-11-23 11:20:37,230 INFO L133 SettingsManager]: * Use SBE=true [2018-11-23 11:20:37,230 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-11-23 11:20:37,230 INFO L133 SettingsManager]: * sizeof long=4 [2018-11-23 11:20:37,231 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-11-23 11:20:37,231 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-11-23 11:20:37,231 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2018-11-23 11:20:37,231 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-11-23 11:20:37,231 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2018-11-23 11:20:37,233 INFO L133 SettingsManager]: * Use bitvectors instead of ints=true [2018-11-23 11:20:37,233 INFO L133 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2018-11-23 11:20:37,233 INFO L133 SettingsManager]: * sizeof long double=12 [2018-11-23 11:20:37,233 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2018-11-23 11:20:37,234 INFO L133 SettingsManager]: * Use constant arrays=true [2018-11-23 11:20:37,235 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2018-11-23 11:20:37,235 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-11-23 11:20:37,235 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-11-23 11:20:37,235 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-11-23 11:20:37,236 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-11-23 11:20:37,236 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:20:37,236 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-11-23 11:20:37,236 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-11-23 11:20:37,236 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-11-23 11:20:37,237 INFO L133 SettingsManager]: * Trace refinement strategy=WOLF [2018-11-23 11:20:37,237 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-11-23 11:20:37,237 INFO L133 SettingsManager]: * Command for external solver=cvc4nyu --tear-down-incremental --rewrite-divk --print-success --lang smt [2018-11-23 11:20:37,237 INFO L133 SettingsManager]: * Logic for external solver=AUFBV [2018-11-23 11:20:37,238 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2018-11-23 11:20:37,292 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-11-23 11:20:37,307 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2018-11-23 11:20:37,312 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2018-11-23 11:20:37,314 INFO L271 PluginConnector]: Initializing CDTParser... [2018-11-23 11:20:37,314 INFO L276 PluginConnector]: CDTParser initialized [2018-11-23 11:20:37,315 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/list-ext3-properties/dll_nullified_false-unreach-call_false-valid-memcleanup.i [2018-11-23 11:20:37,381 INFO L221 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/b3ac0a693/07f1726a25e0466480d4c6f66478d874/FLAG17eec4cb0 [2018-11-23 11:20:37,967 INFO L307 CDTParser]: Found 1 translation units. [2018-11-23 11:20:37,967 INFO L161 CDTParser]: Scanning /storage/repos/ultimate/trunk/examples/svcomp/list-ext3-properties/dll_nullified_false-unreach-call_false-valid-memcleanup.i [2018-11-23 11:20:37,987 INFO L355 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/b3ac0a693/07f1726a25e0466480d4c6f66478d874/FLAG17eec4cb0 [2018-11-23 11:20:38,209 INFO L363 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/b3ac0a693/07f1726a25e0466480d4c6f66478d874 [2018-11-23 11:20:38,220 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-11-23 11:20:38,221 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2018-11-23 11:20:38,223 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-11-23 11:20:38,223 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-11-23 11:20:38,227 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-11-23 11:20:38,229 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:20:38" (1/1) ... [2018-11-23 11:20:38,232 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4fbd9f76 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38, skipping insertion in model container [2018-11-23 11:20:38,232 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:20:38" (1/1) ... [2018-11-23 11:20:38,243 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2018-11-23 11:20:38,297 INFO L176 MainTranslator]: Built tables and reachable declarations [2018-11-23 11:20:38,691 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:20:38,714 INFO L191 MainTranslator]: Completed pre-run [2018-11-23 11:20:38,806 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:20:38,957 INFO L195 MainTranslator]: Completed translation [2018-11-23 11:20:38,958 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38 WrapperNode [2018-11-23 11:20:38,958 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-11-23 11:20:38,959 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2018-11-23 11:20:38,959 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2018-11-23 11:20:38,959 INFO L276 PluginConnector]: Boogie Procedure Inliner initialized [2018-11-23 11:20:38,969 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38" (1/1) ... [2018-11-23 11:20:38,990 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38" (1/1) ... [2018-11-23 11:20:39,000 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2018-11-23 11:20:39,000 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-11-23 11:20:39,000 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-11-23 11:20:39,000 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-11-23 11:20:39,011 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38" (1/1) ... [2018-11-23 11:20:39,012 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38" (1/1) ... [2018-11-23 11:20:39,017 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38" (1/1) ... [2018-11-23 11:20:39,017 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38" (1/1) ... [2018-11-23 11:20:39,037 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38" (1/1) ... [2018-11-23 11:20:39,055 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38" (1/1) ... [2018-11-23 11:20:39,061 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38" (1/1) ... [2018-11-23 11:20:39,067 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-11-23 11:20:39,070 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-11-23 11:20:39,070 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-11-23 11:20:39,070 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-11-23 11:20:39,072 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:20:39,147 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-11-23 11:20:39,147 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE4 [2018-11-23 11:20:39,147 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2018-11-23 11:20:39,148 INFO L138 BoogieDeclarations]: Found implementation of procedure exit [2018-11-23 11:20:39,148 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-11-23 11:20:39,148 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-11-23 11:20:39,148 INFO L130 BoogieDeclarations]: Found specification of procedure main [2018-11-23 11:20:39,148 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2018-11-23 11:20:39,149 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2018-11-23 11:20:39,149 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2018-11-23 11:20:39,149 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2018-11-23 11:20:39,149 INFO L130 BoogieDeclarations]: Found specification of procedure write~intINTTYPE4 [2018-11-23 11:20:39,149 INFO L130 BoogieDeclarations]: Found specification of procedure dll_create [2018-11-23 11:20:39,150 INFO L138 BoogieDeclarations]: Found implementation of procedure dll_create [2018-11-23 11:20:39,150 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-11-23 11:20:39,150 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-11-23 11:20:40,257 INFO L275 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-11-23 11:20:40,258 INFO L280 CfgBuilder]: Removed 3 assue(true) statements. [2018-11-23 11:20:40,258 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:20:40 BoogieIcfgContainer [2018-11-23 11:20:40,258 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-11-23 11:20:40,260 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2018-11-23 11:20:40,260 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2018-11-23 11:20:40,264 INFO L276 PluginConnector]: TraceAbstraction initialized [2018-11-23 11:20:40,264 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 23.11 11:20:38" (1/3) ... [2018-11-23 11:20:40,265 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@561114a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:20:40, skipping insertion in model container [2018-11-23 11:20:40,265 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:20:38" (2/3) ... [2018-11-23 11:20:40,265 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@561114a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:20:40, skipping insertion in model container [2018-11-23 11:20:40,266 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:20:40" (3/3) ... [2018-11-23 11:20:40,268 INFO L112 eAbstractionObserver]: Analyzing ICFG dll_nullified_false-unreach-call_false-valid-memcleanup.i [2018-11-23 11:20:40,281 INFO L156 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2018-11-23 11:20:40,291 INFO L168 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2018-11-23 11:20:40,308 INFO L257 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2018-11-23 11:20:40,339 INFO L133 ementStrategyFactory]: Using default assertion order modulation [2018-11-23 11:20:40,340 INFO L382 AbstractCegarLoop]: Interprodecural is true [2018-11-23 11:20:40,340 INFO L383 AbstractCegarLoop]: Hoare is true [2018-11-23 11:20:40,340 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2018-11-23 11:20:40,340 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2018-11-23 11:20:40,340 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2018-11-23 11:20:40,341 INFO L387 AbstractCegarLoop]: Difference is false [2018-11-23 11:20:40,341 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2018-11-23 11:20:40,341 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2018-11-23 11:20:40,358 INFO L276 IsEmpty]: Start isEmpty. Operand 40 states. [2018-11-23 11:20:40,366 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2018-11-23 11:20:40,366 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:20:40,367 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:20:40,370 INFO L423 AbstractCegarLoop]: === Iteration 1 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:20:40,376 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:20:40,376 INFO L82 PathProgramCache]: Analyzing trace with hash -1907175990, now seen corresponding path program 1 times [2018-11-23 11:20:40,381 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:20:40,381 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:20:40,401 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:20:40,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:20:40,497 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:20:40,503 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:20:40,573 INFO L256 TraceCheckUtils]: 0: Hoare triple {43#true} call ULTIMATE.init(); {43#true} is VALID [2018-11-23 11:20:40,576 INFO L273 TraceCheckUtils]: 1: Hoare triple {43#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {43#true} is VALID [2018-11-23 11:20:40,577 INFO L273 TraceCheckUtils]: 2: Hoare triple {43#true} assume true; {43#true} is VALID [2018-11-23 11:20:40,577 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {43#true} {43#true} #117#return; {43#true} is VALID [2018-11-23 11:20:40,578 INFO L256 TraceCheckUtils]: 4: Hoare triple {43#true} call #t~ret20 := main(); {43#true} is VALID [2018-11-23 11:20:40,578 INFO L273 TraceCheckUtils]: 5: Hoare triple {43#true} ~len~0 := 5bv32; {43#true} is VALID [2018-11-23 11:20:40,578 INFO L256 TraceCheckUtils]: 6: Hoare triple {43#true} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {43#true} is VALID [2018-11-23 11:20:40,578 INFO L273 TraceCheckUtils]: 7: Hoare triple {43#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {43#true} is VALID [2018-11-23 11:20:40,579 INFO L273 TraceCheckUtils]: 8: Hoare triple {43#true} assume !true; {44#false} is VALID [2018-11-23 11:20:40,580 INFO L273 TraceCheckUtils]: 9: Hoare triple {44#false} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {44#false} is VALID [2018-11-23 11:20:40,580 INFO L273 TraceCheckUtils]: 10: Hoare triple {44#false} assume true; {44#false} is VALID [2018-11-23 11:20:40,580 INFO L268 TraceCheckUtils]: 11: Hoare quadruple {44#false} {43#true} #121#return; {44#false} is VALID [2018-11-23 11:20:40,581 INFO L273 TraceCheckUtils]: 12: Hoare triple {44#false} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {44#false} is VALID [2018-11-23 11:20:40,581 INFO L273 TraceCheckUtils]: 13: Hoare triple {44#false} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {44#false} is VALID [2018-11-23 11:20:40,582 INFO L273 TraceCheckUtils]: 14: Hoare triple {44#false} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {44#false} is VALID [2018-11-23 11:20:40,582 INFO L273 TraceCheckUtils]: 15: Hoare triple {44#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {44#false} is VALID [2018-11-23 11:20:40,582 INFO L273 TraceCheckUtils]: 16: Hoare triple {44#false} #t~short11 := #t~short9; {44#false} is VALID [2018-11-23 11:20:40,583 INFO L273 TraceCheckUtils]: 17: Hoare triple {44#false} assume #t~short11; {44#false} is VALID [2018-11-23 11:20:40,583 INFO L273 TraceCheckUtils]: 18: Hoare triple {44#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {44#false} is VALID [2018-11-23 11:20:40,584 INFO L273 TraceCheckUtils]: 19: Hoare triple {44#false} assume !false; {44#false} is VALID [2018-11-23 11:20:40,589 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:20:40,589 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:20:40,595 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:20:40,595 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2018-11-23 11:20:40,600 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 20 [2018-11-23 11:20:40,604 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:20:40,608 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states. [2018-11-23 11:20:40,681 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:20:40,681 INFO L459 AbstractCegarLoop]: Interpolant automaton has 2 states [2018-11-23 11:20:40,689 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2018-11-23 11:20:40,690 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:20:40,693 INFO L87 Difference]: Start difference. First operand 40 states. Second operand 2 states. [2018-11-23 11:20:41,159 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:41,159 INFO L93 Difference]: Finished difference Result 62 states and 85 transitions. [2018-11-23 11:20:41,159 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2018-11-23 11:20:41,159 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 20 [2018-11-23 11:20:41,160 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:20:41,161 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:20:41,178 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 85 transitions. [2018-11-23 11:20:41,178 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:20:41,183 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 85 transitions. [2018-11-23 11:20:41,183 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 85 transitions. [2018-11-23 11:20:41,838 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 85 edges. 85 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:20:41,860 INFO L225 Difference]: With dead ends: 62 [2018-11-23 11:20:41,860 INFO L226 Difference]: Without dead ends: 32 [2018-11-23 11:20:41,868 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 19 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:20:41,889 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 32 states. [2018-11-23 11:20:42,017 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 32 to 32. [2018-11-23 11:20:42,017 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:20:42,019 INFO L82 GeneralOperation]: Start isEquivalent. First operand 32 states. Second operand 32 states. [2018-11-23 11:20:42,020 INFO L74 IsIncluded]: Start isIncluded. First operand 32 states. Second operand 32 states. [2018-11-23 11:20:42,020 INFO L87 Difference]: Start difference. First operand 32 states. Second operand 32 states. [2018-11-23 11:20:42,028 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:42,029 INFO L93 Difference]: Finished difference Result 32 states and 41 transitions. [2018-11-23 11:20:42,029 INFO L276 IsEmpty]: Start isEmpty. Operand 32 states and 41 transitions. [2018-11-23 11:20:42,030 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:20:42,038 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:20:42,038 INFO L74 IsIncluded]: Start isIncluded. First operand 32 states. Second operand 32 states. [2018-11-23 11:20:42,039 INFO L87 Difference]: Start difference. First operand 32 states. Second operand 32 states. [2018-11-23 11:20:42,045 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:42,046 INFO L93 Difference]: Finished difference Result 32 states and 41 transitions. [2018-11-23 11:20:42,046 INFO L276 IsEmpty]: Start isEmpty. Operand 32 states and 41 transitions. [2018-11-23 11:20:42,050 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:20:42,050 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:20:42,050 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:20:42,051 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:20:42,051 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 32 states. [2018-11-23 11:20:42,056 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 32 states to 32 states and 41 transitions. [2018-11-23 11:20:42,058 INFO L78 Accepts]: Start accepts. Automaton has 32 states and 41 transitions. Word has length 20 [2018-11-23 11:20:42,059 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:20:42,059 INFO L480 AbstractCegarLoop]: Abstraction has 32 states and 41 transitions. [2018-11-23 11:20:42,059 INFO L481 AbstractCegarLoop]: Interpolant automaton has 2 states. [2018-11-23 11:20:42,059 INFO L276 IsEmpty]: Start isEmpty. Operand 32 states and 41 transitions. [2018-11-23 11:20:42,060 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2018-11-23 11:20:42,060 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:20:42,061 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:20:42,061 INFO L423 AbstractCegarLoop]: === Iteration 2 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:20:42,061 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:20:42,062 INFO L82 PathProgramCache]: Analyzing trace with hash -968359388, now seen corresponding path program 1 times [2018-11-23 11:20:42,062 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:20:42,062 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:20:42,097 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:20:42,133 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:20:42,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:20:42,153 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:20:42,595 INFO L256 TraceCheckUtils]: 0: Hoare triple {285#true} call ULTIMATE.init(); {285#true} is VALID [2018-11-23 11:20:42,595 INFO L273 TraceCheckUtils]: 1: Hoare triple {285#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {285#true} is VALID [2018-11-23 11:20:42,596 INFO L273 TraceCheckUtils]: 2: Hoare triple {285#true} assume true; {285#true} is VALID [2018-11-23 11:20:42,596 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {285#true} {285#true} #117#return; {285#true} is VALID [2018-11-23 11:20:42,597 INFO L256 TraceCheckUtils]: 4: Hoare triple {285#true} call #t~ret20 := main(); {285#true} is VALID [2018-11-23 11:20:42,615 INFO L273 TraceCheckUtils]: 5: Hoare triple {285#true} ~len~0 := 5bv32; {305#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} is VALID [2018-11-23 11:20:42,615 INFO L256 TraceCheckUtils]: 6: Hoare triple {305#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {285#true} is VALID [2018-11-23 11:20:42,623 INFO L273 TraceCheckUtils]: 7: Hoare triple {285#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {312#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:42,624 INFO L273 TraceCheckUtils]: 8: Hoare triple {312#(= dll_create_~len |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {316#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} is VALID [2018-11-23 11:20:42,628 INFO L273 TraceCheckUtils]: 9: Hoare triple {316#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {316#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} is VALID [2018-11-23 11:20:42,628 INFO L273 TraceCheckUtils]: 10: Hoare triple {316#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} assume true; {316#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} is VALID [2018-11-23 11:20:42,630 INFO L268 TraceCheckUtils]: 11: Hoare quadruple {316#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} {305#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} #121#return; {286#false} is VALID [2018-11-23 11:20:42,630 INFO L273 TraceCheckUtils]: 12: Hoare triple {286#false} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {286#false} is VALID [2018-11-23 11:20:42,630 INFO L273 TraceCheckUtils]: 13: Hoare triple {286#false} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {286#false} is VALID [2018-11-23 11:20:42,630 INFO L273 TraceCheckUtils]: 14: Hoare triple {286#false} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {286#false} is VALID [2018-11-23 11:20:42,631 INFO L273 TraceCheckUtils]: 15: Hoare triple {286#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {286#false} is VALID [2018-11-23 11:20:42,631 INFO L273 TraceCheckUtils]: 16: Hoare triple {286#false} #t~short11 := #t~short9; {286#false} is VALID [2018-11-23 11:20:42,631 INFO L273 TraceCheckUtils]: 17: Hoare triple {286#false} assume #t~short11; {286#false} is VALID [2018-11-23 11:20:42,632 INFO L273 TraceCheckUtils]: 18: Hoare triple {286#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {286#false} is VALID [2018-11-23 11:20:42,632 INFO L273 TraceCheckUtils]: 19: Hoare triple {286#false} assume !false; {286#false} is VALID [2018-11-23 11:20:42,635 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:20:42,635 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:20:42,639 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:20:42,639 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2018-11-23 11:20:42,644 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 20 [2018-11-23 11:20:42,645 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:20:42,645 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2018-11-23 11:20:42,731 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:20:42,731 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2018-11-23 11:20:42,732 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2018-11-23 11:20:42,732 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2018-11-23 11:20:42,732 INFO L87 Difference]: Start difference. First operand 32 states and 41 transitions. Second operand 5 states. [2018-11-23 11:20:44,404 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:44,404 INFO L93 Difference]: Finished difference Result 56 states and 74 transitions. [2018-11-23 11:20:44,405 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2018-11-23 11:20:44,405 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 20 [2018-11-23 11:20:44,405 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:20:44,405 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2018-11-23 11:20:44,409 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 74 transitions. [2018-11-23 11:20:44,410 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2018-11-23 11:20:44,413 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 74 transitions. [2018-11-23 11:20:44,413 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 74 transitions. [2018-11-23 11:20:44,642 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 74 edges. 74 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:20:44,646 INFO L225 Difference]: With dead ends: 56 [2018-11-23 11:20:44,646 INFO L226 Difference]: Without dead ends: 39 [2018-11-23 11:20:44,647 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 16 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2018-11-23 11:20:44,648 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 39 states. [2018-11-23 11:20:44,663 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 39 to 33. [2018-11-23 11:20:44,663 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:20:44,664 INFO L82 GeneralOperation]: Start isEquivalent. First operand 39 states. Second operand 33 states. [2018-11-23 11:20:44,664 INFO L74 IsIncluded]: Start isIncluded. First operand 39 states. Second operand 33 states. [2018-11-23 11:20:44,664 INFO L87 Difference]: Start difference. First operand 39 states. Second operand 33 states. [2018-11-23 11:20:44,668 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:44,668 INFO L93 Difference]: Finished difference Result 39 states and 50 transitions. [2018-11-23 11:20:44,669 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 50 transitions. [2018-11-23 11:20:44,669 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:20:44,670 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:20:44,670 INFO L74 IsIncluded]: Start isIncluded. First operand 33 states. Second operand 39 states. [2018-11-23 11:20:44,670 INFO L87 Difference]: Start difference. First operand 33 states. Second operand 39 states. [2018-11-23 11:20:44,673 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:44,673 INFO L93 Difference]: Finished difference Result 39 states and 50 transitions. [2018-11-23 11:20:44,673 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 50 transitions. [2018-11-23 11:20:44,674 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:20:44,674 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:20:44,674 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:20:44,675 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:20:44,675 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 33 states. [2018-11-23 11:20:44,677 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 33 states to 33 states and 42 transitions. [2018-11-23 11:20:44,677 INFO L78 Accepts]: Start accepts. Automaton has 33 states and 42 transitions. Word has length 20 [2018-11-23 11:20:44,677 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:20:44,677 INFO L480 AbstractCegarLoop]: Abstraction has 33 states and 42 transitions. [2018-11-23 11:20:44,678 INFO L481 AbstractCegarLoop]: Interpolant automaton has 5 states. [2018-11-23 11:20:44,678 INFO L276 IsEmpty]: Start isEmpty. Operand 33 states and 42 transitions. [2018-11-23 11:20:44,679 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 28 [2018-11-23 11:20:44,679 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:20:44,679 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:20:44,679 INFO L423 AbstractCegarLoop]: === Iteration 3 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:20:44,680 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:20:44,680 INFO L82 PathProgramCache]: Analyzing trace with hash 638407916, now seen corresponding path program 1 times [2018-11-23 11:20:44,681 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:20:44,681 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:20:44,702 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:20:44,743 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:20:44,764 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:20:44,766 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:20:44,851 INFO L256 TraceCheckUtils]: 0: Hoare triple {540#true} call ULTIMATE.init(); {540#true} is VALID [2018-11-23 11:20:44,852 INFO L273 TraceCheckUtils]: 1: Hoare triple {540#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {540#true} is VALID [2018-11-23 11:20:44,852 INFO L273 TraceCheckUtils]: 2: Hoare triple {540#true} assume true; {540#true} is VALID [2018-11-23 11:20:44,852 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {540#true} {540#true} #117#return; {540#true} is VALID [2018-11-23 11:20:44,853 INFO L256 TraceCheckUtils]: 4: Hoare triple {540#true} call #t~ret20 := main(); {540#true} is VALID [2018-11-23 11:20:44,853 INFO L273 TraceCheckUtils]: 5: Hoare triple {540#true} ~len~0 := 5bv32; {540#true} is VALID [2018-11-23 11:20:44,853 INFO L256 TraceCheckUtils]: 6: Hoare triple {540#true} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {540#true} is VALID [2018-11-23 11:20:44,854 INFO L273 TraceCheckUtils]: 7: Hoare triple {540#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:20:44,856 INFO L273 TraceCheckUtils]: 8: Hoare triple {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:20:44,856 INFO L273 TraceCheckUtils]: 9: Hoare triple {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:20:44,858 INFO L273 TraceCheckUtils]: 10: Hoare triple {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:20:44,863 INFO L273 TraceCheckUtils]: 11: Hoare triple {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:20:44,865 INFO L273 TraceCheckUtils]: 12: Hoare triple {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:20:44,867 INFO L273 TraceCheckUtils]: 13: Hoare triple {566#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {541#false} is VALID [2018-11-23 11:20:44,867 INFO L273 TraceCheckUtils]: 14: Hoare triple {541#false} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {541#false} is VALID [2018-11-23 11:20:44,868 INFO L273 TraceCheckUtils]: 15: Hoare triple {541#false} assume !~bvsgt32(~len, 0bv32); {541#false} is VALID [2018-11-23 11:20:44,868 INFO L273 TraceCheckUtils]: 16: Hoare triple {541#false} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {541#false} is VALID [2018-11-23 11:20:44,868 INFO L273 TraceCheckUtils]: 17: Hoare triple {541#false} assume true; {541#false} is VALID [2018-11-23 11:20:44,868 INFO L268 TraceCheckUtils]: 18: Hoare quadruple {541#false} {540#true} #121#return; {541#false} is VALID [2018-11-23 11:20:44,868 INFO L273 TraceCheckUtils]: 19: Hoare triple {541#false} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {541#false} is VALID [2018-11-23 11:20:44,869 INFO L273 TraceCheckUtils]: 20: Hoare triple {541#false} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {541#false} is VALID [2018-11-23 11:20:44,869 INFO L273 TraceCheckUtils]: 21: Hoare triple {541#false} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {541#false} is VALID [2018-11-23 11:20:44,869 INFO L273 TraceCheckUtils]: 22: Hoare triple {541#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {541#false} is VALID [2018-11-23 11:20:44,870 INFO L273 TraceCheckUtils]: 23: Hoare triple {541#false} #t~short11 := #t~short9; {541#false} is VALID [2018-11-23 11:20:44,870 INFO L273 TraceCheckUtils]: 24: Hoare triple {541#false} assume #t~short11; {541#false} is VALID [2018-11-23 11:20:44,870 INFO L273 TraceCheckUtils]: 25: Hoare triple {541#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {541#false} is VALID [2018-11-23 11:20:44,871 INFO L273 TraceCheckUtils]: 26: Hoare triple {541#false} assume !false; {541#false} is VALID [2018-11-23 11:20:44,873 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:20:44,873 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:20:44,875 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:20:44,875 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2018-11-23 11:20:44,875 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 27 [2018-11-23 11:20:44,876 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:20:44,876 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2018-11-23 11:20:45,036 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 27 edges. 27 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:20:45,037 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2018-11-23 11:20:45,037 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2018-11-23 11:20:45,037 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:20:45,038 INFO L87 Difference]: Start difference. First operand 33 states and 42 transitions. Second operand 3 states. [2018-11-23 11:20:45,781 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:45,781 INFO L93 Difference]: Finished difference Result 63 states and 83 transitions. [2018-11-23 11:20:45,782 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2018-11-23 11:20:45,782 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 27 [2018-11-23 11:20:45,782 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:20:45,782 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:20:45,786 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 83 transitions. [2018-11-23 11:20:45,786 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:20:45,789 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 83 transitions. [2018-11-23 11:20:45,789 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 83 transitions. [2018-11-23 11:20:45,929 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 83 edges. 83 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:20:45,931 INFO L225 Difference]: With dead ends: 63 [2018-11-23 11:20:45,931 INFO L226 Difference]: Without dead ends: 39 [2018-11-23 11:20:45,932 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 26 GetRequests, 25 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:20:45,932 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 39 states. [2018-11-23 11:20:45,956 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 39 to 38. [2018-11-23 11:20:45,956 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:20:45,957 INFO L82 GeneralOperation]: Start isEquivalent. First operand 39 states. Second operand 38 states. [2018-11-23 11:20:45,957 INFO L74 IsIncluded]: Start isIncluded. First operand 39 states. Second operand 38 states. [2018-11-23 11:20:45,957 INFO L87 Difference]: Start difference. First operand 39 states. Second operand 38 states. [2018-11-23 11:20:45,960 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:45,960 INFO L93 Difference]: Finished difference Result 39 states and 49 transitions. [2018-11-23 11:20:45,961 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 49 transitions. [2018-11-23 11:20:45,961 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:20:45,961 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:20:45,962 INFO L74 IsIncluded]: Start isIncluded. First operand 38 states. Second operand 39 states. [2018-11-23 11:20:45,962 INFO L87 Difference]: Start difference. First operand 38 states. Second operand 39 states. [2018-11-23 11:20:45,964 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:45,965 INFO L93 Difference]: Finished difference Result 39 states and 49 transitions. [2018-11-23 11:20:45,965 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 49 transitions. [2018-11-23 11:20:45,966 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:20:45,966 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:20:45,966 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:20:45,966 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:20:45,966 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 38 states. [2018-11-23 11:20:45,968 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 38 states to 38 states and 48 transitions. [2018-11-23 11:20:45,969 INFO L78 Accepts]: Start accepts. Automaton has 38 states and 48 transitions. Word has length 27 [2018-11-23 11:20:45,969 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:20:45,969 INFO L480 AbstractCegarLoop]: Abstraction has 38 states and 48 transitions. [2018-11-23 11:20:45,969 INFO L481 AbstractCegarLoop]: Interpolant automaton has 3 states. [2018-11-23 11:20:45,969 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states and 48 transitions. [2018-11-23 11:20:45,970 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 28 [2018-11-23 11:20:45,970 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:20:45,971 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:20:45,971 INFO L423 AbstractCegarLoop]: === Iteration 4 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:20:45,971 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:20:45,971 INFO L82 PathProgramCache]: Analyzing trace with hash -372709334, now seen corresponding path program 1 times [2018-11-23 11:20:45,972 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:20:45,972 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:20:46,003 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:20:46,057 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:20:46,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:20:46,076 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:20:46,192 INFO L256 TraceCheckUtils]: 0: Hoare triple {825#true} call ULTIMATE.init(); {825#true} is VALID [2018-11-23 11:20:46,192 INFO L273 TraceCheckUtils]: 1: Hoare triple {825#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {825#true} is VALID [2018-11-23 11:20:46,193 INFO L273 TraceCheckUtils]: 2: Hoare triple {825#true} assume true; {825#true} is VALID [2018-11-23 11:20:46,193 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {825#true} {825#true} #117#return; {825#true} is VALID [2018-11-23 11:20:46,193 INFO L256 TraceCheckUtils]: 4: Hoare triple {825#true} call #t~ret20 := main(); {825#true} is VALID [2018-11-23 11:20:46,194 INFO L273 TraceCheckUtils]: 5: Hoare triple {825#true} ~len~0 := 5bv32; {845#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} is VALID [2018-11-23 11:20:46,194 INFO L256 TraceCheckUtils]: 6: Hoare triple {845#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {825#true} is VALID [2018-11-23 11:20:46,195 INFO L273 TraceCheckUtils]: 7: Hoare triple {825#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {852#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:46,195 INFO L273 TraceCheckUtils]: 8: Hoare triple {852#(= dll_create_~len |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {852#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:46,196 INFO L273 TraceCheckUtils]: 9: Hoare triple {852#(= dll_create_~len |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {852#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:46,197 INFO L273 TraceCheckUtils]: 10: Hoare triple {852#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {852#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:46,198 INFO L273 TraceCheckUtils]: 11: Hoare triple {852#(= dll_create_~len |dll_create_#in~len|)} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {852#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:46,198 INFO L273 TraceCheckUtils]: 12: Hoare triple {852#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {852#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:46,199 INFO L273 TraceCheckUtils]: 13: Hoare triple {852#(= dll_create_~len |dll_create_#in~len|)} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {852#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:46,211 INFO L273 TraceCheckUtils]: 14: Hoare triple {852#(= dll_create_~len |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {874#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:46,212 INFO L273 TraceCheckUtils]: 15: Hoare triple {874#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:46,212 INFO L273 TraceCheckUtils]: 16: Hoare triple {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:46,213 INFO L273 TraceCheckUtils]: 17: Hoare triple {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} assume true; {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:46,216 INFO L268 TraceCheckUtils]: 18: Hoare quadruple {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} {845#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} #121#return; {826#false} is VALID [2018-11-23 11:20:46,216 INFO L273 TraceCheckUtils]: 19: Hoare triple {826#false} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {826#false} is VALID [2018-11-23 11:20:46,217 INFO L273 TraceCheckUtils]: 20: Hoare triple {826#false} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {826#false} is VALID [2018-11-23 11:20:46,217 INFO L273 TraceCheckUtils]: 21: Hoare triple {826#false} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {826#false} is VALID [2018-11-23 11:20:46,218 INFO L273 TraceCheckUtils]: 22: Hoare triple {826#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {826#false} is VALID [2018-11-23 11:20:46,218 INFO L273 TraceCheckUtils]: 23: Hoare triple {826#false} #t~short11 := #t~short9; {826#false} is VALID [2018-11-23 11:20:46,218 INFO L273 TraceCheckUtils]: 24: Hoare triple {826#false} assume #t~short11; {826#false} is VALID [2018-11-23 11:20:46,218 INFO L273 TraceCheckUtils]: 25: Hoare triple {826#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {826#false} is VALID [2018-11-23 11:20:46,219 INFO L273 TraceCheckUtils]: 26: Hoare triple {826#false} assume !false; {826#false} is VALID [2018-11-23 11:20:46,220 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:20:46,220 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:20:46,587 INFO L273 TraceCheckUtils]: 26: Hoare triple {826#false} assume !false; {826#false} is VALID [2018-11-23 11:20:46,588 INFO L273 TraceCheckUtils]: 25: Hoare triple {826#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {826#false} is VALID [2018-11-23 11:20:46,588 INFO L273 TraceCheckUtils]: 24: Hoare triple {826#false} assume #t~short11; {826#false} is VALID [2018-11-23 11:20:46,588 INFO L273 TraceCheckUtils]: 23: Hoare triple {826#false} #t~short11 := #t~short9; {826#false} is VALID [2018-11-23 11:20:46,588 INFO L273 TraceCheckUtils]: 22: Hoare triple {826#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {826#false} is VALID [2018-11-23 11:20:46,589 INFO L273 TraceCheckUtils]: 21: Hoare triple {826#false} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {826#false} is VALID [2018-11-23 11:20:46,589 INFO L273 TraceCheckUtils]: 20: Hoare triple {826#false} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {826#false} is VALID [2018-11-23 11:20:46,589 INFO L273 TraceCheckUtils]: 19: Hoare triple {826#false} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {826#false} is VALID [2018-11-23 11:20:46,600 INFO L268 TraceCheckUtils]: 18: Hoare quadruple {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} {936#(bvsgt (bvadd main_~len~0 (_ bv4294967295 32)) (_ bv0 32))} #121#return; {826#false} is VALID [2018-11-23 11:20:46,601 INFO L273 TraceCheckUtils]: 17: Hoare triple {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} assume true; {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:46,602 INFO L273 TraceCheckUtils]: 16: Hoare triple {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:46,607 INFO L273 TraceCheckUtils]: 15: Hoare triple {949#(or (bvsgt dll_create_~len (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !~bvsgt32(~len, 0bv32); {878#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:46,609 INFO L273 TraceCheckUtils]: 14: Hoare triple {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {949#(or (bvsgt dll_create_~len (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:20:46,627 INFO L273 TraceCheckUtils]: 13: Hoare triple {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:20:46,643 INFO L273 TraceCheckUtils]: 12: Hoare triple {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:20:46,658 INFO L273 TraceCheckUtils]: 11: Hoare triple {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:20:46,672 INFO L273 TraceCheckUtils]: 10: Hoare triple {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:20:46,677 INFO L273 TraceCheckUtils]: 9: Hoare triple {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:20:46,677 INFO L273 TraceCheckUtils]: 8: Hoare triple {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:20:46,679 INFO L273 TraceCheckUtils]: 7: Hoare triple {825#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {953#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:20:46,679 INFO L256 TraceCheckUtils]: 6: Hoare triple {936#(bvsgt (bvadd main_~len~0 (_ bv4294967295 32)) (_ bv0 32))} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {825#true} is VALID [2018-11-23 11:20:46,680 INFO L273 TraceCheckUtils]: 5: Hoare triple {825#true} ~len~0 := 5bv32; {936#(bvsgt (bvadd main_~len~0 (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:20:46,680 INFO L256 TraceCheckUtils]: 4: Hoare triple {825#true} call #t~ret20 := main(); {825#true} is VALID [2018-11-23 11:20:46,680 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {825#true} {825#true} #117#return; {825#true} is VALID [2018-11-23 11:20:46,680 INFO L273 TraceCheckUtils]: 2: Hoare triple {825#true} assume true; {825#true} is VALID [2018-11-23 11:20:46,681 INFO L273 TraceCheckUtils]: 1: Hoare triple {825#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {825#true} is VALID [2018-11-23 11:20:46,681 INFO L256 TraceCheckUtils]: 0: Hoare triple {825#true} call ULTIMATE.init(); {825#true} is VALID [2018-11-23 11:20:46,689 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:20:46,700 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:20:46,701 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 6] total 9 [2018-11-23 11:20:46,701 INFO L78 Accepts]: Start accepts. Automaton has 9 states. Word has length 27 [2018-11-23 11:20:46,702 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:20:46,702 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states. [2018-11-23 11:20:46,825 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:20:46,825 INFO L459 AbstractCegarLoop]: Interpolant automaton has 9 states [2018-11-23 11:20:46,825 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2018-11-23 11:20:46,826 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=52, Unknown=0, NotChecked=0, Total=72 [2018-11-23 11:20:46,826 INFO L87 Difference]: Start difference. First operand 38 states and 48 transitions. Second operand 9 states. [2018-11-23 11:20:48,385 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:48,386 INFO L93 Difference]: Finished difference Result 63 states and 82 transitions. [2018-11-23 11:20:48,386 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2018-11-23 11:20:48,386 INFO L78 Accepts]: Start accepts. Automaton has 9 states. Word has length 27 [2018-11-23 11:20:48,386 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:20:48,386 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 9 states. [2018-11-23 11:20:48,389 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 82 transitions. [2018-11-23 11:20:48,389 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 9 states. [2018-11-23 11:20:48,391 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 82 transitions. [2018-11-23 11:20:48,391 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 82 transitions. [2018-11-23 11:20:48,571 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 82 edges. 82 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:20:48,573 INFO L225 Difference]: With dead ends: 63 [2018-11-23 11:20:48,573 INFO L226 Difference]: Without dead ends: 46 [2018-11-23 11:20:48,574 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 55 GetRequests, 46 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=31, Invalid=79, Unknown=0, NotChecked=0, Total=110 [2018-11-23 11:20:48,574 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 46 states. [2018-11-23 11:20:48,637 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 46 to 40. [2018-11-23 11:20:48,638 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:20:48,638 INFO L82 GeneralOperation]: Start isEquivalent. First operand 46 states. Second operand 40 states. [2018-11-23 11:20:48,638 INFO L74 IsIncluded]: Start isIncluded. First operand 46 states. Second operand 40 states. [2018-11-23 11:20:48,638 INFO L87 Difference]: Start difference. First operand 46 states. Second operand 40 states. [2018-11-23 11:20:48,641 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:48,642 INFO L93 Difference]: Finished difference Result 46 states and 58 transitions. [2018-11-23 11:20:48,642 INFO L276 IsEmpty]: Start isEmpty. Operand 46 states and 58 transitions. [2018-11-23 11:20:48,642 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:20:48,643 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:20:48,643 INFO L74 IsIncluded]: Start isIncluded. First operand 40 states. Second operand 46 states. [2018-11-23 11:20:48,643 INFO L87 Difference]: Start difference. First operand 40 states. Second operand 46 states. [2018-11-23 11:20:48,647 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:48,647 INFO L93 Difference]: Finished difference Result 46 states and 58 transitions. [2018-11-23 11:20:48,647 INFO L276 IsEmpty]: Start isEmpty. Operand 46 states and 58 transitions. [2018-11-23 11:20:48,648 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:20:48,648 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:20:48,648 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:20:48,649 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:20:48,649 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 40 states. [2018-11-23 11:20:48,651 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 40 states to 40 states and 50 transitions. [2018-11-23 11:20:48,651 INFO L78 Accepts]: Start accepts. Automaton has 40 states and 50 transitions. Word has length 27 [2018-11-23 11:20:48,651 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:20:48,651 INFO L480 AbstractCegarLoop]: Abstraction has 40 states and 50 transitions. [2018-11-23 11:20:48,652 INFO L481 AbstractCegarLoop]: Interpolant automaton has 9 states. [2018-11-23 11:20:48,652 INFO L276 IsEmpty]: Start isEmpty. Operand 40 states and 50 transitions. [2018-11-23 11:20:48,653 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 35 [2018-11-23 11:20:48,653 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:20:48,653 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:20:48,653 INFO L423 AbstractCegarLoop]: === Iteration 5 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:20:48,654 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:20:48,654 INFO L82 PathProgramCache]: Analyzing trace with hash -802898906, now seen corresponding path program 1 times [2018-11-23 11:20:48,654 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:20:48,654 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:20:48,679 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:20:48,747 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:20:48,771 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:20:48,773 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:20:48,926 INFO L256 TraceCheckUtils]: 0: Hoare triple {1218#true} call ULTIMATE.init(); {1218#true} is VALID [2018-11-23 11:20:48,927 INFO L273 TraceCheckUtils]: 1: Hoare triple {1218#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1218#true} is VALID [2018-11-23 11:20:48,928 INFO L273 TraceCheckUtils]: 2: Hoare triple {1218#true} assume true; {1218#true} is VALID [2018-11-23 11:20:48,928 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1218#true} {1218#true} #117#return; {1218#true} is VALID [2018-11-23 11:20:48,929 INFO L256 TraceCheckUtils]: 4: Hoare triple {1218#true} call #t~ret20 := main(); {1218#true} is VALID [2018-11-23 11:20:48,930 INFO L273 TraceCheckUtils]: 5: Hoare triple {1218#true} ~len~0 := 5bv32; {1238#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} is VALID [2018-11-23 11:20:48,930 INFO L256 TraceCheckUtils]: 6: Hoare triple {1238#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {1218#true} is VALID [2018-11-23 11:20:48,934 INFO L273 TraceCheckUtils]: 7: Hoare triple {1218#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1245#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,934 INFO L273 TraceCheckUtils]: 8: Hoare triple {1245#(= dll_create_~len |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1245#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,935 INFO L273 TraceCheckUtils]: 9: Hoare triple {1245#(= dll_create_~len |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1245#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,935 INFO L273 TraceCheckUtils]: 10: Hoare triple {1245#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1245#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,935 INFO L273 TraceCheckUtils]: 11: Hoare triple {1245#(= dll_create_~len |dll_create_#in~len|)} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {1245#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,936 INFO L273 TraceCheckUtils]: 12: Hoare triple {1245#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1245#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,936 INFO L273 TraceCheckUtils]: 13: Hoare triple {1245#(= dll_create_~len |dll_create_#in~len|)} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1245#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,937 INFO L273 TraceCheckUtils]: 14: Hoare triple {1245#(= dll_create_~len |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,937 INFO L273 TraceCheckUtils]: 15: Hoare triple {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,938 INFO L273 TraceCheckUtils]: 16: Hoare triple {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,939 INFO L273 TraceCheckUtils]: 17: Hoare triple {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,939 INFO L273 TraceCheckUtils]: 18: Hoare triple {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,940 INFO L273 TraceCheckUtils]: 19: Hoare triple {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,941 INFO L273 TraceCheckUtils]: 20: Hoare triple {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,965 INFO L273 TraceCheckUtils]: 21: Hoare triple {1267#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {1289#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:48,966 INFO L273 TraceCheckUtils]: 22: Hoare triple {1289#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:48,967 INFO L273 TraceCheckUtils]: 23: Hoare triple {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:48,968 INFO L273 TraceCheckUtils]: 24: Hoare triple {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} assume true; {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:48,970 INFO L268 TraceCheckUtils]: 25: Hoare quadruple {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} {1238#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} #121#return; {1219#false} is VALID [2018-11-23 11:20:48,971 INFO L273 TraceCheckUtils]: 26: Hoare triple {1219#false} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {1219#false} is VALID [2018-11-23 11:20:48,971 INFO L273 TraceCheckUtils]: 27: Hoare triple {1219#false} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {1219#false} is VALID [2018-11-23 11:20:48,972 INFO L273 TraceCheckUtils]: 28: Hoare triple {1219#false} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {1219#false} is VALID [2018-11-23 11:20:48,972 INFO L273 TraceCheckUtils]: 29: Hoare triple {1219#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {1219#false} is VALID [2018-11-23 11:20:48,972 INFO L273 TraceCheckUtils]: 30: Hoare triple {1219#false} #t~short11 := #t~short9; {1219#false} is VALID [2018-11-23 11:20:48,973 INFO L273 TraceCheckUtils]: 31: Hoare triple {1219#false} assume #t~short11; {1219#false} is VALID [2018-11-23 11:20:48,973 INFO L273 TraceCheckUtils]: 32: Hoare triple {1219#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {1219#false} is VALID [2018-11-23 11:20:48,973 INFO L273 TraceCheckUtils]: 33: Hoare triple {1219#false} assume !false; {1219#false} is VALID [2018-11-23 11:20:48,976 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 0 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:20:48,977 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:20:49,411 INFO L273 TraceCheckUtils]: 33: Hoare triple {1219#false} assume !false; {1219#false} is VALID [2018-11-23 11:20:49,411 INFO L273 TraceCheckUtils]: 32: Hoare triple {1219#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {1219#false} is VALID [2018-11-23 11:20:49,411 INFO L273 TraceCheckUtils]: 31: Hoare triple {1219#false} assume #t~short11; {1219#false} is VALID [2018-11-23 11:20:49,412 INFO L273 TraceCheckUtils]: 30: Hoare triple {1219#false} #t~short11 := #t~short9; {1219#false} is VALID [2018-11-23 11:20:49,412 INFO L273 TraceCheckUtils]: 29: Hoare triple {1219#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {1219#false} is VALID [2018-11-23 11:20:49,412 INFO L273 TraceCheckUtils]: 28: Hoare triple {1219#false} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {1219#false} is VALID [2018-11-23 11:20:49,412 INFO L273 TraceCheckUtils]: 27: Hoare triple {1219#false} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {1219#false} is VALID [2018-11-23 11:20:49,413 INFO L273 TraceCheckUtils]: 26: Hoare triple {1219#false} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {1219#false} is VALID [2018-11-23 11:20:49,414 INFO L268 TraceCheckUtils]: 25: Hoare quadruple {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} {1351#(bvsgt (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} #121#return; {1219#false} is VALID [2018-11-23 11:20:49,414 INFO L273 TraceCheckUtils]: 24: Hoare triple {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} assume true; {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,415 INFO L273 TraceCheckUtils]: 23: Hoare triple {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,415 INFO L273 TraceCheckUtils]: 22: Hoare triple {1364#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} assume !~bvsgt32(~len, 0bv32); {1293#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,418 INFO L273 TraceCheckUtils]: 21: Hoare triple {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {1364#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} is VALID [2018-11-23 11:20:49,419 INFO L273 TraceCheckUtils]: 20: Hoare triple {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,419 INFO L273 TraceCheckUtils]: 19: Hoare triple {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,420 INFO L273 TraceCheckUtils]: 18: Hoare triple {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,420 INFO L273 TraceCheckUtils]: 17: Hoare triple {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,421 INFO L273 TraceCheckUtils]: 16: Hoare triple {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,422 INFO L273 TraceCheckUtils]: 15: Hoare triple {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,429 INFO L273 TraceCheckUtils]: 14: Hoare triple {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {1368#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,429 INFO L273 TraceCheckUtils]: 13: Hoare triple {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,430 INFO L273 TraceCheckUtils]: 12: Hoare triple {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,430 INFO L273 TraceCheckUtils]: 11: Hoare triple {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,431 INFO L273 TraceCheckUtils]: 10: Hoare triple {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,431 INFO L273 TraceCheckUtils]: 9: Hoare triple {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,432 INFO L273 TraceCheckUtils]: 8: Hoare triple {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,432 INFO L273 TraceCheckUtils]: 7: Hoare triple {1218#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1390#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:49,433 INFO L256 TraceCheckUtils]: 6: Hoare triple {1351#(bvsgt (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {1218#true} is VALID [2018-11-23 11:20:49,433 INFO L273 TraceCheckUtils]: 5: Hoare triple {1218#true} ~len~0 := 5bv32; {1351#(bvsgt (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} is VALID [2018-11-23 11:20:49,434 INFO L256 TraceCheckUtils]: 4: Hoare triple {1218#true} call #t~ret20 := main(); {1218#true} is VALID [2018-11-23 11:20:49,434 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1218#true} {1218#true} #117#return; {1218#true} is VALID [2018-11-23 11:20:49,435 INFO L273 TraceCheckUtils]: 2: Hoare triple {1218#true} assume true; {1218#true} is VALID [2018-11-23 11:20:49,435 INFO L273 TraceCheckUtils]: 1: Hoare triple {1218#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1218#true} is VALID [2018-11-23 11:20:49,435 INFO L256 TraceCheckUtils]: 0: Hoare triple {1218#true} call ULTIMATE.init(); {1218#true} is VALID [2018-11-23 11:20:49,439 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 0 proven. 9 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:20:49,441 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:20:49,441 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 7] total 11 [2018-11-23 11:20:49,441 INFO L78 Accepts]: Start accepts. Automaton has 11 states. Word has length 34 [2018-11-23 11:20:49,442 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:20:49,442 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states. [2018-11-23 11:20:49,607 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 53 edges. 53 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:20:49,607 INFO L459 AbstractCegarLoop]: Interpolant automaton has 11 states [2018-11-23 11:20:49,607 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2018-11-23 11:20:49,607 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=26, Invalid=84, Unknown=0, NotChecked=0, Total=110 [2018-11-23 11:20:49,608 INFO L87 Difference]: Start difference. First operand 40 states and 50 transitions. Second operand 11 states. [2018-11-23 11:20:53,735 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:53,736 INFO L93 Difference]: Finished difference Result 70 states and 91 transitions. [2018-11-23 11:20:53,736 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2018-11-23 11:20:53,736 INFO L78 Accepts]: Start accepts. Automaton has 11 states. Word has length 34 [2018-11-23 11:20:53,737 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:20:53,737 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2018-11-23 11:20:53,740 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 91 transitions. [2018-11-23 11:20:53,740 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2018-11-23 11:20:53,743 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 91 transitions. [2018-11-23 11:20:53,743 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 91 transitions. [2018-11-23 11:20:54,018 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 91 edges. 91 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:20:54,020 INFO L225 Difference]: With dead ends: 70 [2018-11-23 11:20:54,021 INFO L226 Difference]: Without dead ends: 53 [2018-11-23 11:20:54,021 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 70 GetRequests, 58 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=44, Invalid=138, Unknown=0, NotChecked=0, Total=182 [2018-11-23 11:20:54,022 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 53 states. [2018-11-23 11:20:54,051 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 53 to 47. [2018-11-23 11:20:54,051 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:20:54,051 INFO L82 GeneralOperation]: Start isEquivalent. First operand 53 states. Second operand 47 states. [2018-11-23 11:20:54,051 INFO L74 IsIncluded]: Start isIncluded. First operand 53 states. Second operand 47 states. [2018-11-23 11:20:54,051 INFO L87 Difference]: Start difference. First operand 53 states. Second operand 47 states. [2018-11-23 11:20:54,054 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:54,054 INFO L93 Difference]: Finished difference Result 53 states and 67 transitions. [2018-11-23 11:20:54,055 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 67 transitions. [2018-11-23 11:20:54,055 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:20:54,055 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:20:54,056 INFO L74 IsIncluded]: Start isIncluded. First operand 47 states. Second operand 53 states. [2018-11-23 11:20:54,056 INFO L87 Difference]: Start difference. First operand 47 states. Second operand 53 states. [2018-11-23 11:20:54,058 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:20:54,059 INFO L93 Difference]: Finished difference Result 53 states and 67 transitions. [2018-11-23 11:20:54,059 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 67 transitions. [2018-11-23 11:20:54,059 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:20:54,060 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:20:54,060 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:20:54,060 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:20:54,060 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 47 states. [2018-11-23 11:20:54,062 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 47 states to 47 states and 59 transitions. [2018-11-23 11:20:54,062 INFO L78 Accepts]: Start accepts. Automaton has 47 states and 59 transitions. Word has length 34 [2018-11-23 11:20:54,063 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:20:54,063 INFO L480 AbstractCegarLoop]: Abstraction has 47 states and 59 transitions. [2018-11-23 11:20:54,063 INFO L481 AbstractCegarLoop]: Interpolant automaton has 11 states. [2018-11-23 11:20:54,063 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 59 transitions. [2018-11-23 11:20:54,064 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2018-11-23 11:20:54,064 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:20:54,064 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:20:54,065 INFO L423 AbstractCegarLoop]: === Iteration 6 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:20:54,065 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:20:54,065 INFO L82 PathProgramCache]: Analyzing trace with hash -150096726, now seen corresponding path program 2 times [2018-11-23 11:20:54,066 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:20:54,066 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:20:54,093 INFO L101 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2018-11-23 11:20:54,213 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2018-11-23 11:20:54,213 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-11-23 11:20:54,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:20:54,250 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:20:54,696 INFO L256 TraceCheckUtils]: 0: Hoare triple {1687#true} call ULTIMATE.init(); {1687#true} is VALID [2018-11-23 11:20:54,697 INFO L273 TraceCheckUtils]: 1: Hoare triple {1687#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1687#true} is VALID [2018-11-23 11:20:54,697 INFO L273 TraceCheckUtils]: 2: Hoare triple {1687#true} assume true; {1687#true} is VALID [2018-11-23 11:20:54,697 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1687#true} {1687#true} #117#return; {1687#true} is VALID [2018-11-23 11:20:54,697 INFO L256 TraceCheckUtils]: 4: Hoare triple {1687#true} call #t~ret20 := main(); {1687#true} is VALID [2018-11-23 11:20:54,698 INFO L273 TraceCheckUtils]: 5: Hoare triple {1687#true} ~len~0 := 5bv32; {1707#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} is VALID [2018-11-23 11:20:54,698 INFO L256 TraceCheckUtils]: 6: Hoare triple {1707#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {1687#true} is VALID [2018-11-23 11:20:54,707 INFO L273 TraceCheckUtils]: 7: Hoare triple {1687#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1714#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,715 INFO L273 TraceCheckUtils]: 8: Hoare triple {1714#(= dll_create_~len |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1714#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,716 INFO L273 TraceCheckUtils]: 9: Hoare triple {1714#(= dll_create_~len |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1714#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,720 INFO L273 TraceCheckUtils]: 10: Hoare triple {1714#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1714#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,720 INFO L273 TraceCheckUtils]: 11: Hoare triple {1714#(= dll_create_~len |dll_create_#in~len|)} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {1714#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,720 INFO L273 TraceCheckUtils]: 12: Hoare triple {1714#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1714#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,728 INFO L273 TraceCheckUtils]: 13: Hoare triple {1714#(= dll_create_~len |dll_create_#in~len|)} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1714#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,735 INFO L273 TraceCheckUtils]: 14: Hoare triple {1714#(= dll_create_~len |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,736 INFO L273 TraceCheckUtils]: 15: Hoare triple {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,737 INFO L273 TraceCheckUtils]: 16: Hoare triple {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,737 INFO L273 TraceCheckUtils]: 17: Hoare triple {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,737 INFO L273 TraceCheckUtils]: 18: Hoare triple {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,755 INFO L273 TraceCheckUtils]: 19: Hoare triple {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,769 INFO L273 TraceCheckUtils]: 20: Hoare triple {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,791 INFO L273 TraceCheckUtils]: 21: Hoare triple {1736#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,791 INFO L273 TraceCheckUtils]: 22: Hoare triple {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,792 INFO L273 TraceCheckUtils]: 23: Hoare triple {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,792 INFO L273 TraceCheckUtils]: 24: Hoare triple {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,793 INFO L273 TraceCheckUtils]: 25: Hoare triple {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,793 INFO L273 TraceCheckUtils]: 26: Hoare triple {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,793 INFO L273 TraceCheckUtils]: 27: Hoare triple {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,812 INFO L273 TraceCheckUtils]: 28: Hoare triple {1758#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {1780#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:20:54,813 INFO L273 TraceCheckUtils]: 29: Hoare triple {1780#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:54,814 INFO L273 TraceCheckUtils]: 30: Hoare triple {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:54,814 INFO L273 TraceCheckUtils]: 31: Hoare triple {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} assume true; {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:54,815 INFO L268 TraceCheckUtils]: 32: Hoare quadruple {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} {1707#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} #121#return; {1688#false} is VALID [2018-11-23 11:20:54,816 INFO L273 TraceCheckUtils]: 33: Hoare triple {1688#false} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {1688#false} is VALID [2018-11-23 11:20:54,816 INFO L273 TraceCheckUtils]: 34: Hoare triple {1688#false} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {1688#false} is VALID [2018-11-23 11:20:54,816 INFO L273 TraceCheckUtils]: 35: Hoare triple {1688#false} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {1688#false} is VALID [2018-11-23 11:20:54,816 INFO L273 TraceCheckUtils]: 36: Hoare triple {1688#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {1688#false} is VALID [2018-11-23 11:20:54,816 INFO L273 TraceCheckUtils]: 37: Hoare triple {1688#false} #t~short11 := #t~short9; {1688#false} is VALID [2018-11-23 11:20:54,817 INFO L273 TraceCheckUtils]: 38: Hoare triple {1688#false} assume #t~short11; {1688#false} is VALID [2018-11-23 11:20:54,817 INFO L273 TraceCheckUtils]: 39: Hoare triple {1688#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {1688#false} is VALID [2018-11-23 11:20:54,817 INFO L273 TraceCheckUtils]: 40: Hoare triple {1688#false} assume !false; {1688#false} is VALID [2018-11-23 11:20:54,822 INFO L134 CoverageAnalysis]: Checked inductivity of 24 backedges. 0 proven. 24 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:20:54,822 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:20:55,438 INFO L273 TraceCheckUtils]: 40: Hoare triple {1688#false} assume !false; {1688#false} is VALID [2018-11-23 11:20:55,439 INFO L273 TraceCheckUtils]: 39: Hoare triple {1688#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {1688#false} is VALID [2018-11-23 11:20:55,439 INFO L273 TraceCheckUtils]: 38: Hoare triple {1688#false} assume #t~short11; {1688#false} is VALID [2018-11-23 11:20:55,439 INFO L273 TraceCheckUtils]: 37: Hoare triple {1688#false} #t~short11 := #t~short9; {1688#false} is VALID [2018-11-23 11:20:55,439 INFO L273 TraceCheckUtils]: 36: Hoare triple {1688#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {1688#false} is VALID [2018-11-23 11:20:55,440 INFO L273 TraceCheckUtils]: 35: Hoare triple {1688#false} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {1688#false} is VALID [2018-11-23 11:20:55,440 INFO L273 TraceCheckUtils]: 34: Hoare triple {1688#false} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {1688#false} is VALID [2018-11-23 11:20:55,440 INFO L273 TraceCheckUtils]: 33: Hoare triple {1688#false} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {1688#false} is VALID [2018-11-23 11:20:55,442 INFO L268 TraceCheckUtils]: 32: Hoare quadruple {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} {1842#(bvsgt (bvadd main_~len~0 (_ bv4294967293 32)) (_ bv0 32))} #121#return; {1688#false} is VALID [2018-11-23 11:20:55,442 INFO L273 TraceCheckUtils]: 31: Hoare triple {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} assume true; {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,443 INFO L273 TraceCheckUtils]: 30: Hoare triple {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,443 INFO L273 TraceCheckUtils]: 29: Hoare triple {1855#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} assume !~bvsgt32(~len, 0bv32); {1784#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,444 INFO L273 TraceCheckUtils]: 28: Hoare triple {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {1855#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} is VALID [2018-11-23 11:20:55,444 INFO L273 TraceCheckUtils]: 27: Hoare triple {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,445 INFO L273 TraceCheckUtils]: 26: Hoare triple {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,446 INFO L273 TraceCheckUtils]: 25: Hoare triple {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,446 INFO L273 TraceCheckUtils]: 24: Hoare triple {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,447 INFO L273 TraceCheckUtils]: 23: Hoare triple {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,448 INFO L273 TraceCheckUtils]: 22: Hoare triple {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,455 INFO L273 TraceCheckUtils]: 21: Hoare triple {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {1859#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,455 INFO L273 TraceCheckUtils]: 20: Hoare triple {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,456 INFO L273 TraceCheckUtils]: 19: Hoare triple {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,456 INFO L273 TraceCheckUtils]: 18: Hoare triple {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,458 INFO L273 TraceCheckUtils]: 17: Hoare triple {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,460 INFO L273 TraceCheckUtils]: 16: Hoare triple {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,463 INFO L273 TraceCheckUtils]: 15: Hoare triple {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,469 INFO L273 TraceCheckUtils]: 14: Hoare triple {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {1881#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,469 INFO L273 TraceCheckUtils]: 13: Hoare triple {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,470 INFO L273 TraceCheckUtils]: 12: Hoare triple {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,470 INFO L273 TraceCheckUtils]: 11: Hoare triple {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,471 INFO L273 TraceCheckUtils]: 10: Hoare triple {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,471 INFO L273 TraceCheckUtils]: 9: Hoare triple {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,471 INFO L273 TraceCheckUtils]: 8: Hoare triple {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,472 INFO L273 TraceCheckUtils]: 7: Hoare triple {1687#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1903#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:20:55,472 INFO L256 TraceCheckUtils]: 6: Hoare triple {1842#(bvsgt (bvadd main_~len~0 (_ bv4294967293 32)) (_ bv0 32))} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {1687#true} is VALID [2018-11-23 11:20:55,473 INFO L273 TraceCheckUtils]: 5: Hoare triple {1687#true} ~len~0 := 5bv32; {1842#(bvsgt (bvadd main_~len~0 (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:20:55,473 INFO L256 TraceCheckUtils]: 4: Hoare triple {1687#true} call #t~ret20 := main(); {1687#true} is VALID [2018-11-23 11:20:55,473 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1687#true} {1687#true} #117#return; {1687#true} is VALID [2018-11-23 11:20:55,474 INFO L273 TraceCheckUtils]: 2: Hoare triple {1687#true} assume true; {1687#true} is VALID [2018-11-23 11:20:55,474 INFO L273 TraceCheckUtils]: 1: Hoare triple {1687#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1687#true} is VALID [2018-11-23 11:20:55,474 INFO L256 TraceCheckUtils]: 0: Hoare triple {1687#true} call ULTIMATE.init(); {1687#true} is VALID [2018-11-23 11:20:55,479 INFO L134 CoverageAnalysis]: Checked inductivity of 24 backedges. 0 proven. 24 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:20:55,481 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:20:55,481 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 8] total 13 [2018-11-23 11:20:55,482 INFO L78 Accepts]: Start accepts. Automaton has 13 states. Word has length 41 [2018-11-23 11:20:55,483 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:20:55,483 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states. [2018-11-23 11:20:55,718 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 67 edges. 67 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:20:55,719 INFO L459 AbstractCegarLoop]: Interpolant automaton has 13 states [2018-11-23 11:20:55,719 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 13 interpolants. [2018-11-23 11:20:55,719 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=32, Invalid=124, Unknown=0, NotChecked=0, Total=156 [2018-11-23 11:20:55,720 INFO L87 Difference]: Start difference. First operand 47 states and 59 transitions. Second operand 13 states. [2018-11-23 11:21:01,477 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:01,478 INFO L93 Difference]: Finished difference Result 77 states and 100 transitions. [2018-11-23 11:21:01,478 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2018-11-23 11:21:01,478 INFO L78 Accepts]: Start accepts. Automaton has 13 states. Word has length 41 [2018-11-23 11:21:01,478 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:21:01,478 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 13 states. [2018-11-23 11:21:01,481 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 100 transitions. [2018-11-23 11:21:01,481 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 13 states. [2018-11-23 11:21:01,485 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 100 transitions. [2018-11-23 11:21:01,485 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 100 transitions. [2018-11-23 11:21:01,767 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 100 edges. 100 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:01,769 INFO L225 Difference]: With dead ends: 77 [2018-11-23 11:21:01,769 INFO L226 Difference]: Without dead ends: 60 [2018-11-23 11:21:01,772 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 85 GetRequests, 70 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 16 ImplicationChecksByTransitivity, 0.7s TimeCoverageRelationStatistics Valid=58, Invalid=214, Unknown=0, NotChecked=0, Total=272 [2018-11-23 11:21:01,772 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 60 states. [2018-11-23 11:21:01,799 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 60 to 54. [2018-11-23 11:21:01,799 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:21:01,799 INFO L82 GeneralOperation]: Start isEquivalent. First operand 60 states. Second operand 54 states. [2018-11-23 11:21:01,799 INFO L74 IsIncluded]: Start isIncluded. First operand 60 states. Second operand 54 states. [2018-11-23 11:21:01,799 INFO L87 Difference]: Start difference. First operand 60 states. Second operand 54 states. [2018-11-23 11:21:01,802 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:01,802 INFO L93 Difference]: Finished difference Result 60 states and 76 transitions. [2018-11-23 11:21:01,802 INFO L276 IsEmpty]: Start isEmpty. Operand 60 states and 76 transitions. [2018-11-23 11:21:01,802 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:01,803 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:01,803 INFO L74 IsIncluded]: Start isIncluded. First operand 54 states. Second operand 60 states. [2018-11-23 11:21:01,803 INFO L87 Difference]: Start difference. First operand 54 states. Second operand 60 states. [2018-11-23 11:21:01,805 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:01,805 INFO L93 Difference]: Finished difference Result 60 states and 76 transitions. [2018-11-23 11:21:01,806 INFO L276 IsEmpty]: Start isEmpty. Operand 60 states and 76 transitions. [2018-11-23 11:21:01,806 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:01,806 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:01,806 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:21:01,806 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:21:01,806 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 54 states. [2018-11-23 11:21:01,808 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 54 states to 54 states and 68 transitions. [2018-11-23 11:21:01,809 INFO L78 Accepts]: Start accepts. Automaton has 54 states and 68 transitions. Word has length 41 [2018-11-23 11:21:01,809 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:21:01,809 INFO L480 AbstractCegarLoop]: Abstraction has 54 states and 68 transitions. [2018-11-23 11:21:01,809 INFO L481 AbstractCegarLoop]: Interpolant automaton has 13 states. [2018-11-23 11:21:01,809 INFO L276 IsEmpty]: Start isEmpty. Operand 54 states and 68 transitions. [2018-11-23 11:21:01,810 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2018-11-23 11:21:01,810 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:21:01,810 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 4, 4, 4, 4, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:21:01,811 INFO L423 AbstractCegarLoop]: === Iteration 7 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:21:01,811 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:21:01,811 INFO L82 PathProgramCache]: Analyzing trace with hash 1857609638, now seen corresponding path program 3 times [2018-11-23 11:21:01,812 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:21:01,812 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:21:01,843 INFO L101 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2018-11-23 11:21:02,199 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 4 check-sat command(s) [2018-11-23 11:21:02,199 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-11-23 11:21:02,270 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:02,272 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:21:02,317 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:21:02,321 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:21:02,323 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:02,323 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2018-11-23 11:21:02,328 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:21:02,328 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_43|]. (= |#valid| (store |v_#valid_43| dll_create_~new_head~0.base (_ bv1 1))) [2018-11-23 11:21:02,328 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base)) [2018-11-23 11:21:02,399 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,402 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,403 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:21:02,405 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:21:02,414 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:02,415 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:16, output treesize:8 [2018-11-23 11:21:02,453 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 13 [2018-11-23 11:21:02,474 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 16 [2018-11-23 11:21:02,480 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,481 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 23 [2018-11-23 11:21:02,495 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:21:02,504 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:02,511 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:02,525 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:02,525 INFO L202 ElimStorePlain]: Needed 4 recursive calls to eliminate 1 variables, input treesize:24, output treesize:24 [2018-11-23 11:21:02,626 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 41 treesize of output 34 [2018-11-23 11:21:02,661 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,676 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,691 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,738 INFO L303 Elim1Store]: Index analysis took 105 ms [2018-11-23 11:21:02,740 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 34 treesize of output 56 [2018-11-23 11:21:02,783 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,795 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,807 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,819 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,831 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,842 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:02,933 INFO L303 Elim1Store]: Index analysis took 179 ms [2018-11-23 11:21:02,936 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 6 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 36 treesize of output 68 [2018-11-23 11:21:02,938 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:21:02,987 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:03,020 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:03,091 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 45 treesize of output 36 [2018-11-23 11:21:03,106 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:03,109 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:03,112 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:03,116 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:03,120 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:03,123 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:21:03,155 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 6 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 36 treesize of output 68 [2018-11-23 11:21:03,157 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 1 xjuncts. [2018-11-23 11:21:03,179 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:03,201 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:03,202 INFO L202 ElimStorePlain]: Needed 6 recursive calls to eliminate 3 variables, input treesize:67, output treesize:24 [2018-11-23 11:21:03,330 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:21:03,330 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_62|, |v_dll_create_#t~ite4_35|, |v_#memory_int_60|]. (let ((.cse2 (select |v_#memory_int_60| dll_create_~new_head~0.base)) (.cse0 (select |v_#memory_int_62| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (store |v_#memory_int_62| dll_create_~new_head~0.base (let ((.cse1 (bvadd dll_create_~new_head~0.offset (_ bv4 32)))) (store (store .cse0 (bvadd dll_create_~new_head~0.offset (_ bv16 32)) |v_dll_create_#t~ite4_35|) .cse1 (select .cse2 .cse1)))) |v_#memory_int_60|) (= (store |v_#memory_int_60| dll_create_~new_head~0.base (let ((.cse3 (bvadd dll_create_~new_head~0.offset (_ bv12 32)))) (store .cse2 .cse3 (select (select |#memory_int| dll_create_~new_head~0.base) .cse3)))) |#memory_int|) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))) [2018-11-23 11:21:03,330 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))) [2018-11-23 11:21:03,362 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 36 treesize of output 37 [2018-11-23 11:21:03,370 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 1 [2018-11-23 11:21:03,371 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:21:03,381 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:03,401 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:03,402 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:43, output treesize:20 [2018-11-23 11:21:03,414 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:21:03,415 WARN L384 uantifierElimination]: Input elimination task: ∃ [dll_create_~head~0.base, dll_create_~head~0.offset, |v_#memory_int_63|]. (let ((.cse0 (select |v_#memory_int_63| dll_create_~new_head~0.base))) (and (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) dll_create_~new_head~0.offset) (= (store |v_#memory_int_63| dll_create_~head~0.base (let ((.cse1 (bvadd dll_create_~head~0.offset (_ bv12 32)))) (store (select |v_#memory_int_63| dll_create_~head~0.base) .cse1 (select (select |#memory_int| dll_create_~head~0.base) .cse1)))) |#memory_int|) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))) [2018-11-23 11:21:03,415 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)))) [2018-11-23 11:21:03,839 INFO L256 TraceCheckUtils]: 0: Hoare triple {2232#true} call ULTIMATE.init(); {2232#true} is VALID [2018-11-23 11:21:03,839 INFO L273 TraceCheckUtils]: 1: Hoare triple {2232#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2232#true} is VALID [2018-11-23 11:21:03,840 INFO L273 TraceCheckUtils]: 2: Hoare triple {2232#true} assume true; {2232#true} is VALID [2018-11-23 11:21:03,840 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2232#true} {2232#true} #117#return; {2232#true} is VALID [2018-11-23 11:21:03,840 INFO L256 TraceCheckUtils]: 4: Hoare triple {2232#true} call #t~ret20 := main(); {2232#true} is VALID [2018-11-23 11:21:03,840 INFO L273 TraceCheckUtils]: 5: Hoare triple {2232#true} ~len~0 := 5bv32; {2232#true} is VALID [2018-11-23 11:21:03,840 INFO L256 TraceCheckUtils]: 6: Hoare triple {2232#true} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {2232#true} is VALID [2018-11-23 11:21:03,840 INFO L273 TraceCheckUtils]: 7: Hoare triple {2232#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {2232#true} is VALID [2018-11-23 11:21:03,840 INFO L273 TraceCheckUtils]: 8: Hoare triple {2232#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2232#true} is VALID [2018-11-23 11:21:03,841 INFO L273 TraceCheckUtils]: 9: Hoare triple {2232#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2232#true} is VALID [2018-11-23 11:21:03,841 INFO L273 TraceCheckUtils]: 10: Hoare triple {2232#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2232#true} is VALID [2018-11-23 11:21:03,841 INFO L273 TraceCheckUtils]: 11: Hoare triple {2232#true} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2232#true} is VALID [2018-11-23 11:21:03,841 INFO L273 TraceCheckUtils]: 12: Hoare triple {2232#true} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2232#true} is VALID [2018-11-23 11:21:03,841 INFO L273 TraceCheckUtils]: 13: Hoare triple {2232#true} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {2232#true} is VALID [2018-11-23 11:21:03,841 INFO L273 TraceCheckUtils]: 14: Hoare triple {2232#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2232#true} is VALID [2018-11-23 11:21:03,842 INFO L273 TraceCheckUtils]: 15: Hoare triple {2232#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2232#true} is VALID [2018-11-23 11:21:03,842 INFO L273 TraceCheckUtils]: 16: Hoare triple {2232#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2232#true} is VALID [2018-11-23 11:21:03,842 INFO L273 TraceCheckUtils]: 17: Hoare triple {2232#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2232#true} is VALID [2018-11-23 11:21:03,842 INFO L273 TraceCheckUtils]: 18: Hoare triple {2232#true} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2232#true} is VALID [2018-11-23 11:21:03,842 INFO L273 TraceCheckUtils]: 19: Hoare triple {2232#true} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2232#true} is VALID [2018-11-23 11:21:03,842 INFO L273 TraceCheckUtils]: 20: Hoare triple {2232#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2232#true} is VALID [2018-11-23 11:21:03,842 INFO L273 TraceCheckUtils]: 21: Hoare triple {2232#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2232#true} is VALID [2018-11-23 11:21:03,844 INFO L273 TraceCheckUtils]: 22: Hoare triple {2232#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:03,844 INFO L273 TraceCheckUtils]: 23: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:03,844 INFO L273 TraceCheckUtils]: 24: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:03,853 INFO L273 TraceCheckUtils]: 25: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:03,853 INFO L273 TraceCheckUtils]: 26: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:03,856 INFO L273 TraceCheckUtils]: 27: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:03,858 INFO L273 TraceCheckUtils]: 28: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2322#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:21:03,858 INFO L273 TraceCheckUtils]: 29: Hoare triple {2322#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2326#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:21:03,859 INFO L273 TraceCheckUtils]: 30: Hoare triple {2326#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2326#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:21:03,868 INFO L273 TraceCheckUtils]: 31: Hoare triple {2326#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2333#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:21:03,882 INFO L273 TraceCheckUtils]: 32: Hoare triple {2333#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2333#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:21:03,897 INFO L273 TraceCheckUtils]: 33: Hoare triple {2333#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2333#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:21:03,907 INFO L273 TraceCheckUtils]: 34: Hoare triple {2333#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2343#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} is VALID [2018-11-23 11:21:03,921 INFO L273 TraceCheckUtils]: 35: Hoare triple {2343#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2347#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:21:03,930 INFO L273 TraceCheckUtils]: 36: Hoare triple {2347#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} assume !~bvsgt32(~len, 0bv32); {2347#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:21:03,943 INFO L273 TraceCheckUtils]: 37: Hoare triple {2347#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {2354#(and (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} is VALID [2018-11-23 11:21:03,956 INFO L273 TraceCheckUtils]: 38: Hoare triple {2354#(and (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} assume true; {2354#(and (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} is VALID [2018-11-23 11:21:03,970 INFO L268 TraceCheckUtils]: 39: Hoare quadruple {2354#(and (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} {2232#true} #121#return; {2361#(and (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret6.base|) |main_#t~ret6.offset|)) (= (_ bv0 32) |main_#t~ret6.offset|) (= (select (select |#memory_int| |main_#t~ret6.base|) (bvadd |main_#t~ret6.offset| (_ bv8 32))) (_ bv0 32)))} is VALID [2018-11-23 11:21:03,982 INFO L273 TraceCheckUtils]: 40: Hoare triple {2361#(and (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret6.base|) |main_#t~ret6.offset|)) (= (_ bv0 32) |main_#t~ret6.offset|) (= (select (select |#memory_int| |main_#t~ret6.base|) (bvadd |main_#t~ret6.offset| (_ bv8 32))) (_ bv0 32)))} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {2365#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:21:04,001 INFO L273 TraceCheckUtils]: 41: Hoare triple {2365#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) main_~head~1.offset))} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {2365#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:21:04,010 INFO L273 TraceCheckUtils]: 42: Hoare triple {2365#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) main_~head~1.offset))} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {2365#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:21:04,017 INFO L273 TraceCheckUtils]: 43: Hoare triple {2365#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) main_~head~1.offset))} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {2375#(not |main_#t~short9|)} is VALID [2018-11-23 11:21:04,017 INFO L273 TraceCheckUtils]: 44: Hoare triple {2375#(not |main_#t~short9|)} #t~short11 := #t~short9; {2379#(not |main_#t~short11|)} is VALID [2018-11-23 11:21:04,019 INFO L273 TraceCheckUtils]: 45: Hoare triple {2379#(not |main_#t~short11|)} assume #t~short11; {2233#false} is VALID [2018-11-23 11:21:04,019 INFO L273 TraceCheckUtils]: 46: Hoare triple {2233#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {2233#false} is VALID [2018-11-23 11:21:04,019 INFO L273 TraceCheckUtils]: 47: Hoare triple {2233#false} assume !false; {2233#false} is VALID [2018-11-23 11:21:04,022 INFO L134 CoverageAnalysis]: Checked inductivity of 46 backedges. 30 proven. 7 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2018-11-23 11:21:04,023 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:21:05,114 WARN L180 SmtUtils]: Spent 984.00 ms on a formula simplification that was a NOOP. DAG size: 69 [2018-11-23 11:21:05,671 WARN L180 SmtUtils]: Spent 552.00 ms on a formula simplification that was a NOOP. DAG size: 59 [2018-11-23 11:21:06,265 WARN L180 SmtUtils]: Spent 590.00 ms on a formula simplification that was a NOOP. DAG size: 63 [2018-11-23 11:21:06,859 WARN L180 SmtUtils]: Spent 592.00 ms on a formula simplification that was a NOOP. DAG size: 63 [2018-11-23 11:21:10,113 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:21:10,122 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:21:10,129 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:21:10,130 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:30, output treesize:19 [2018-11-23 11:21:10,148 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:21:10,148 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_85|, dll_create_~head~0.offset]. (or (= (select (select |v_#memory_int_85| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (not (= |v_#memory_int_85| (store |#memory_int| dll_create_~head~0.base (let ((.cse0 (bvadd dll_create_~head~0.offset (_ bv12 32)))) (store (select |#memory_int| dll_create_~head~0.base) .cse0 (select (select |v_#memory_int_85| dll_create_~head~0.base) .cse0))))))) [2018-11-23 11:21:10,149 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [dll_create_~head~0.offset, v_DerPreprocessor_2]. (= (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_2)) dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) [2018-11-23 11:21:10,503 WARN L180 SmtUtils]: Spent 192.00 ms on a formula simplification that was a NOOP. DAG size: 44 [2018-11-23 11:21:10,514 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:21:10,537 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:10,619 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:21:10,629 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:21:10,748 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:21:10,758 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:10,808 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:21:10,814 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:21:10,874 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-0 vars, 2 dim-2 vars, End of recursive call: 4 dim-0 vars, and 3 xjuncts. [2018-11-23 11:21:10,874 INFO L202 ElimStorePlain]: Needed 9 recursive calls to eliminate 5 variables, input treesize:65, output treesize:47 [2018-11-23 11:21:10,975 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:21:10,975 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_86|, dll_create_~head~0.offset, v_DerPreprocessor_2, |dll_create_#t~ite4|, |v_#memory_int_60|]. (let ((.cse1 (select |v_#memory_int_60| dll_create_~new_head~0.base))) (or (not (= (store |#memory_int| dll_create_~new_head~0.base (let ((.cse0 (bvadd dll_create_~new_head~0.offset (_ bv4 32)))) (store (store (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) |dll_create_#t~ite4|) .cse0 (select .cse1 .cse0)))) |v_#memory_int_60|)) (not (= (store |v_#memory_int_60| dll_create_~new_head~0.base (let ((.cse2 (bvadd dll_create_~new_head~0.offset (_ bv12 32)))) (store .cse1 .cse2 (select (select |v_#memory_int_86| dll_create_~new_head~0.base) .cse2)))) |v_#memory_int_86|)) (= (select (select (store |v_#memory_int_86| dll_create_~head~0.base (store (select |v_#memory_int_86| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_2)) dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)))) [2018-11-23 11:21:10,976 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [|dll_create_#t~ite4|, v_DerPreprocessor_10, v_prenex_1, v_prenex_2]. (let ((.cse0 (select |#memory_int| dll_create_~new_head~0.base)) (.cse1 (bvadd dll_create_~new_head~0.offset (_ bv16 32))) (.cse2 (bvadd dll_create_~new_head~0.offset (_ bv4 32))) (.cse3 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (.cse4 (= dll_create_~new_head~0.base dll_create_~head~0.base))) (and (= (select (store (store .cse0 .cse1 v_prenex_1) .cse2 v_prenex_2) .cse3) (_ bv0 32)) (or (= (select (store (store .cse0 .cse1 |dll_create_#t~ite4|) .cse2 v_DerPreprocessor_10) .cse3) (_ bv0 32)) .cse4) (not .cse4))) [2018-11-23 11:21:13,277 WARN L307 Elim1Store]: Array PQE input equivalent to true [2018-11-23 11:21:13,278 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:21:13,280 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:21:13,280 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:32, output treesize:4 [2018-11-23 11:21:13,360 INFO L273 TraceCheckUtils]: 47: Hoare triple {2233#false} assume !false; {2233#false} is VALID [2018-11-23 11:21:13,360 INFO L273 TraceCheckUtils]: 46: Hoare triple {2233#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {2233#false} is VALID [2018-11-23 11:21:13,361 INFO L273 TraceCheckUtils]: 45: Hoare triple {2379#(not |main_#t~short11|)} assume #t~short11; {2233#false} is VALID [2018-11-23 11:21:13,361 INFO L273 TraceCheckUtils]: 44: Hoare triple {2375#(not |main_#t~short9|)} #t~short11 := #t~short9; {2379#(not |main_#t~short11|)} is VALID [2018-11-23 11:21:13,362 INFO L273 TraceCheckUtils]: 43: Hoare triple {2401#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {2375#(not |main_#t~short9|)} is VALID [2018-11-23 11:21:13,362 INFO L273 TraceCheckUtils]: 42: Hoare triple {2401#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {2401#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} is VALID [2018-11-23 11:21:13,363 INFO L273 TraceCheckUtils]: 41: Hoare triple {2401#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {2401#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} is VALID [2018-11-23 11:21:13,363 INFO L273 TraceCheckUtils]: 40: Hoare triple {2411#(= (select (select |#memory_int| |main_#t~ret6.base|) (bvadd |main_#t~ret6.offset| (_ bv8 32))) (_ bv0 32))} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {2401#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} is VALID [2018-11-23 11:21:13,366 INFO L268 TraceCheckUtils]: 39: Hoare quadruple {2418#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32))))} {2232#true} #121#return; {2411#(= (select (select |#memory_int| |main_#t~ret6.base|) (bvadd |main_#t~ret6.offset| (_ bv8 32))) (_ bv0 32))} is VALID [2018-11-23 11:21:13,366 INFO L273 TraceCheckUtils]: 38: Hoare triple {2418#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32))))} assume true; {2418#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32))))} is VALID [2018-11-23 11:21:13,367 INFO L273 TraceCheckUtils]: 37: Hoare triple {2425#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32))))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {2418#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32))))} is VALID [2018-11-23 11:21:13,367 INFO L273 TraceCheckUtils]: 36: Hoare triple {2425#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32))))} assume !~bvsgt32(~len, 0bv32); {2425#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32))))} is VALID [2018-11-23 11:21:13,369 INFO L273 TraceCheckUtils]: 35: Hoare triple {2432#(= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2425#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32))))} is VALID [2018-11-23 11:21:13,371 INFO L273 TraceCheckUtils]: 34: Hoare triple {2436#(forall ((v_DerPreprocessor_2 (_ BitVec 32)) (dll_create_~head~0.offset (_ BitVec 32))) (= (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_2)) dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2432#(= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32))} is VALID [2018-11-23 11:21:13,374 INFO L273 TraceCheckUtils]: 33: Hoare triple {2440#(and (forall ((|dll_create_#t~ite4| (_ BitVec 32)) (v_DerPreprocessor_10 (_ BitVec 32))) (= (select (store (store (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) |dll_create_#t~ite4|) (bvadd dll_create_~new_head~0.offset (_ bv4 32)) v_DerPreprocessor_10) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32))) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2436#(forall ((v_DerPreprocessor_2 (_ BitVec 32)) (dll_create_~head~0.offset (_ BitVec 32))) (= (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_2)) dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)))} is VALID [2018-11-23 11:21:13,375 INFO L273 TraceCheckUtils]: 32: Hoare triple {2440#(and (forall ((|dll_create_#t~ite4| (_ BitVec 32)) (v_DerPreprocessor_10 (_ BitVec 32))) (= (select (store (store (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) |dll_create_#t~ite4|) (bvadd dll_create_~new_head~0.offset (_ bv4 32)) v_DerPreprocessor_10) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32))) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2440#(and (forall ((|dll_create_#t~ite4| (_ BitVec 32)) (v_DerPreprocessor_10 (_ BitVec 32))) (= (select (store (store (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) |dll_create_#t~ite4|) (bvadd dll_create_~new_head~0.offset (_ bv4 32)) v_DerPreprocessor_10) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32))) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:21:13,378 INFO L273 TraceCheckUtils]: 31: Hoare triple {2447#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2440#(and (forall ((|dll_create_#t~ite4| (_ BitVec 32)) (v_DerPreprocessor_10 (_ BitVec 32))) (= (select (store (store (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) |dll_create_#t~ite4|) (bvadd dll_create_~new_head~0.offset (_ bv4 32)) v_DerPreprocessor_10) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32))) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:21:13,379 INFO L273 TraceCheckUtils]: 30: Hoare triple {2447#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2447#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} is VALID [2018-11-23 11:21:13,380 INFO L273 TraceCheckUtils]: 29: Hoare triple {2322#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2447#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} is VALID [2018-11-23 11:21:13,382 INFO L273 TraceCheckUtils]: 28: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2322#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:21:13,383 INFO L273 TraceCheckUtils]: 27: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:13,383 INFO L273 TraceCheckUtils]: 26: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:13,384 INFO L273 TraceCheckUtils]: 25: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:13,384 INFO L273 TraceCheckUtils]: 24: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:13,385 INFO L273 TraceCheckUtils]: 23: Hoare triple {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:13,386 INFO L273 TraceCheckUtils]: 22: Hoare triple {2232#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2303#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:21:13,387 INFO L273 TraceCheckUtils]: 21: Hoare triple {2232#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2232#true} is VALID [2018-11-23 11:21:13,387 INFO L273 TraceCheckUtils]: 20: Hoare triple {2232#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2232#true} is VALID [2018-11-23 11:21:13,387 INFO L273 TraceCheckUtils]: 19: Hoare triple {2232#true} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2232#true} is VALID [2018-11-23 11:21:13,387 INFO L273 TraceCheckUtils]: 18: Hoare triple {2232#true} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2232#true} is VALID [2018-11-23 11:21:13,388 INFO L273 TraceCheckUtils]: 17: Hoare triple {2232#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2232#true} is VALID [2018-11-23 11:21:13,388 INFO L273 TraceCheckUtils]: 16: Hoare triple {2232#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2232#true} is VALID [2018-11-23 11:21:13,388 INFO L273 TraceCheckUtils]: 15: Hoare triple {2232#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2232#true} is VALID [2018-11-23 11:21:13,388 INFO L273 TraceCheckUtils]: 14: Hoare triple {2232#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2232#true} is VALID [2018-11-23 11:21:13,389 INFO L273 TraceCheckUtils]: 13: Hoare triple {2232#true} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {2232#true} is VALID [2018-11-23 11:21:13,389 INFO L273 TraceCheckUtils]: 12: Hoare triple {2232#true} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2232#true} is VALID [2018-11-23 11:21:13,389 INFO L273 TraceCheckUtils]: 11: Hoare triple {2232#true} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2232#true} is VALID [2018-11-23 11:21:13,389 INFO L273 TraceCheckUtils]: 10: Hoare triple {2232#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2232#true} is VALID [2018-11-23 11:21:13,389 INFO L273 TraceCheckUtils]: 9: Hoare triple {2232#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2232#true} is VALID [2018-11-23 11:21:13,390 INFO L273 TraceCheckUtils]: 8: Hoare triple {2232#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2232#true} is VALID [2018-11-23 11:21:13,390 INFO L273 TraceCheckUtils]: 7: Hoare triple {2232#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {2232#true} is VALID [2018-11-23 11:21:13,390 INFO L256 TraceCheckUtils]: 6: Hoare triple {2232#true} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {2232#true} is VALID [2018-11-23 11:21:13,390 INFO L273 TraceCheckUtils]: 5: Hoare triple {2232#true} ~len~0 := 5bv32; {2232#true} is VALID [2018-11-23 11:21:13,390 INFO L256 TraceCheckUtils]: 4: Hoare triple {2232#true} call #t~ret20 := main(); {2232#true} is VALID [2018-11-23 11:21:13,390 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2232#true} {2232#true} #117#return; {2232#true} is VALID [2018-11-23 11:21:13,391 INFO L273 TraceCheckUtils]: 2: Hoare triple {2232#true} assume true; {2232#true} is VALID [2018-11-23 11:21:13,391 INFO L273 TraceCheckUtils]: 1: Hoare triple {2232#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2232#true} is VALID [2018-11-23 11:21:13,391 INFO L256 TraceCheckUtils]: 0: Hoare triple {2232#true} call ULTIMATE.init(); {2232#true} is VALID [2018-11-23 11:21:13,395 INFO L134 CoverageAnalysis]: Checked inductivity of 46 backedges. 30 proven. 7 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [MP cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (8)] Exception during sending of exit command (exit): Broken pipe [2018-11-23 11:21:13,400 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:21:13,401 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 14] total 21 [2018-11-23 11:21:13,402 INFO L78 Accepts]: Start accepts. Automaton has 21 states. Word has length 48 [2018-11-23 11:21:13,402 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:21:13,402 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 21 states. [2018-11-23 11:21:13,612 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 57 edges. 57 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:13,613 INFO L459 AbstractCegarLoop]: Interpolant automaton has 21 states [2018-11-23 11:21:13,613 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 21 interpolants. [2018-11-23 11:21:13,613 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=56, Invalid=363, Unknown=1, NotChecked=0, Total=420 [2018-11-23 11:21:13,613 INFO L87 Difference]: Start difference. First operand 54 states and 68 transitions. Second operand 21 states. [2018-11-23 11:21:24,469 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:24,469 INFO L93 Difference]: Finished difference Result 80 states and 106 transitions. [2018-11-23 11:21:24,469 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2018-11-23 11:21:24,470 INFO L78 Accepts]: Start accepts. Automaton has 21 states. Word has length 48 [2018-11-23 11:21:24,470 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:21:24,470 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 21 states. [2018-11-23 11:21:24,472 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 96 transitions. [2018-11-23 11:21:24,473 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 21 states. [2018-11-23 11:21:24,475 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 96 transitions. [2018-11-23 11:21:24,475 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states and 96 transitions. [2018-11-23 11:21:24,681 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:24,683 INFO L225 Difference]: With dead ends: 80 [2018-11-23 11:21:24,683 INFO L226 Difference]: Without dead ends: 67 [2018-11-23 11:21:24,684 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 109 GetRequests, 79 SyntacticMatches, 1 SemanticMatches, 29 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 100 ImplicationChecksByTransitivity, 3.5s TimeCoverageRelationStatistics Valid=152, Invalid=777, Unknown=1, NotChecked=0, Total=930 [2018-11-23 11:21:24,684 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 67 states. [2018-11-23 11:21:24,725 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 67 to 59. [2018-11-23 11:21:24,726 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:21:24,726 INFO L82 GeneralOperation]: Start isEquivalent. First operand 67 states. Second operand 59 states. [2018-11-23 11:21:24,726 INFO L74 IsIncluded]: Start isIncluded. First operand 67 states. Second operand 59 states. [2018-11-23 11:21:24,726 INFO L87 Difference]: Start difference. First operand 67 states. Second operand 59 states. [2018-11-23 11:21:24,729 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:24,729 INFO L93 Difference]: Finished difference Result 67 states and 85 transitions. [2018-11-23 11:21:24,729 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 85 transitions. [2018-11-23 11:21:24,729 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:24,730 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:24,730 INFO L74 IsIncluded]: Start isIncluded. First operand 59 states. Second operand 67 states. [2018-11-23 11:21:24,730 INFO L87 Difference]: Start difference. First operand 59 states. Second operand 67 states. [2018-11-23 11:21:24,732 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:24,732 INFO L93 Difference]: Finished difference Result 67 states and 85 transitions. [2018-11-23 11:21:24,733 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 85 transitions. [2018-11-23 11:21:24,733 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:24,733 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:24,733 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:21:24,733 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:21:24,733 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 59 states. [2018-11-23 11:21:24,735 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 59 states to 59 states and 74 transitions. [2018-11-23 11:21:24,736 INFO L78 Accepts]: Start accepts. Automaton has 59 states and 74 transitions. Word has length 48 [2018-11-23 11:21:24,736 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:21:24,736 INFO L480 AbstractCegarLoop]: Abstraction has 59 states and 74 transitions. [2018-11-23 11:21:24,736 INFO L481 AbstractCegarLoop]: Interpolant automaton has 21 states. [2018-11-23 11:21:24,736 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 74 transitions. [2018-11-23 11:21:24,737 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2018-11-23 11:21:24,737 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:21:24,737 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 4, 4, 4, 4, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:21:24,737 INFO L423 AbstractCegarLoop]: === Iteration 8 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:21:24,738 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:21:24,738 INFO L82 PathProgramCache]: Analyzing trace with hash 1857611560, now seen corresponding path program 1 times [2018-11-23 11:21:24,738 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:21:24,738 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 9 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 9 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:21:24,759 INFO L101 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2018-11-23 11:21:24,866 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:24,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:24,907 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:21:25,224 INFO L256 TraceCheckUtils]: 0: Hoare triple {2868#true} call ULTIMATE.init(); {2868#true} is VALID [2018-11-23 11:21:25,225 INFO L273 TraceCheckUtils]: 1: Hoare triple {2868#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2868#true} is VALID [2018-11-23 11:21:25,225 INFO L273 TraceCheckUtils]: 2: Hoare triple {2868#true} assume true; {2868#true} is VALID [2018-11-23 11:21:25,225 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2868#true} {2868#true} #117#return; {2868#true} is VALID [2018-11-23 11:21:25,225 INFO L256 TraceCheckUtils]: 4: Hoare triple {2868#true} call #t~ret20 := main(); {2868#true} is VALID [2018-11-23 11:21:25,226 INFO L273 TraceCheckUtils]: 5: Hoare triple {2868#true} ~len~0 := 5bv32; {2888#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} is VALID [2018-11-23 11:21:25,226 INFO L256 TraceCheckUtils]: 6: Hoare triple {2888#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {2868#true} is VALID [2018-11-23 11:21:25,226 INFO L273 TraceCheckUtils]: 7: Hoare triple {2868#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {2895#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,229 INFO L273 TraceCheckUtils]: 8: Hoare triple {2895#(= dll_create_~len |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2895#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,229 INFO L273 TraceCheckUtils]: 9: Hoare triple {2895#(= dll_create_~len |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2895#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,231 INFO L273 TraceCheckUtils]: 10: Hoare triple {2895#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2895#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,231 INFO L273 TraceCheckUtils]: 11: Hoare triple {2895#(= dll_create_~len |dll_create_#in~len|)} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2895#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,232 INFO L273 TraceCheckUtils]: 12: Hoare triple {2895#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2895#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,232 INFO L273 TraceCheckUtils]: 13: Hoare triple {2895#(= dll_create_~len |dll_create_#in~len|)} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {2895#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,232 INFO L273 TraceCheckUtils]: 14: Hoare triple {2895#(= dll_create_~len |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,233 INFO L273 TraceCheckUtils]: 15: Hoare triple {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,233 INFO L273 TraceCheckUtils]: 16: Hoare triple {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,250 INFO L273 TraceCheckUtils]: 17: Hoare triple {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,253 INFO L273 TraceCheckUtils]: 18: Hoare triple {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,255 INFO L273 TraceCheckUtils]: 19: Hoare triple {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,255 INFO L273 TraceCheckUtils]: 20: Hoare triple {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,274 INFO L273 TraceCheckUtils]: 21: Hoare triple {2917#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,275 INFO L273 TraceCheckUtils]: 22: Hoare triple {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,275 INFO L273 TraceCheckUtils]: 23: Hoare triple {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,276 INFO L273 TraceCheckUtils]: 24: Hoare triple {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,276 INFO L273 TraceCheckUtils]: 25: Hoare triple {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,276 INFO L273 TraceCheckUtils]: 26: Hoare triple {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,277 INFO L273 TraceCheckUtils]: 27: Hoare triple {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,305 INFO L273 TraceCheckUtils]: 28: Hoare triple {2939#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,306 INFO L273 TraceCheckUtils]: 29: Hoare triple {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,306 INFO L273 TraceCheckUtils]: 30: Hoare triple {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,307 INFO L273 TraceCheckUtils]: 31: Hoare triple {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,307 INFO L273 TraceCheckUtils]: 32: Hoare triple {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,307 INFO L273 TraceCheckUtils]: 33: Hoare triple {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,308 INFO L273 TraceCheckUtils]: 34: Hoare triple {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,334 INFO L273 TraceCheckUtils]: 35: Hoare triple {2961#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {2983#(= (bvadd dll_create_~len (_ bv4 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:25,335 INFO L273 TraceCheckUtils]: 36: Hoare triple {2983#(= (bvadd dll_create_~len (_ bv4 32)) |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,336 INFO L273 TraceCheckUtils]: 37: Hoare triple {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,336 INFO L273 TraceCheckUtils]: 38: Hoare triple {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} assume true; {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,337 INFO L268 TraceCheckUtils]: 39: Hoare quadruple {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} {2888#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} #121#return; {2869#false} is VALID [2018-11-23 11:21:25,337 INFO L273 TraceCheckUtils]: 40: Hoare triple {2869#false} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {2869#false} is VALID [2018-11-23 11:21:25,337 INFO L273 TraceCheckUtils]: 41: Hoare triple {2869#false} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {2869#false} is VALID [2018-11-23 11:21:25,337 INFO L273 TraceCheckUtils]: 42: Hoare triple {2869#false} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {2869#false} is VALID [2018-11-23 11:21:25,337 INFO L273 TraceCheckUtils]: 43: Hoare triple {2869#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {2869#false} is VALID [2018-11-23 11:21:25,337 INFO L273 TraceCheckUtils]: 44: Hoare triple {2869#false} #t~short11 := #t~short9; {2869#false} is VALID [2018-11-23 11:21:25,337 INFO L273 TraceCheckUtils]: 45: Hoare triple {2869#false} assume !#t~short11;call #t~mem10 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32);#t~short11 := 0bv32 != #t~mem10; {2869#false} is VALID [2018-11-23 11:21:25,338 INFO L273 TraceCheckUtils]: 46: Hoare triple {2869#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {2869#false} is VALID [2018-11-23 11:21:25,338 INFO L273 TraceCheckUtils]: 47: Hoare triple {2869#false} assume !false; {2869#false} is VALID [2018-11-23 11:21:25,341 INFO L134 CoverageAnalysis]: Checked inductivity of 46 backedges. 0 proven. 46 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:21:25,341 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:21:25,858 INFO L273 TraceCheckUtils]: 47: Hoare triple {2869#false} assume !false; {2869#false} is VALID [2018-11-23 11:21:25,859 INFO L273 TraceCheckUtils]: 46: Hoare triple {2869#false} assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; {2869#false} is VALID [2018-11-23 11:21:25,859 INFO L273 TraceCheckUtils]: 45: Hoare triple {2869#false} assume !#t~short11;call #t~mem10 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32);#t~short11 := 0bv32 != #t~mem10; {2869#false} is VALID [2018-11-23 11:21:25,859 INFO L273 TraceCheckUtils]: 44: Hoare triple {2869#false} #t~short11 := #t~short9; {2869#false} is VALID [2018-11-23 11:21:25,859 INFO L273 TraceCheckUtils]: 43: Hoare triple {2869#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {2869#false} is VALID [2018-11-23 11:21:25,860 INFO L273 TraceCheckUtils]: 42: Hoare triple {2869#false} assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; {2869#false} is VALID [2018-11-23 11:21:25,860 INFO L273 TraceCheckUtils]: 41: Hoare triple {2869#false} call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {2869#false} is VALID [2018-11-23 11:21:25,860 INFO L273 TraceCheckUtils]: 40: Hoare triple {2869#false} ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; {2869#false} is VALID [2018-11-23 11:21:25,861 INFO L268 TraceCheckUtils]: 39: Hoare quadruple {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} {3045#(bvsgt (bvadd main_~len~0 (_ bv4294967292 32)) (_ bv0 32))} #121#return; {2869#false} is VALID [2018-11-23 11:21:25,862 INFO L273 TraceCheckUtils]: 38: Hoare triple {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} assume true; {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,862 INFO L273 TraceCheckUtils]: 37: Hoare triple {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,863 INFO L273 TraceCheckUtils]: 36: Hoare triple {3058#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} assume !~bvsgt32(~len, 0bv32); {2987#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,863 INFO L273 TraceCheckUtils]: 35: Hoare triple {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {3058#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} is VALID [2018-11-23 11:21:25,863 INFO L273 TraceCheckUtils]: 34: Hoare triple {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,864 INFO L273 TraceCheckUtils]: 33: Hoare triple {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,864 INFO L273 TraceCheckUtils]: 32: Hoare triple {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,865 INFO L273 TraceCheckUtils]: 31: Hoare triple {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,866 INFO L273 TraceCheckUtils]: 30: Hoare triple {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,866 INFO L273 TraceCheckUtils]: 29: Hoare triple {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,873 INFO L273 TraceCheckUtils]: 28: Hoare triple {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {3062#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,874 INFO L273 TraceCheckUtils]: 27: Hoare triple {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,875 INFO L273 TraceCheckUtils]: 26: Hoare triple {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,875 INFO L273 TraceCheckUtils]: 25: Hoare triple {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,875 INFO L273 TraceCheckUtils]: 24: Hoare triple {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,876 INFO L273 TraceCheckUtils]: 23: Hoare triple {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,876 INFO L273 TraceCheckUtils]: 22: Hoare triple {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,881 INFO L273 TraceCheckUtils]: 21: Hoare triple {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {3084#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,881 INFO L273 TraceCheckUtils]: 20: Hoare triple {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,882 INFO L273 TraceCheckUtils]: 19: Hoare triple {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,882 INFO L273 TraceCheckUtils]: 18: Hoare triple {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,882 INFO L273 TraceCheckUtils]: 17: Hoare triple {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,883 INFO L273 TraceCheckUtils]: 16: Hoare triple {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,883 INFO L273 TraceCheckUtils]: 15: Hoare triple {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,888 INFO L273 TraceCheckUtils]: 14: Hoare triple {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; {3106#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,888 INFO L273 TraceCheckUtils]: 13: Hoare triple {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,889 INFO L273 TraceCheckUtils]: 12: Hoare triple {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,889 INFO L273 TraceCheckUtils]: 11: Hoare triple {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} assume #t~nondet3 == ~len;#t~ite4 := 1bv32; {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,889 INFO L273 TraceCheckUtils]: 10: Hoare triple {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,890 INFO L273 TraceCheckUtils]: 9: Hoare triple {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,890 INFO L273 TraceCheckUtils]: 8: Hoare triple {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,890 INFO L273 TraceCheckUtils]: 7: Hoare triple {2868#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {3128#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:25,891 INFO L256 TraceCheckUtils]: 6: Hoare triple {3045#(bvsgt (bvadd main_~len~0 (_ bv4294967292 32)) (_ bv0 32))} call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); {2868#true} is VALID [2018-11-23 11:21:25,891 INFO L273 TraceCheckUtils]: 5: Hoare triple {2868#true} ~len~0 := 5bv32; {3045#(bvsgt (bvadd main_~len~0 (_ bv4294967292 32)) (_ bv0 32))} is VALID [2018-11-23 11:21:25,891 INFO L256 TraceCheckUtils]: 4: Hoare triple {2868#true} call #t~ret20 := main(); {2868#true} is VALID [2018-11-23 11:21:25,891 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2868#true} {2868#true} #117#return; {2868#true} is VALID [2018-11-23 11:21:25,891 INFO L273 TraceCheckUtils]: 2: Hoare triple {2868#true} assume true; {2868#true} is VALID [2018-11-23 11:21:25,891 INFO L273 TraceCheckUtils]: 1: Hoare triple {2868#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2868#true} is VALID [2018-11-23 11:21:25,892 INFO L256 TraceCheckUtils]: 0: Hoare triple {2868#true} call ULTIMATE.init(); {2868#true} is VALID [2018-11-23 11:21:25,897 INFO L134 CoverageAnalysis]: Checked inductivity of 46 backedges. 0 proven. 46 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:21:25,899 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:21:25,899 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 15 [2018-11-23 11:21:25,900 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 48 [2018-11-23 11:21:25,900 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:21:25,901 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states. [2018-11-23 11:21:26,197 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 81 edges. 81 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:26,197 INFO L459 AbstractCegarLoop]: Interpolant automaton has 15 states [2018-11-23 11:21:26,197 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2018-11-23 11:21:26,197 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=38, Invalid=172, Unknown=0, NotChecked=0, Total=210 [2018-11-23 11:21:26,198 INFO L87 Difference]: Start difference. First operand 59 states and 74 transitions. Second operand 15 states. [2018-11-23 11:21:32,923 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:32,923 INFO L93 Difference]: Finished difference Result 94 states and 121 transitions. [2018-11-23 11:21:32,923 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2018-11-23 11:21:32,924 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 48 [2018-11-23 11:21:32,924 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:21:32,924 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2018-11-23 11:21:32,926 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 109 transitions. [2018-11-23 11:21:32,926 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2018-11-23 11:21:32,929 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 109 transitions. [2018-11-23 11:21:32,929 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 109 transitions. [2018-11-23 11:21:33,225 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 109 edges. 109 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:33,227 INFO L225 Difference]: With dead ends: 94 [2018-11-23 11:21:33,227 INFO L226 Difference]: Without dead ends: 72 [2018-11-23 11:21:33,228 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 100 GetRequests, 82 SyntacticMatches, 0 SemanticMatches, 18 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 0.8s TimeCoverageRelationStatistics Valid=73, Invalid=307, Unknown=0, NotChecked=0, Total=380 [2018-11-23 11:21:33,228 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 72 states. [2018-11-23 11:21:33,343 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 72 to 66. [2018-11-23 11:21:33,343 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:21:33,343 INFO L82 GeneralOperation]: Start isEquivalent. First operand 72 states. Second operand 66 states. [2018-11-23 11:21:33,343 INFO L74 IsIncluded]: Start isIncluded. First operand 72 states. Second operand 66 states. [2018-11-23 11:21:33,344 INFO L87 Difference]: Start difference. First operand 72 states. Second operand 66 states. [2018-11-23 11:21:33,346 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:33,346 INFO L93 Difference]: Finished difference Result 72 states and 91 transitions. [2018-11-23 11:21:33,347 INFO L276 IsEmpty]: Start isEmpty. Operand 72 states and 91 transitions. [2018-11-23 11:21:33,347 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:33,347 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:33,347 INFO L74 IsIncluded]: Start isIncluded. First operand 66 states. Second operand 72 states. [2018-11-23 11:21:33,347 INFO L87 Difference]: Start difference. First operand 66 states. Second operand 72 states. [2018-11-23 11:21:33,350 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:33,350 INFO L93 Difference]: Finished difference Result 72 states and 91 transitions. [2018-11-23 11:21:33,350 INFO L276 IsEmpty]: Start isEmpty. Operand 72 states and 91 transitions. [2018-11-23 11:21:33,350 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:33,351 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:33,351 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:21:33,351 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:21:33,351 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 66 states. [2018-11-23 11:21:33,353 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 83 transitions. [2018-11-23 11:21:33,354 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 83 transitions. Word has length 48 [2018-11-23 11:21:33,354 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:21:33,354 INFO L480 AbstractCegarLoop]: Abstraction has 66 states and 83 transitions. [2018-11-23 11:21:33,354 INFO L481 AbstractCegarLoop]: Interpolant automaton has 15 states. [2018-11-23 11:21:33,354 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 83 transitions. [2018-11-23 11:21:33,355 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2018-11-23 11:21:33,355 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:21:33,355 INFO L402 BasicCegarLoop]: trace histogram [5, 5, 5, 5, 5, 5, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:21:33,356 INFO L423 AbstractCegarLoop]: === Iteration 9 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:21:33,356 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:21:33,356 INFO L82 PathProgramCache]: Analyzing trace with hash 1135782060, now seen corresponding path program 2 times [2018-11-23 11:21:33,357 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:21:33,357 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 10 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 10 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:21:33,387 INFO L101 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2018-11-23 11:21:33,660 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2018-11-23 11:21:33,660 INFO L250 tOrderPrioritization]: Conjunction of SSA is sat [2018-11-23 11:21:33,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2018-11-23 11:21:34,031 INFO L469 BasicCegarLoop]: Counterexample might be feasible ----- class de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder.RCFGBacktranslator [?] CALL call ULTIMATE.init(); VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |old(#NULL.base)|=(_ bv0 32), |old(#NULL.offset)|=(_ bv0 32)] [?] #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |old(#NULL.base)|=(_ bv0 32), |old(#NULL.offset)|=(_ bv0 32)] [?] assume true; VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |old(#NULL.base)|=(_ bv0 32), |old(#NULL.offset)|=(_ bv0 32)] [?] RET #117#return; VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] CALL call #t~ret20 := main(); VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] ~len~0 := 5bv32; VAL [main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] CALL call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32)] [?] ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32)] [?] assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume #t~nondet3 == ~len;#t~ite4 := 1bv32; VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~ite4|=(_ bv1 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32), |dll_create_#t~nondet3|=(_ bv5 32)] [?] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume #t~nondet3 == ~len;#t~ite4 := 1bv32; VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~ite4|=(_ bv1 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32), |dll_create_#t~nondet3|=(_ bv4 32)] [?] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume #t~nondet3 == ~len;#t~ite4 := 1bv32; VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~ite4|=(_ bv1 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32), |dll_create_#t~nondet3|=(_ bv3 32)] [?] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume #t~nondet3 == ~len;#t~ite4 := 1bv32; VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~ite4|=(_ bv1 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32), |dll_create_#t~nondet3|=(_ bv2 32)] [?] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume #t~nondet3 == ~len;#t~ite4 := 1bv32; VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~ite4|=(_ bv1 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32), |dll_create_#t~nondet3|=(_ bv1 32)] [?] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; VAL [dll_create_~head~0.base=(_ bv1274156531 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv0 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !~bvsgt32(~len, 0bv32); VAL [dll_create_~head~0.base=(_ bv1274156531 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv0 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [dll_create_~head~0.base=(_ bv1274156531 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv0 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#res.base|=(_ bv1274156531 32), |dll_create_#res.offset|=(_ bv0 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume true; VAL [dll_create_~head~0.base=(_ bv1274156531 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv0 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#res.base|=(_ bv1274156531 32), |dll_create_#res.offset|=(_ bv0 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] RET #121#return; VAL [main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~ret6.base|=(_ bv1274156531 32), |main_#t~ret6.offset|=(_ bv0 32)] [?] ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~mem13.base|=(_ bv3480255990 32), |main_#t~mem13.offset|=(_ bv0 32)] [?] assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~mem7|=(_ bv0 32), |main_#t~short9|=false] [?] assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~mem7|=(_ bv0 32), |main_#t~mem8|=(_ bv0 32), |main_#t~short9|=false] [?] #t~short11 := #t~short9; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~mem7|=(_ bv0 32), |main_#t~mem8|=(_ bv0 32), |main_#t~short11|=false, |main_#t~short9|=false] [?] assume !#t~short11;call #t~mem10 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32);#t~short11 := 0bv32 != #t~mem10; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~mem10|=(_ bv1 32), |main_#t~mem7|=(_ bv0 32), |main_#t~mem8|=(_ bv0 32), |main_#t~short11|=true, |main_#t~short9|=false] [?] assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] assume !false; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] CALL call ULTIMATE.init(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] #NULL.base, #NULL.offset := 0bv32, 0bv32; [?] #valid := #valid[0bv32 := 0bv1]; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] ensures true; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0.base, ~head~0.offset := 0bv32, 0bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, #t~nondet3=5bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L579-L581] assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, #t~nondet3=4bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, #t~nondet3=3bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, #t~nondet3=2bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, #t~nondet3=1bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !~bvsgt32(~len, 0bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L585] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #res.base=1274156531bv32, #res.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L567-L586] ensures true; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #res.base=1274156531bv32, #res.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L589] RET call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~ret6.base=1274156531bv32, #t~ret6.offset=0bv32, ~len~0=5bv32] [L589] ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset; [L589] havoc #t~ret6.base, #t~ret6.offset; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L590] call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem13.base=3480255990bv32, #t~mem13.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L590-L595] assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32); [L590] havoc #t~mem13.base, #t~mem13.offset; [L591] call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] assume !#t~short9; [L591] call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] assume !#t~short11; [L591] call #t~mem10 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591-L593] assume #t~short11; [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] ----- ----- class de.uni_freiburg.informatik.ultimate.boogie.preprocessor.BoogiePreprocessorBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] #NULL.base, #NULL.offset := 0bv32, 0bv32; [?] #valid := #valid[0bv32 := 0bv1]; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] ensures true; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0.base, ~head~0.offset := 0bv32, 0bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, #t~nondet3=5bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L579-L581] assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, #t~nondet3=4bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, #t~nondet3=3bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, #t~nondet3=2bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, #t~nondet3=1bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !~bvsgt32(~len, 0bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L585] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #res.base=1274156531bv32, #res.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L567-L586] ensures true; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #res.base=1274156531bv32, #res.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L589] RET call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~ret6.base=1274156531bv32, #t~ret6.offset=0bv32, ~len~0=5bv32] [L589] ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset; [L589] havoc #t~ret6.base, #t~ret6.offset; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L590] call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem13.base=3480255990bv32, #t~mem13.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L590-L595] assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32); [L590] havoc #t~mem13.base, #t~mem13.offset; [L591] call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] assume !#t~short9; [L591] call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] assume !#t~short11; [L591] call #t~mem10 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591-L593] assume #t~short11; [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [?] CALL call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] #NULL := { base: 0bv32, offset: 0bv32 }; [?] #valid[0bv32] := 0bv1; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6 := dll_create(~len~0); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0 := { base: 0bv32, offset: 0bv32 }; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, #t~nondet3=5bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L579-L581] COND FALSE !(~head~0 != { base: 0bv32, offset: 0bv32 }) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, #t~nondet3=4bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, #t~nondet3=3bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, #t~nondet3=2bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, #t~nondet3=1bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L569-L584] COND TRUE !~bvsgt32(~len, 0bv32) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L585] #res := ~head~0; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #res!base=1274156531bv32, #res!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L589] RET call #t~ret6 := dll_create(~len~0); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~ret6!base=1274156531bv32, #t~ret6!offset=0bv32, ~len~0=5bv32] [L589] ~head~1 := #t~ret6; [L589] havoc #t~ret6; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590] FCALL call #t~mem13 := read~$Pointer$({ base: ~head~1!base, offset: ~bvadd32(4bv32, ~head~1!offset) }, 4bv32); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem13!base=3480255990bv32, #t~mem13!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590-L595] COND FALSE !(!(#t~mem13 != { base: 0bv32, offset: 0bv32 })) [L590] havoc #t~mem13; [L591] FCALL call #t~mem7 := read~intINTTYPE4({ base: ~head~1!base, offset: ~head~1!offset }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short9) [L591] FCALL call #t~mem8 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(8bv32, ~head~1!offset) }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short11) [L591] FCALL call #t~mem10 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(16bv32, ~head~1!offset) }, 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND TRUE #t~short11 [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] ----- ----- class de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] #NULL := { base: 0bv32, offset: 0bv32 }; [?] #valid[0bv32] := 0bv1; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6 := dll_create(~len~0); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0 := { base: 0bv32, offset: 0bv32 }; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, #t~nondet3=5bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L579-L581] COND FALSE !(~head~0 != { base: 0bv32, offset: 0bv32 }) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, #t~nondet3=4bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, #t~nondet3=3bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, #t~nondet3=2bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, #t~nondet3=1bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L569-L584] COND TRUE !~bvsgt32(~len, 0bv32) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L585] #res := ~head~0; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #res!base=1274156531bv32, #res!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L589] RET call #t~ret6 := dll_create(~len~0); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~ret6!base=1274156531bv32, #t~ret6!offset=0bv32, ~len~0=5bv32] [L589] ~head~1 := #t~ret6; [L589] havoc #t~ret6; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590] FCALL call #t~mem13 := read~$Pointer$({ base: ~head~1!base, offset: ~bvadd32(4bv32, ~head~1!offset) }, 4bv32); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem13!base=3480255990bv32, #t~mem13!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590-L595] COND FALSE !(!(#t~mem13 != { base: 0bv32, offset: 0bv32 })) [L590] havoc #t~mem13; [L591] FCALL call #t~mem7 := read~intINTTYPE4({ base: ~head~1!base, offset: ~head~1!offset }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short9) [L591] FCALL call #t~mem8 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(8bv32, ~head~1!offset) }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short11) [L591] FCALL call #t~mem10 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(16bv32, ~head~1!offset) }, 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND TRUE #t~short11 [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [?] CALL call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] #NULL := { base: 0bv32, offset: 0bv32 }; [?] #valid[0bv32] := 0bv1; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6 := dll_create(~len~0); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0 := { base: 0bv32, offset: 0bv32 }; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, #t~nondet3=5bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L579-L581] COND FALSE !(~head~0 != { base: 0bv32, offset: 0bv32 }) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, #t~nondet3=4bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, #t~nondet3=3bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, #t~nondet3=2bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, #t~nondet3=1bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L569-L584] COND TRUE !~bvsgt32(~len, 0bv32) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L585] #res := ~head~0; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #res!base=1274156531bv32, #res!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L589] RET call #t~ret6 := dll_create(~len~0); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~ret6!base=1274156531bv32, #t~ret6!offset=0bv32, ~len~0=5bv32] [L589] ~head~1 := #t~ret6; [L589] havoc #t~ret6; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590] FCALL call #t~mem13 := read~$Pointer$({ base: ~head~1!base, offset: ~bvadd32(4bv32, ~head~1!offset) }, 4bv32); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem13!base=3480255990bv32, #t~mem13!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590-L595] COND FALSE !(!(#t~mem13 != { base: 0bv32, offset: 0bv32 })) [L590] havoc #t~mem13; [L591] FCALL call #t~mem7 := read~intINTTYPE4({ base: ~head~1!base, offset: ~head~1!offset }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short9) [L591] FCALL call #t~mem8 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(8bv32, ~head~1!offset) }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short11) [L591] FCALL call #t~mem10 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(16bv32, ~head~1!offset) }, 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND TRUE #t~short11 [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] ----- ----- class de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] #NULL := { base: 0bv32, offset: 0bv32 }; [?] #valid[0bv32] := 0bv1; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6 := dll_create(~len~0); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0 := { base: 0bv32, offset: 0bv32 }; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, #t~nondet3=5bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L579-L581] COND FALSE !(~head~0 != { base: 0bv32, offset: 0bv32 }) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, #t~nondet3=4bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, #t~nondet3=3bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, #t~nondet3=2bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, #t~nondet3=1bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L569-L584] COND TRUE !~bvsgt32(~len, 0bv32) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L585] #res := ~head~0; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #res!base=1274156531bv32, #res!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L589] RET call #t~ret6 := dll_create(~len~0); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~ret6!base=1274156531bv32, #t~ret6!offset=0bv32, ~len~0=5bv32] [L589] ~head~1 := #t~ret6; [L589] havoc #t~ret6; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590] FCALL call #t~mem13 := read~$Pointer$({ base: ~head~1!base, offset: ~bvadd32(4bv32, ~head~1!offset) }, 4bv32); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem13!base=3480255990bv32, #t~mem13!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590-L595] COND FALSE !(!(#t~mem13 != { base: 0bv32, offset: 0bv32 })) [L590] havoc #t~mem13; [L591] FCALL call #t~mem7 := read~intINTTYPE4({ base: ~head~1!base, offset: ~head~1!offset }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short9) [L591] FCALL call #t~mem8 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(8bv32, ~head~1!offset) }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short11) [L591] FCALL call #t~mem10 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(16bv32, ~head~1!offset) }, 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND TRUE #t~short11 [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L588] const int len = 5; VAL [len=5] [L589] CALL, EXPR dll_create(len) VAL [\old(len)=5] [L568] DLL head = ((void *)0); VAL [\old(len)=5, head={0:0}, len=5] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=5, __VERIFIER_nondet_int() == len? 1 : 0=1, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L579] COND FALSE !(\read(head)) VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=4, __VERIFIER_nondet_int() == len? 1 : 0=1, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=3, __VERIFIER_nondet_int() == len? 1 : 0=1, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=2, __VERIFIER_nondet_int() == len? 1 : 0=1, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=1, __VERIFIER_nondet_int() == len? 1 : 0=1, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1274156531:0}, len=0, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L569] COND FALSE !(len > 0) VAL [\old(len)=5, head={1274156531:0}, len=0, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L585] return head; VAL [\old(len)=5, \result={1274156531:0}, head={1274156531:0}, len=0, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L589] RET, EXPR dll_create(len) VAL [dll_create(len)={1274156531:0}, len=5] [L589] DLL head = dll_create(len); [L590] head->next VAL [head={1274156531:0}, head->next={-814711306:0}, len=5] [L590] COND TRUE head->next [L591] EXPR head->data_0 [L591] EXPR 0 != head->data_0 || 0 != head->data_1 [L591] EXPR head->data_1 [L591] EXPR 0 != head->data_0 || 0 != head->data_1 VAL [0 != head->data_0 || 0 != head->data_1=0, head={1274156531:0}, head->data_0=0, head->data_1=0, len=5] [L591] 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2 [L591] EXPR head->data_2 [L591] 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2 VAL [0 != head->data_0 || 0 != head->data_1=0, 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2=1, head={1274156531:0}, head->data_0=0, head->data_1=0, head->data_2=1, len=5] [L591] COND TRUE 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2 [L605] __VERIFIER_error() VAL [head={1274156531:0}, len=5] ----- [2018-11-23 11:21:34,257 WARN L170 areAnnotationChecker]: exitENTRY has no Hoare annotation [2018-11-23 11:21:34,257 WARN L170 areAnnotationChecker]: ULTIMATE.initENTRY has no Hoare annotation [2018-11-23 11:21:34,257 WARN L170 areAnnotationChecker]: dll_createENTRY has no Hoare annotation [2018-11-23 11:21:34,258 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2018-11-23 11:21:34,258 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2018-11-23 11:21:34,258 WARN L170 areAnnotationChecker]: mainENTRY has no Hoare annotation [2018-11-23 11:21:34,258 WARN L170 areAnnotationChecker]: L565 has no Hoare annotation [2018-11-23 11:21:34,258 WARN L170 areAnnotationChecker]: ULTIMATE.initFINAL has no Hoare annotation [2018-11-23 11:21:34,258 WARN L170 areAnnotationChecker]: L569-2 has no Hoare annotation [2018-11-23 11:21:34,258 WARN L170 areAnnotationChecker]: L569-2 has no Hoare annotation [2018-11-23 11:21:34,258 WARN L170 areAnnotationChecker]: L569-2 has no Hoare annotation [2018-11-23 11:21:34,258 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2018-11-23 11:21:34,259 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2018-11-23 11:21:34,259 WARN L170 areAnnotationChecker]: L589 has no Hoare annotation [2018-11-23 11:21:34,259 WARN L170 areAnnotationChecker]: L589 has no Hoare annotation [2018-11-23 11:21:34,259 WARN L170 areAnnotationChecker]: ULTIMATE.initEXIT has no Hoare annotation [2018-11-23 11:21:34,259 WARN L170 areAnnotationChecker]: L569-3 has no Hoare annotation [2018-11-23 11:21:34,259 WARN L170 areAnnotationChecker]: L571 has no Hoare annotation [2018-11-23 11:21:34,259 WARN L170 areAnnotationChecker]: L571 has no Hoare annotation [2018-11-23 11:21:34,259 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2018-11-23 11:21:34,259 WARN L170 areAnnotationChecker]: L589-1 has no Hoare annotation [2018-11-23 11:21:34,260 WARN L170 areAnnotationChecker]: dll_createFINAL has no Hoare annotation [2018-11-23 11:21:34,260 WARN L170 areAnnotationChecker]: L572 has no Hoare annotation [2018-11-23 11:21:34,260 WARN L170 areAnnotationChecker]: L572 has no Hoare annotation [2018-11-23 11:21:34,260 WARN L170 areAnnotationChecker]: L571-1 has no Hoare annotation [2018-11-23 11:21:34,260 WARN L170 areAnnotationChecker]: L590-3 has no Hoare annotation [2018-11-23 11:21:34,260 WARN L170 areAnnotationChecker]: L590-3 has no Hoare annotation [2018-11-23 11:21:34,260 WARN L170 areAnnotationChecker]: dll_createEXIT has no Hoare annotation [2018-11-23 11:21:34,260 WARN L170 areAnnotationChecker]: L576 has no Hoare annotation [2018-11-23 11:21:34,260 WARN L170 areAnnotationChecker]: L576 has no Hoare annotation [2018-11-23 11:21:34,261 WARN L170 areAnnotationChecker]: L596-1 has no Hoare annotation [2018-11-23 11:21:34,261 WARN L170 areAnnotationChecker]: L596-1 has no Hoare annotation [2018-11-23 11:21:34,261 WARN L170 areAnnotationChecker]: L596-1 has no Hoare annotation [2018-11-23 11:21:34,261 WARN L170 areAnnotationChecker]: L590-1 has no Hoare annotation [2018-11-23 11:21:34,261 WARN L170 areAnnotationChecker]: L590-1 has no Hoare annotation [2018-11-23 11:21:34,261 WARN L170 areAnnotationChecker]: L576-2 has no Hoare annotation [2018-11-23 11:21:34,261 WARN L170 areAnnotationChecker]: L596-2 has no Hoare annotation [2018-11-23 11:21:34,261 WARN L170 areAnnotationChecker]: L598 has no Hoare annotation [2018-11-23 11:21:34,261 WARN L170 areAnnotationChecker]: L598 has no Hoare annotation [2018-11-23 11:21:34,262 WARN L170 areAnnotationChecker]: L591 has no Hoare annotation [2018-11-23 11:21:34,262 WARN L170 areAnnotationChecker]: L591 has no Hoare annotation [2018-11-23 11:21:34,262 WARN L170 areAnnotationChecker]: L579 has no Hoare annotation [2018-11-23 11:21:34,262 WARN L170 areAnnotationChecker]: L579 has no Hoare annotation [2018-11-23 11:21:34,262 WARN L170 areAnnotationChecker]: mainFINAL has no Hoare annotation [2018-11-23 11:21:34,262 WARN L170 areAnnotationChecker]: L598-2 has no Hoare annotation [2018-11-23 11:21:34,262 WARN L170 areAnnotationChecker]: L591-2 has no Hoare annotation [2018-11-23 11:21:34,262 WARN L170 areAnnotationChecker]: L579-2 has no Hoare annotation [2018-11-23 11:21:34,262 WARN L170 areAnnotationChecker]: mainEXIT has no Hoare annotation [2018-11-23 11:21:34,262 WARN L170 areAnnotationChecker]: L598-3 has no Hoare annotation [2018-11-23 11:21:34,263 WARN L170 areAnnotationChecker]: L598-3 has no Hoare annotation [2018-11-23 11:21:34,263 WARN L170 areAnnotationChecker]: L591-3 has no Hoare annotation [2018-11-23 11:21:34,263 WARN L170 areAnnotationChecker]: L591-3 has no Hoare annotation [2018-11-23 11:21:34,263 WARN L170 areAnnotationChecker]: L598-5 has no Hoare annotation [2018-11-23 11:21:34,263 WARN L170 areAnnotationChecker]: L598-5 has no Hoare annotation [2018-11-23 11:21:34,263 WARN L170 areAnnotationChecker]: L591-5 has no Hoare annotation [2018-11-23 11:21:34,263 WARN L170 areAnnotationChecker]: L591-5 has no Hoare annotation [2018-11-23 11:21:34,263 WARN L170 areAnnotationChecker]: L599 has no Hoare annotation [2018-11-23 11:21:34,263 WARN L170 areAnnotationChecker]: L599 has no Hoare annotation [2018-11-23 11:21:34,264 INFO L163 areAnnotationChecker]: CFG has 0 edges. 0 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2018-11-23 11:21:34,266 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 23.11 11:21:34 BoogieIcfgContainer [2018-11-23 11:21:34,266 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2018-11-23 11:21:34,267 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2018-11-23 11:21:34,267 INFO L271 PluginConnector]: Initializing Witness Printer... [2018-11-23 11:21:34,267 INFO L276 PluginConnector]: Witness Printer initialized [2018-11-23 11:21:34,268 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:20:40" (3/4) ... [2018-11-23 11:21:34,270 INFO L138 WitnessPrinter]: Generating witness for reachability counterexample ----- class de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder.RCFGBacktranslator [?] CALL call ULTIMATE.init(); VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |old(#NULL.base)|=(_ bv0 32), |old(#NULL.offset)|=(_ bv0 32)] [?] #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |old(#NULL.base)|=(_ bv0 32), |old(#NULL.offset)|=(_ bv0 32)] [?] assume true; VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |old(#NULL.base)|=(_ bv0 32), |old(#NULL.offset)|=(_ bv0 32)] [?] RET #117#return; VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] CALL call #t~ret20 := main(); VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] ~len~0 := 5bv32; VAL [main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] CALL call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); VAL [|#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32)] [?] ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32)] [?] assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume #t~nondet3 == ~len;#t~ite4 := 1bv32; VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~ite4|=(_ bv1 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32), |dll_create_#t~nondet3|=(_ bv5 32)] [?] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); VAL [dll_create_~head~0.base=(_ bv0 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv5 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1274156530 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156530 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume #t~nondet3 == ~len;#t~ite4 := 1bv32; VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~ite4|=(_ bv1 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32), |dll_create_#t~nondet3|=(_ bv4 32)] [?] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1274156530 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv4 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1257403895 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1257403895 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume #t~nondet3 == ~len;#t~ite4 := 1bv32; VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~ite4|=(_ bv1 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32), |dll_create_#t~nondet3|=(_ bv3 32)] [?] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1257403895 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv3 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv1730119417 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1730119417 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume #t~nondet3 == ~len;#t~ite4 := 1bv32; VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~ite4|=(_ bv1 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32), |dll_create_#t~nondet3|=(_ bv2 32)] [?] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv1730119417 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv2 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv3480255990 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv3480255990 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume #t~nondet3 == ~len;#t~ite4 := 1bv32; VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~ite4|=(_ bv1 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32), |dll_create_#t~nondet3|=(_ bv1 32)] [?] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);havoc #t~ite4;havoc #t~nondet3;call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [dll_create_~head~0.base=(_ bv3480255990 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv1 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post5 := ~len;~len := ~bvsub32(#t~post5, 1bv32);havoc #t~post5; VAL [dll_create_~head~0.base=(_ bv1274156531 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv0 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume !~bvsgt32(~len, 0bv32); VAL [dll_create_~head~0.base=(_ bv1274156531 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv0 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [dll_create_~head~0.base=(_ bv1274156531 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv0 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#res.base|=(_ bv1274156531 32), |dll_create_#res.offset|=(_ bv0 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] assume true; VAL [dll_create_~head~0.base=(_ bv1274156531 32), dll_create_~head~0.offset=(_ bv0 32), dll_create_~len=(_ bv0 32), dll_create_~new_head~0.base=(_ bv1274156531 32), dll_create_~new_head~0.offset=(_ bv0 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |dll_create_#in~len|=(_ bv5 32), |dll_create_#res.base|=(_ bv1274156531 32), |dll_create_#res.offset|=(_ bv0 32), |dll_create_#t~malloc2.base|=(_ bv1274156531 32), |dll_create_#t~malloc2.offset|=(_ bv0 32)] [?] RET #121#return; VAL [main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~ret6.base|=(_ bv1274156531 32), |main_#t~ret6.offset|=(_ bv0 32)] [?] ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset;havoc #t~ret6.base, #t~ret6.offset; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~mem13.base|=(_ bv3480255990 32), |main_#t~mem13.offset|=(_ bv0 32)] [?] assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32);havoc #t~mem13.base, #t~mem13.offset;call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short9 := 0bv32 != #t~mem7; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~mem7|=(_ bv0 32), |main_#t~short9|=false] [?] assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~mem7|=(_ bv0 32), |main_#t~mem8|=(_ bv0 32), |main_#t~short9|=false] [?] #t~short11 := #t~short9; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~mem7|=(_ bv0 32), |main_#t~mem8|=(_ bv0 32), |main_#t~short11|=false, |main_#t~short9|=false] [?] assume !#t~short11;call #t~mem10 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32);#t~short11 := 0bv32 != #t~mem10; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32), |main_#t~mem10|=(_ bv1 32), |main_#t~mem7|=(_ bv0 32), |main_#t~mem8|=(_ bv0 32), |main_#t~short11|=true, |main_#t~short9|=false] [?] assume #t~short11;havoc #t~mem10;havoc #t~short11;havoc #t~short9;havoc #t~mem7;havoc #t~mem8; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] assume !false; VAL [main_~head~1.base=(_ bv1274156531 32), main_~head~1.offset=(_ bv0 32), main_~len~0=(_ bv5 32), |#NULL.base|=(_ bv0 32), |#NULL.offset|=(_ bv0 32)] [?] CALL call ULTIMATE.init(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] #NULL.base, #NULL.offset := 0bv32, 0bv32; [?] #valid := #valid[0bv32 := 0bv1]; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] ensures true; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0.base, ~head~0.offset := 0bv32, 0bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, #t~nondet3=5bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L579-L581] assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, #t~nondet3=4bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, #t~nondet3=3bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, #t~nondet3=2bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, #t~nondet3=1bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !~bvsgt32(~len, 0bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L585] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #res.base=1274156531bv32, #res.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L567-L586] ensures true; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #res.base=1274156531bv32, #res.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L589] RET call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~ret6.base=1274156531bv32, #t~ret6.offset=0bv32, ~len~0=5bv32] [L589] ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset; [L589] havoc #t~ret6.base, #t~ret6.offset; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L590] call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem13.base=3480255990bv32, #t~mem13.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L590-L595] assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32); [L590] havoc #t~mem13.base, #t~mem13.offset; [L591] call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] assume !#t~short9; [L591] call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] assume !#t~short11; [L591] call #t~mem10 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591-L593] assume #t~short11; [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] ----- ----- class de.uni_freiburg.informatik.ultimate.boogie.preprocessor.BoogiePreprocessorBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] #NULL.base, #NULL.offset := 0bv32, 0bv32; [?] #valid := #valid[0bv32 := 0bv1]; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] ensures true; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, old(#NULL.base)=0bv32, old(#NULL.offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL.base=0bv32, #NULL.offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0.base, ~head~0.offset := 0bv32, 0bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, #t~nondet3=5bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L579-L581] assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=0bv32, ~head~0.offset=0bv32, ~len=5bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156530bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1274156530bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, #t~nondet3=4bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156530bv32, ~head~0.offset=0bv32, ~len=4bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1257403895bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1257403895bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, #t~nondet3=3bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1257403895bv32, ~head~0.offset=0bv32, ~len=3bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1730119417bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=1730119417bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, #t~nondet3=2bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=1730119417bv32, ~head~0.offset=0bv32, ~len=2bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=3480255990bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=3480255990bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !!~bvsgt32(~len, 0bv32); [L570] call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32); [L570] ~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L571-L573] assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L574] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32); [L575] call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L576] assume #t~nondet3 == ~len; [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~ite4=1bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, #t~nondet3=1bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L576] call write~intINTTYPE4(#t~ite4, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32); [L578] call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L579-L581] assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32; [L580] call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=3480255990bv32, ~head~0.offset=0bv32, ~len=1bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L582] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L569-L584] assume !~bvsgt32(~len, 0bv32); VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L585] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #res.base=1274156531bv32, #res.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L567-L586] ensures true; VAL [#in~len=5bv32, #NULL.base=0bv32, #NULL.offset=0bv32, #res.base=1274156531bv32, #res.offset=0bv32, #t~malloc2.base=1274156531bv32, #t~malloc2.offset=0bv32, ~head~0.base=1274156531bv32, ~head~0.offset=0bv32, ~len=0bv32, ~new_head~0.base=1274156531bv32, ~new_head~0.offset=0bv32] [L589] RET call #t~ret6.base, #t~ret6.offset := dll_create(~len~0); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~ret6.base=1274156531bv32, #t~ret6.offset=0bv32, ~len~0=5bv32] [L589] ~head~1.base, ~head~1.offset := #t~ret6.base, #t~ret6.offset; [L589] havoc #t~ret6.base, #t~ret6.offset; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L590] call #t~mem13.base, #t~mem13.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem13.base=3480255990bv32, #t~mem13.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L590-L595] assume !!(#t~mem13.base != 0bv32 || #t~mem13.offset != 0bv32); [L590] havoc #t~mem13.base, #t~mem13.offset; [L591] call #t~mem7 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] assume !#t~short9; [L591] call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591] assume !#t~short11; [L591] call #t~mem10 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L591-L593] assume #t~short11; [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL.base=0bv32, #NULL.offset=0bv32, ~head~1.base=1274156531bv32, ~head~1.offset=0bv32, ~len~0=5bv32] [?] CALL call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] #NULL := { base: 0bv32, offset: 0bv32 }; [?] #valid[0bv32] := 0bv1; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6 := dll_create(~len~0); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0 := { base: 0bv32, offset: 0bv32 }; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, #t~nondet3=5bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L579-L581] COND FALSE !(~head~0 != { base: 0bv32, offset: 0bv32 }) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, #t~nondet3=4bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, #t~nondet3=3bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, #t~nondet3=2bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, #t~nondet3=1bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L569-L584] COND TRUE !~bvsgt32(~len, 0bv32) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L585] #res := ~head~0; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #res!base=1274156531bv32, #res!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L589] RET call #t~ret6 := dll_create(~len~0); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~ret6!base=1274156531bv32, #t~ret6!offset=0bv32, ~len~0=5bv32] [L589] ~head~1 := #t~ret6; [L589] havoc #t~ret6; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590] FCALL call #t~mem13 := read~$Pointer$({ base: ~head~1!base, offset: ~bvadd32(4bv32, ~head~1!offset) }, 4bv32); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem13!base=3480255990bv32, #t~mem13!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590-L595] COND FALSE !(!(#t~mem13 != { base: 0bv32, offset: 0bv32 })) [L590] havoc #t~mem13; [L591] FCALL call #t~mem7 := read~intINTTYPE4({ base: ~head~1!base, offset: ~head~1!offset }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short9) [L591] FCALL call #t~mem8 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(8bv32, ~head~1!offset) }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short11) [L591] FCALL call #t~mem10 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(16bv32, ~head~1!offset) }, 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND TRUE #t~short11 [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] ----- ----- class de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] #NULL := { base: 0bv32, offset: 0bv32 }; [?] #valid[0bv32] := 0bv1; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6 := dll_create(~len~0); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0 := { base: 0bv32, offset: 0bv32 }; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, #t~nondet3=5bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L579-L581] COND FALSE !(~head~0 != { base: 0bv32, offset: 0bv32 }) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, #t~nondet3=4bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, #t~nondet3=3bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, #t~nondet3=2bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, #t~nondet3=1bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L569-L584] COND TRUE !~bvsgt32(~len, 0bv32) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L585] #res := ~head~0; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #res!base=1274156531bv32, #res!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L589] RET call #t~ret6 := dll_create(~len~0); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~ret6!base=1274156531bv32, #t~ret6!offset=0bv32, ~len~0=5bv32] [L589] ~head~1 := #t~ret6; [L589] havoc #t~ret6; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590] FCALL call #t~mem13 := read~$Pointer$({ base: ~head~1!base, offset: ~bvadd32(4bv32, ~head~1!offset) }, 4bv32); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem13!base=3480255990bv32, #t~mem13!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590-L595] COND FALSE !(!(#t~mem13 != { base: 0bv32, offset: 0bv32 })) [L590] havoc #t~mem13; [L591] FCALL call #t~mem7 := read~intINTTYPE4({ base: ~head~1!base, offset: ~head~1!offset }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short9) [L591] FCALL call #t~mem8 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(8bv32, ~head~1!offset) }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short11) [L591] FCALL call #t~mem10 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(16bv32, ~head~1!offset) }, 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND TRUE #t~short11 [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [?] CALL call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] #NULL := { base: 0bv32, offset: 0bv32 }; [?] #valid[0bv32] := 0bv1; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6 := dll_create(~len~0); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0 := { base: 0bv32, offset: 0bv32 }; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, #t~nondet3=5bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L579-L581] COND FALSE !(~head~0 != { base: 0bv32, offset: 0bv32 }) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, #t~nondet3=4bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, #t~nondet3=3bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, #t~nondet3=2bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, #t~nondet3=1bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L569-L584] COND TRUE !~bvsgt32(~len, 0bv32) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L585] #res := ~head~0; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #res!base=1274156531bv32, #res!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L589] RET call #t~ret6 := dll_create(~len~0); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~ret6!base=1274156531bv32, #t~ret6!offset=0bv32, ~len~0=5bv32] [L589] ~head~1 := #t~ret6; [L589] havoc #t~ret6; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590] FCALL call #t~mem13 := read~$Pointer$({ base: ~head~1!base, offset: ~bvadd32(4bv32, ~head~1!offset) }, 4bv32); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem13!base=3480255990bv32, #t~mem13!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590-L595] COND FALSE !(!(#t~mem13 != { base: 0bv32, offset: 0bv32 })) [L590] havoc #t~mem13; [L591] FCALL call #t~mem7 := read~intINTTYPE4({ base: ~head~1!base, offset: ~head~1!offset }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short9) [L591] FCALL call #t~mem8 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(8bv32, ~head~1!offset) }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short11) [L591] FCALL call #t~mem10 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(16bv32, ~head~1!offset) }, 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND TRUE #t~short11 [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] ----- ----- class de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] #NULL := { base: 0bv32, offset: 0bv32 }; [?] #valid[0bv32] := 0bv1; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, old(#NULL!base)=0bv32, old(#NULL!offset)=0bv32] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [?] CALL call #t~ret20 := main(); VAL [#NULL!base=0bv32, #NULL!offset=0bv32] [L588] ~len~0 := 5bv32; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~len~0=5bv32] [L589] CALL call #t~ret6 := dll_create(~len~0); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32] [L567-L586] ~len := #in~len; [L568] ~head~0 := { base: 0bv32, offset: 0bv32 }; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, #t~nondet3=5bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L579-L581] COND FALSE !(~head~0 != { base: 0bv32, offset: 0bv32 }) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=0bv32, ~head~0!offset=0bv32, ~len=5bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156530bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1274156530bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, #t~nondet3=4bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156530bv32, ~head~0!offset=0bv32, ~len=4bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1257403895bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1257403895bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, #t~nondet3=3bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1257403895bv32, ~head~0!offset=0bv32, ~len=3bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1730119417bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=1730119417bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, #t~nondet3=2bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=1730119417bv32, ~head~0!offset=0bv32, ~len=2bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=3480255990bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=3480255990bv32, ~new_head~0!offset=0bv32] [L569-L584] COND FALSE !(!~bvsgt32(~len, 0bv32)) [L570] FCALL call #t~malloc2 := #Ultimate.alloc(20bv32); [L570] ~new_head~0 := #t~malloc2; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L571] COND FALSE !({ base: 0bv32, offset: 0bv32 } == ~new_head~0) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L574] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4bv32); [L575] FCALL call write~intINTTYPE4(0bv32, { base: ~new_head~0!base, offset: ~bvadd32(8bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] COND TRUE #t~nondet3 == ~len [L576] #t~ite4 := 1bv32; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~ite4=1bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, #t~nondet3=1bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L576] FCALL call write~intINTTYPE4(#t~ite4, { base: ~new_head~0!base, offset: ~bvadd32(16bv32, ~new_head~0!offset) }, 4bv32); [L576] havoc #t~ite4; [L576] havoc #t~nondet3; [L577] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~bvadd32(4bv32, ~new_head~0!offset) }, 4bv32); [L578] FCALL call write~$Pointer$({ base: 0bv32, offset: 0bv32 }, { base: ~new_head~0!base, offset: ~bvadd32(12bv32, ~new_head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L579-L581] COND TRUE ~head~0 != { base: 0bv32, offset: 0bv32 } [L580] FCALL call write~$Pointer$(~new_head~0, { base: ~head~0!base, offset: ~bvadd32(12bv32, ~head~0!offset) }, 4bv32); VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=3480255990bv32, ~head~0!offset=0bv32, ~len=1bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L582] ~head~0 := ~new_head~0; [L583] #t~post5 := ~len; [L583] ~len := ~bvsub32(#t~post5, 1bv32); [L583] havoc #t~post5; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L569-L584] COND TRUE !~bvsgt32(~len, 0bv32) VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L585] #res := ~head~0; VAL [#in~len=5bv32, #NULL!base=0bv32, #NULL!offset=0bv32, #res!base=1274156531bv32, #res!offset=0bv32, #t~malloc2!base=1274156531bv32, #t~malloc2!offset=0bv32, ~head~0!base=1274156531bv32, ~head~0!offset=0bv32, ~len=0bv32, ~new_head~0!base=1274156531bv32, ~new_head~0!offset=0bv32] [L589] RET call #t~ret6 := dll_create(~len~0); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~ret6!base=1274156531bv32, #t~ret6!offset=0bv32, ~len~0=5bv32] [L589] ~head~1 := #t~ret6; [L589] havoc #t~ret6; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590] FCALL call #t~mem13 := read~$Pointer$({ base: ~head~1!base, offset: ~bvadd32(4bv32, ~head~1!offset) }, 4bv32); VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem13!base=3480255990bv32, #t~mem13!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L590-L595] COND FALSE !(!(#t~mem13 != { base: 0bv32, offset: 0bv32 })) [L590] havoc #t~mem13; [L591] FCALL call #t~mem7 := read~intINTTYPE4({ base: ~head~1!base, offset: ~head~1!offset }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem7; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short9) [L591] FCALL call #t~mem8 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(8bv32, ~head~1!offset) }, 4bv32); [L591] #t~short9 := 0bv32 != #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] #t~short11 := #t~short9; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=false, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND FALSE !(#t~short11) [L591] FCALL call #t~mem10 := read~intINTTYPE4({ base: ~head~1!base, offset: ~bvadd32(16bv32, ~head~1!offset) }, 4bv32); [L591] #t~short11 := 0bv32 != #t~mem10; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, #t~mem10=1bv32, #t~mem7=0bv32, #t~mem8=0bv32, #t~short11=true, #t~short9=false, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L591] COND TRUE #t~short11 [L591] havoc #t~mem10; [L591] havoc #t~short11; [L591] havoc #t~short9; [L591] havoc #t~mem7; [L591] havoc #t~mem8; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L605] assert false; VAL [#NULL!base=0bv32, #NULL!offset=0bv32, ~head~1!base=1274156531bv32, ~head~1!offset=0bv32, ~len~0=5bv32] [L588] const int len = 5; VAL [len=5] [L589] CALL, EXPR dll_create(len) VAL [\old(len)=5] [L568] DLL head = ((void *)0); VAL [\old(len)=5, head={0:0}, len=5] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=5, __VERIFIER_nondet_int() == len? 1 : 0=1, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L579] COND FALSE !(\read(head)) VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=4, __VERIFIER_nondet_int() == len? 1 : 0=1, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=3, __VERIFIER_nondet_int() == len? 1 : 0=1, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=2, __VERIFIER_nondet_int() == len? 1 : 0=1, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=1, __VERIFIER_nondet_int() == len? 1 : 0=1, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1274156531:0}, len=0, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L569] COND FALSE !(len > 0) VAL [\old(len)=5, head={1274156531:0}, len=0, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L585] return head; VAL [\old(len)=5, \result={1274156531:0}, head={1274156531:0}, len=0, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L589] RET, EXPR dll_create(len) VAL [dll_create(len)={1274156531:0}, len=5] [L589] DLL head = dll_create(len); [L590] head->next VAL [head={1274156531:0}, head->next={-814711306:0}, len=5] [L590] COND TRUE head->next [L591] EXPR head->data_0 [L591] EXPR 0 != head->data_0 || 0 != head->data_1 [L591] EXPR head->data_1 [L591] EXPR 0 != head->data_0 || 0 != head->data_1 VAL [0 != head->data_0 || 0 != head->data_1=0, head={1274156531:0}, head->data_0=0, head->data_1=0, len=5] [L591] 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2 [L591] EXPR head->data_2 [L591] 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2 VAL [0 != head->data_0 || 0 != head->data_1=0, 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2=1, head={1274156531:0}, head->data_0=0, head->data_1=0, head->data_2=1, len=5] [L591] COND TRUE 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2 [L605] __VERIFIER_error() VAL [head={1274156531:0}, len=5] ----- [2018-11-23 11:21:34,442 INFO L145 WitnessManager]: Wrote witness to /storage/repos/svcomp/c/list-ext3-properties/dll_nullified_false-unreach-call_false-valid-memcleanup.i-witness.graphml [2018-11-23 11:21:34,442 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2018-11-23 11:21:34,445 INFO L168 Benchmark]: Toolchain (without parser) took 56224.55 ms. Allocated memory was 1.5 GB in the beginning and 2.6 GB in the end (delta: 1.0 GB). Free memory was 1.4 GB in the beginning and 2.1 GB in the end (delta: -674.4 MB). Peak memory consumption was 338.0 MB. Max. memory is 7.1 GB. [2018-11-23 11:21:34,446 INFO L168 Benchmark]: CDTParser took 0.22 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-11-23 11:21:34,446 INFO L168 Benchmark]: CACSL2BoogieTranslator took 735.95 ms. Allocated memory was 1.5 GB in the beginning and 2.3 GB in the end (delta: 742.9 MB). Free memory was 1.4 GB in the beginning and 2.2 GB in the end (delta: -788.2 MB). Peak memory consumption was 49.4 MB. Max. memory is 7.1 GB. [2018-11-23 11:21:34,447 INFO L168 Benchmark]: Boogie Procedure Inliner took 40.88 ms. Allocated memory is still 2.3 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-11-23 11:21:34,447 INFO L168 Benchmark]: Boogie Preprocessor took 67.44 ms. Allocated memory is still 2.3 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-11-23 11:21:34,447 INFO L168 Benchmark]: RCFGBuilder took 1189.20 ms. Allocated memory is still 2.3 GB. Free memory was 2.2 GB in the beginning and 2.2 GB in the end (delta: 48.7 MB). Peak memory consumption was 48.7 MB. Max. memory is 7.1 GB. [2018-11-23 11:21:34,447 INFO L168 Benchmark]: TraceAbstraction took 54006.10 ms. Allocated memory was 2.3 GB in the beginning and 2.6 GB in the end (delta: 269.5 MB). Free memory was 2.2 GB in the beginning and 2.1 GB in the end (delta: 48.2 MB). Peak memory consumption was 317.7 MB. Max. memory is 7.1 GB. [2018-11-23 11:21:34,448 INFO L168 Benchmark]: Witness Printer took 175.97 ms. Allocated memory is still 2.6 GB. Free memory was 2.1 GB in the beginning and 2.1 GB in the end (delta: 16.9 MB). Peak memory consumption was 16.9 MB. Max. memory is 7.1 GB. [2018-11-23 11:21:34,450 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - GenericResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.22 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. * CACSL2BoogieTranslator took 735.95 ms. Allocated memory was 1.5 GB in the beginning and 2.3 GB in the end (delta: 742.9 MB). Free memory was 1.4 GB in the beginning and 2.2 GB in the end (delta: -788.2 MB). Peak memory consumption was 49.4 MB. Max. memory is 7.1 GB. * Boogie Procedure Inliner took 40.88 ms. Allocated memory is still 2.3 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. * Boogie Preprocessor took 67.44 ms. Allocated memory is still 2.3 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. * RCFGBuilder took 1189.20 ms. Allocated memory is still 2.3 GB. Free memory was 2.2 GB in the beginning and 2.2 GB in the end (delta: 48.7 MB). Peak memory consumption was 48.7 MB. Max. memory is 7.1 GB. * TraceAbstraction took 54006.10 ms. Allocated memory was 2.3 GB in the beginning and 2.6 GB in the end (delta: 269.5 MB). Free memory was 2.2 GB in the beginning and 2.1 GB in the end (delta: 48.2 MB). Peak memory consumption was 317.7 MB. Max. memory is 7.1 GB. * Witness Printer took 175.97 ms. Allocated memory is still 2.6 GB. Free memory was 2.1 GB in the beginning and 2.1 GB in the end (delta: 16.9 MB). Peak memory consumption was 16.9 MB. Max. memory is 7.1 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - CounterExampleResult [Line: 605]: a call of __VERIFIER_error() is reachable a call of __VERIFIER_error() is reachable We found a FailurePath: [L588] const int len = 5; VAL [len=5] [L589] CALL, EXPR dll_create(len) VAL [\old(len)=5] [L568] DLL head = ((void *)0); VAL [\old(len)=5, head={0:0}, len=5] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=5, __VERIFIER_nondet_int() == len? 1 : 0=1, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L579] COND FALSE !(\read(head)) VAL [\old(len)=5, head={0:0}, len=5, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1274156530:0}, new_head={1274156530:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=4, __VERIFIER_nondet_int() == len? 1 : 0=1, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={1274156530:0}, len=4, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1257403895:0}, new_head={1257403895:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=3, __VERIFIER_nondet_int() == len? 1 : 0=1, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={1257403895:0}, len=3, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={1730119417:0}, new_head={1730119417:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=2, __VERIFIER_nondet_int() == len? 1 : 0=1, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={1730119417:0}, len=2, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={-814711306:0}, new_head={-814711306:0}] [L569] COND TRUE len > 0 [L570] DLL new_head = (DLL) malloc(sizeof(struct node)); VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L571] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L574] new_head->data_0 = 0 [L575] new_head->data_1 = 0 VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L576] EXPR __VERIFIER_nondet_int() == len? 1 : 0 VAL [\old(len)=5, __VERIFIER_nondet_int()=1, __VERIFIER_nondet_int() == len? 1 : 0=1, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L576] new_head->data_2 = __VERIFIER_nondet_int() == len? 1 : 0 [L577] new_head->next = head [L578] new_head->prev = ((void *)0) VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L579] COND TRUE \read(head) [L580] head->prev = new_head VAL [\old(len)=5, head={-814711306:0}, len=1, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L582] head = new_head [L583] len-- VAL [\old(len)=5, head={1274156531:0}, len=0, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L569] COND FALSE !(len > 0) VAL [\old(len)=5, head={1274156531:0}, len=0, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L585] return head; VAL [\old(len)=5, \result={1274156531:0}, head={1274156531:0}, len=0, malloc(sizeof(struct node))={1274156531:0}, new_head={1274156531:0}] [L589] RET, EXPR dll_create(len) VAL [dll_create(len)={1274156531:0}, len=5] [L589] DLL head = dll_create(len); [L590] head->next VAL [head={1274156531:0}, head->next={-814711306:0}, len=5] [L590] COND TRUE head->next [L591] EXPR head->data_0 [L591] EXPR 0 != head->data_0 || 0 != head->data_1 [L591] EXPR head->data_1 [L591] EXPR 0 != head->data_0 || 0 != head->data_1 VAL [0 != head->data_0 || 0 != head->data_1=0, head={1274156531:0}, head->data_0=0, head->data_1=0, len=5] [L591] 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2 [L591] EXPR head->data_2 [L591] 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2 VAL [0 != head->data_0 || 0 != head->data_1=0, 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2=1, head={1274156531:0}, head->data_0=0, head->data_1=0, head->data_2=1, len=5] [L591] COND TRUE 0 != head->data_0 || 0 != head->data_1 || 0 != head->data_2 [L605] __VERIFIER_error() VAL [head={1274156531:0}, len=5] - StatisticsResult: Ultimate Automizer benchmark data CFG has 5 procedures, 42 locations, 1 error locations. UNSAFE Result, 53.9s OverallTime, 9 OverallIterations, 5 TraceHistogramMax, 34.3s AutomataDifference, 0.0s DeadEndRemovalTime, 0.0s HoareAnnotationTime, HoareTripleCheckerStatistics: 343 SDtfs, 470 SDslu, 1491 SDs, 0 SdLazy, 816 SolverSat, 60 SolverUnsat, 0 SolverUnknown, 0 SolverNotchecked, 5.9s Time, PredicateUnifierStatistics: 0 DeclaredPredicates, 484 GetRequests, 395 SyntacticMatches, 1 SemanticMatches, 88 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 154 ImplicationChecksByTransitivity, 6.0s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=66occurred in iteration=8, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s AbstIntTime, 0 AbstIntIterations, 0 AbstIntStrong, NaN AbsIntWeakeningRatio, NaN AbsIntAvgWeakeningVarsNumRemoved, NaN AbsIntAvgWeakenedConjuncts, 0.0s DumpTime, AutomataMinimizationStatistics: 0.5s AutomataMinimizationTime, 8 MinimizatonAttempts, 39 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TraceCheckStatistics: 0.1s SsaConstructionTime, 0.9s SatisfiabilityAnalysisTime, 15.5s InterpolantComputationTime, 320 NumberOfCodeBlocks, 313 NumberOfCodeBlocksAsserted, 14 NumberOfCheckSat, 450 ConstructedInterpolants, 3 QuantifiedInterpolants, 87348 SizeOfPredicates, 31 NumberOfNonLiveVariables, 880 ConjunctsInSsa, 57 ConjunctsInUnsatCore, 13 InterpolantComputations, 3 PerfectInterpolantSequences, 79/253 InterpolantCoveringCapability, InvariantSynthesisStatistics: No data available, InterpolantConsolidationStatistics: No data available, ReuseStatistics: No data available RESULT: Ultimate proved your program to be incorrect! Received shutdown request...