java -ea -Xmx8000000000 -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc ../../../trunk/examples/toolchains/AutomizerCInline_WitnessPrinter.xml -s ../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf -i ../../../trunk/examples/svcomp/list-ext3-properties/dll_nullified_true-unreach-call_true-valid-memsafety.i -------------------------------------------------------------------------------- This is Ultimate 0.1.23-61f4311 [2018-11-23 11:21:23,846 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-11-23 11:21:23,848 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-11-23 11:21:23,866 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-11-23 11:21:23,866 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-11-23 11:21:23,867 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-11-23 11:21:23,869 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-11-23 11:21:23,871 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-11-23 11:21:23,873 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-11-23 11:21:23,874 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-11-23 11:21:23,876 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-11-23 11:21:23,877 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-11-23 11:21:23,878 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2018-11-23 11:21:23,879 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-11-23 11:21:23,880 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2018-11-23 11:21:23,889 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-11-23 11:21:23,890 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-11-23 11:21:23,894 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-11-23 11:21:23,896 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-11-23 11:21:23,900 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-11-23 11:21:23,902 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-11-23 11:21:23,903 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-11-23 11:21:23,907 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-11-23 11:21:23,908 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-11-23 11:21:23,908 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2018-11-23 11:21:23,909 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-11-23 11:21:23,910 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-11-23 11:21:23,911 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2018-11-23 11:21:23,912 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-11-23 11:21:23,916 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-11-23 11:21:23,916 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-11-23 11:21:23,917 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-11-23 11:21:23,917 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2018-11-23 11:21:23,917 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2018-11-23 11:21:23,919 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-11-23 11:21:23,921 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-11-23 11:21:23,921 INFO L98 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf [2018-11-23 11:21:23,945 INFO L110 SettingsManager]: Loading preferences was successful [2018-11-23 11:21:23,945 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-11-23 11:21:23,946 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-11-23 11:21:23,946 INFO L133 SettingsManager]: * ... calls to implemented procedures=ONLY_FOR_CONCURRENT_PROGRAMS [2018-11-23 11:21:23,947 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2018-11-23 11:21:23,947 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2018-11-23 11:21:23,947 INFO L133 SettingsManager]: * Use SBE=true [2018-11-23 11:21:23,947 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-11-23 11:21:23,947 INFO L133 SettingsManager]: * sizeof long=4 [2018-11-23 11:21:23,948 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-11-23 11:21:23,948 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-11-23 11:21:23,948 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2018-11-23 11:21:23,948 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-11-23 11:21:23,948 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2018-11-23 11:21:23,949 INFO L133 SettingsManager]: * Use bitvectors instead of ints=true [2018-11-23 11:21:23,949 INFO L133 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2018-11-23 11:21:23,949 INFO L133 SettingsManager]: * sizeof long double=12 [2018-11-23 11:21:23,949 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2018-11-23 11:21:23,949 INFO L133 SettingsManager]: * Use constant arrays=true [2018-11-23 11:21:23,949 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2018-11-23 11:21:23,950 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-11-23 11:21:23,950 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-11-23 11:21:23,950 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-11-23 11:21:23,950 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-11-23 11:21:23,950 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:21:23,951 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-11-23 11:21:23,951 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-11-23 11:21:23,951 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-11-23 11:21:23,951 INFO L133 SettingsManager]: * Trace refinement strategy=WOLF [2018-11-23 11:21:23,951 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-11-23 11:21:23,952 INFO L133 SettingsManager]: * Command for external solver=cvc4nyu --tear-down-incremental --rewrite-divk --print-success --lang smt [2018-11-23 11:21:23,952 INFO L133 SettingsManager]: * Logic for external solver=AUFBV [2018-11-23 11:21:23,952 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2018-11-23 11:21:24,012 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-11-23 11:21:24,029 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2018-11-23 11:21:24,033 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2018-11-23 11:21:24,035 INFO L271 PluginConnector]: Initializing CDTParser... [2018-11-23 11:21:24,035 INFO L276 PluginConnector]: CDTParser initialized [2018-11-23 11:21:24,036 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/list-ext3-properties/dll_nullified_true-unreach-call_true-valid-memsafety.i [2018-11-23 11:21:24,094 INFO L221 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/8362c0c2b/23c34911883548928f055e005f6561bd/FLAGa1564e2ab [2018-11-23 11:21:24,626 INFO L307 CDTParser]: Found 1 translation units. [2018-11-23 11:21:24,627 INFO L161 CDTParser]: Scanning /storage/repos/ultimate/trunk/examples/svcomp/list-ext3-properties/dll_nullified_true-unreach-call_true-valid-memsafety.i [2018-11-23 11:21:24,638 INFO L355 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/8362c0c2b/23c34911883548928f055e005f6561bd/FLAGa1564e2ab [2018-11-23 11:21:24,883 INFO L363 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/8362c0c2b/23c34911883548928f055e005f6561bd [2018-11-23 11:21:24,893 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-11-23 11:21:24,894 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2018-11-23 11:21:24,895 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-11-23 11:21:24,895 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-11-23 11:21:24,899 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-11-23 11:21:24,901 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:21:24" (1/1) ... [2018-11-23 11:21:24,903 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@49b4c4a2 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:24, skipping insertion in model container [2018-11-23 11:21:24,904 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:21:24" (1/1) ... [2018-11-23 11:21:24,914 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2018-11-23 11:21:24,973 INFO L176 MainTranslator]: Built tables and reachable declarations [2018-11-23 11:21:25,408 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:21:25,428 INFO L191 MainTranslator]: Completed pre-run [2018-11-23 11:21:25,578 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:21:25,633 INFO L195 MainTranslator]: Completed translation [2018-11-23 11:21:25,633 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25 WrapperNode [2018-11-23 11:21:25,634 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-11-23 11:21:25,634 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2018-11-23 11:21:25,635 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2018-11-23 11:21:25,635 INFO L276 PluginConnector]: Boogie Procedure Inliner initialized [2018-11-23 11:21:25,644 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25" (1/1) ... [2018-11-23 11:21:25,666 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25" (1/1) ... [2018-11-23 11:21:25,675 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2018-11-23 11:21:25,675 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-11-23 11:21:25,675 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-11-23 11:21:25,675 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-11-23 11:21:25,683 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25" (1/1) ... [2018-11-23 11:21:25,683 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25" (1/1) ... [2018-11-23 11:21:25,689 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25" (1/1) ... [2018-11-23 11:21:25,689 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25" (1/1) ... [2018-11-23 11:21:25,715 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25" (1/1) ... [2018-11-23 11:21:25,724 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25" (1/1) ... [2018-11-23 11:21:25,727 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25" (1/1) ... [2018-11-23 11:21:25,731 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-11-23 11:21:25,732 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-11-23 11:21:25,732 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-11-23 11:21:25,732 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-11-23 11:21:25,733 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:21:25,782 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-11-23 11:21:25,782 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE4 [2018-11-23 11:21:25,782 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2018-11-23 11:21:25,782 INFO L138 BoogieDeclarations]: Found implementation of procedure exit [2018-11-23 11:21:25,782 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-11-23 11:21:25,782 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-11-23 11:21:25,782 INFO L130 BoogieDeclarations]: Found specification of procedure main [2018-11-23 11:21:25,783 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2018-11-23 11:21:25,783 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2018-11-23 11:21:25,783 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2018-11-23 11:21:25,783 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2018-11-23 11:21:25,783 INFO L130 BoogieDeclarations]: Found specification of procedure write~intINTTYPE4 [2018-11-23 11:21:25,784 INFO L130 BoogieDeclarations]: Found specification of procedure dll_create [2018-11-23 11:21:25,784 INFO L138 BoogieDeclarations]: Found implementation of procedure dll_create [2018-11-23 11:21:25,784 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-11-23 11:21:25,784 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-11-23 11:21:27,678 INFO L275 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-11-23 11:21:27,678 INFO L280 CfgBuilder]: Removed 3 assue(true) statements. [2018-11-23 11:21:27,679 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:21:27 BoogieIcfgContainer [2018-11-23 11:21:27,679 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-11-23 11:21:27,680 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2018-11-23 11:21:27,680 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2018-11-23 11:21:27,683 INFO L276 PluginConnector]: TraceAbstraction initialized [2018-11-23 11:21:27,683 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 23.11 11:21:24" (1/3) ... [2018-11-23 11:21:27,684 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@55d02bdd and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:21:27, skipping insertion in model container [2018-11-23 11:21:27,684 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:21:25" (2/3) ... [2018-11-23 11:21:27,685 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@55d02bdd and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:21:27, skipping insertion in model container [2018-11-23 11:21:27,685 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:21:27" (3/3) ... [2018-11-23 11:21:27,686 INFO L112 eAbstractionObserver]: Analyzing ICFG dll_nullified_true-unreach-call_true-valid-memsafety.i [2018-11-23 11:21:27,695 INFO L156 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2018-11-23 11:21:27,702 INFO L168 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2018-11-23 11:21:27,716 INFO L257 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2018-11-23 11:21:27,744 INFO L133 ementStrategyFactory]: Using default assertion order modulation [2018-11-23 11:21:27,745 INFO L382 AbstractCegarLoop]: Interprodecural is true [2018-11-23 11:21:27,745 INFO L383 AbstractCegarLoop]: Hoare is true [2018-11-23 11:21:27,745 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2018-11-23 11:21:27,747 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2018-11-23 11:21:27,747 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2018-11-23 11:21:27,747 INFO L387 AbstractCegarLoop]: Difference is false [2018-11-23 11:21:27,747 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2018-11-23 11:21:27,748 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2018-11-23 11:21:27,767 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states. [2018-11-23 11:21:27,774 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2018-11-23 11:21:27,774 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:21:27,775 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:21:27,777 INFO L423 AbstractCegarLoop]: === Iteration 1 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:21:27,781 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:21:27,782 INFO L82 PathProgramCache]: Analyzing trace with hash 988582603, now seen corresponding path program 1 times [2018-11-23 11:21:27,785 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:21:27,786 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:21:27,803 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:21:27,859 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:27,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:27,885 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:21:27,958 INFO L256 TraceCheckUtils]: 0: Hoare triple {41#true} call ULTIMATE.init(); {41#true} is VALID [2018-11-23 11:21:27,962 INFO L273 TraceCheckUtils]: 1: Hoare triple {41#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {41#true} is VALID [2018-11-23 11:21:27,962 INFO L273 TraceCheckUtils]: 2: Hoare triple {41#true} assume true; {41#true} is VALID [2018-11-23 11:21:27,963 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {41#true} {41#true} #110#return; {41#true} is VALID [2018-11-23 11:21:27,963 INFO L256 TraceCheckUtils]: 4: Hoare triple {41#true} call #t~ret18 := main(); {41#true} is VALID [2018-11-23 11:21:27,963 INFO L273 TraceCheckUtils]: 5: Hoare triple {41#true} ~len~0 := 5bv32; {41#true} is VALID [2018-11-23 11:21:27,964 INFO L256 TraceCheckUtils]: 6: Hoare triple {41#true} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {41#true} is VALID [2018-11-23 11:21:27,964 INFO L273 TraceCheckUtils]: 7: Hoare triple {41#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {41#true} is VALID [2018-11-23 11:21:27,980 INFO L273 TraceCheckUtils]: 8: Hoare triple {41#true} assume !true; {42#false} is VALID [2018-11-23 11:21:27,980 INFO L273 TraceCheckUtils]: 9: Hoare triple {42#false} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {42#false} is VALID [2018-11-23 11:21:27,981 INFO L273 TraceCheckUtils]: 10: Hoare triple {42#false} assume true; {42#false} is VALID [2018-11-23 11:21:27,981 INFO L268 TraceCheckUtils]: 11: Hoare quadruple {42#false} {41#true} #114#return; {42#false} is VALID [2018-11-23 11:21:27,981 INFO L273 TraceCheckUtils]: 12: Hoare triple {42#false} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {42#false} is VALID [2018-11-23 11:21:27,982 INFO L273 TraceCheckUtils]: 13: Hoare triple {42#false} assume !true; {42#false} is VALID [2018-11-23 11:21:27,982 INFO L273 TraceCheckUtils]: 14: Hoare triple {42#false} assume !!(~head~1.base != 0bv32 || ~head~1.offset != 0bv32);call #t~mem12.base, #t~mem12.offset := read~$Pointer$(~head~1.base, ~bvadd32(12bv32, ~head~1.offset), 4bv32);~temp~0.base, ~temp~0.offset := #t~mem12.base, #t~mem12.offset;havoc #t~mem12.base, #t~mem12.offset;call #t~mem13 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short15 := 0bv32 != #t~mem13; {42#false} is VALID [2018-11-23 11:21:27,983 INFO L273 TraceCheckUtils]: 15: Hoare triple {42#false} assume #t~short15; {42#false} is VALID [2018-11-23 11:21:27,983 INFO L273 TraceCheckUtils]: 16: Hoare triple {42#false} #t~short17 := #t~short15; {42#false} is VALID [2018-11-23 11:21:27,984 INFO L273 TraceCheckUtils]: 17: Hoare triple {42#false} assume #t~short17; {42#false} is VALID [2018-11-23 11:21:27,984 INFO L273 TraceCheckUtils]: 18: Hoare triple {42#false} assume #t~short17;havoc #t~mem16;havoc #t~short15;havoc #t~mem14;havoc #t~mem13;havoc #t~short17; {42#false} is VALID [2018-11-23 11:21:27,984 INFO L273 TraceCheckUtils]: 19: Hoare triple {42#false} assume !false; {42#false} is VALID [2018-11-23 11:21:27,989 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:21:27,990 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:21:28,000 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:21:28,001 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2018-11-23 11:21:28,006 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 20 [2018-11-23 11:21:28,009 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:21:28,013 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states. [2018-11-23 11:21:28,080 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:28,081 INFO L459 AbstractCegarLoop]: Interpolant automaton has 2 states [2018-11-23 11:21:28,089 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2018-11-23 11:21:28,090 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:21:28,092 INFO L87 Difference]: Start difference. First operand 38 states. Second operand 2 states. [2018-11-23 11:21:29,524 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:29,525 INFO L93 Difference]: Finished difference Result 60 states and 82 transitions. [2018-11-23 11:21:29,525 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2018-11-23 11:21:29,525 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 20 [2018-11-23 11:21:29,525 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:21:29,527 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:21:29,542 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 82 transitions. [2018-11-23 11:21:29,542 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:21:29,547 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 82 transitions. [2018-11-23 11:21:29,547 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 82 transitions. [2018-11-23 11:21:30,087 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 82 edges. 82 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:30,103 INFO L225 Difference]: With dead ends: 60 [2018-11-23 11:21:30,103 INFO L226 Difference]: Without dead ends: 30 [2018-11-23 11:21:30,107 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 19 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:21:30,130 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 30 states. [2018-11-23 11:21:30,262 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 30 to 30. [2018-11-23 11:21:30,262 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:21:30,263 INFO L82 GeneralOperation]: Start isEquivalent. First operand 30 states. Second operand 30 states. [2018-11-23 11:21:30,264 INFO L74 IsIncluded]: Start isIncluded. First operand 30 states. Second operand 30 states. [2018-11-23 11:21:30,264 INFO L87 Difference]: Start difference. First operand 30 states. Second operand 30 states. [2018-11-23 11:21:30,269 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:30,269 INFO L93 Difference]: Finished difference Result 30 states and 38 transitions. [2018-11-23 11:21:30,269 INFO L276 IsEmpty]: Start isEmpty. Operand 30 states and 38 transitions. [2018-11-23 11:21:30,270 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:30,270 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:30,270 INFO L74 IsIncluded]: Start isIncluded. First operand 30 states. Second operand 30 states. [2018-11-23 11:21:30,271 INFO L87 Difference]: Start difference. First operand 30 states. Second operand 30 states. [2018-11-23 11:21:30,275 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:30,275 INFO L93 Difference]: Finished difference Result 30 states and 38 transitions. [2018-11-23 11:21:30,275 INFO L276 IsEmpty]: Start isEmpty. Operand 30 states and 38 transitions. [2018-11-23 11:21:30,276 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:30,276 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:30,276 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:21:30,276 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:21:30,277 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 30 states. [2018-11-23 11:21:30,279 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 30 states to 30 states and 38 transitions. [2018-11-23 11:21:30,282 INFO L78 Accepts]: Start accepts. Automaton has 30 states and 38 transitions. Word has length 20 [2018-11-23 11:21:30,282 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:21:30,282 INFO L480 AbstractCegarLoop]: Abstraction has 30 states and 38 transitions. [2018-11-23 11:21:30,283 INFO L481 AbstractCegarLoop]: Interpolant automaton has 2 states. [2018-11-23 11:21:30,283 INFO L276 IsEmpty]: Start isEmpty. Operand 30 states and 38 transitions. [2018-11-23 11:21:30,285 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2018-11-23 11:21:30,285 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:21:30,285 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:21:30,285 INFO L423 AbstractCegarLoop]: === Iteration 2 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:21:30,286 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:21:30,286 INFO L82 PathProgramCache]: Analyzing trace with hash 1260304420, now seen corresponding path program 1 times [2018-11-23 11:21:30,286 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:21:30,286 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:21:30,318 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:21:30,346 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:30,376 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:30,377 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:21:30,762 INFO L256 TraceCheckUtils]: 0: Hoare triple {275#true} call ULTIMATE.init(); {275#true} is VALID [2018-11-23 11:21:30,763 INFO L273 TraceCheckUtils]: 1: Hoare triple {275#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {275#true} is VALID [2018-11-23 11:21:30,763 INFO L273 TraceCheckUtils]: 2: Hoare triple {275#true} assume true; {275#true} is VALID [2018-11-23 11:21:30,763 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {275#true} {275#true} #110#return; {275#true} is VALID [2018-11-23 11:21:30,764 INFO L256 TraceCheckUtils]: 4: Hoare triple {275#true} call #t~ret18 := main(); {275#true} is VALID [2018-11-23 11:21:30,764 INFO L273 TraceCheckUtils]: 5: Hoare triple {275#true} ~len~0 := 5bv32; {275#true} is VALID [2018-11-23 11:21:30,764 INFO L256 TraceCheckUtils]: 6: Hoare triple {275#true} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {275#true} is VALID [2018-11-23 11:21:30,765 INFO L273 TraceCheckUtils]: 7: Hoare triple {275#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {275#true} is VALID [2018-11-23 11:21:30,765 INFO L273 TraceCheckUtils]: 8: Hoare triple {275#true} assume !~bvsgt32(~len, 0bv32); {275#true} is VALID [2018-11-23 11:21:30,765 INFO L273 TraceCheckUtils]: 9: Hoare triple {275#true} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {275#true} is VALID [2018-11-23 11:21:30,765 INFO L273 TraceCheckUtils]: 10: Hoare triple {275#true} assume true; {275#true} is VALID [2018-11-23 11:21:30,766 INFO L268 TraceCheckUtils]: 11: Hoare quadruple {275#true} {275#true} #114#return; {275#true} is VALID [2018-11-23 11:21:30,766 INFO L273 TraceCheckUtils]: 12: Hoare triple {275#true} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {275#true} is VALID [2018-11-23 11:21:30,766 INFO L273 TraceCheckUtils]: 13: Hoare triple {275#true} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {275#true} is VALID [2018-11-23 11:21:30,766 INFO L273 TraceCheckUtils]: 14: Hoare triple {275#true} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {275#true} is VALID [2018-11-23 11:21:30,767 INFO L273 TraceCheckUtils]: 15: Hoare triple {275#true} assume #t~short7; {325#|main_#t~short7|} is VALID [2018-11-23 11:21:30,768 INFO L273 TraceCheckUtils]: 16: Hoare triple {325#|main_#t~short7|} #t~short9 := #t~short7; {329#|main_#t~short9|} is VALID [2018-11-23 11:21:30,768 INFO L273 TraceCheckUtils]: 17: Hoare triple {329#|main_#t~short9|} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {276#false} is VALID [2018-11-23 11:21:30,768 INFO L273 TraceCheckUtils]: 18: Hoare triple {276#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {276#false} is VALID [2018-11-23 11:21:30,769 INFO L273 TraceCheckUtils]: 19: Hoare triple {276#false} assume !false; {276#false} is VALID [2018-11-23 11:21:30,771 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:21:30,771 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:21:30,775 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:21:30,775 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2018-11-23 11:21:30,780 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 20 [2018-11-23 11:21:30,780 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:21:30,780 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2018-11-23 11:21:30,882 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:30,882 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2018-11-23 11:21:30,883 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2018-11-23 11:21:30,883 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2018-11-23 11:21:30,883 INFO L87 Difference]: Start difference. First operand 30 states and 38 transitions. Second operand 4 states. [2018-11-23 11:21:34,140 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:34,140 INFO L93 Difference]: Finished difference Result 47 states and 64 transitions. [2018-11-23 11:21:34,141 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2018-11-23 11:21:34,141 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 20 [2018-11-23 11:21:34,141 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:21:34,141 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-23 11:21:34,144 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 64 transitions. [2018-11-23 11:21:34,145 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-11-23 11:21:34,147 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 64 transitions. [2018-11-23 11:21:34,147 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 64 transitions. [2018-11-23 11:21:34,260 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 64 edges. 64 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:34,262 INFO L225 Difference]: With dead ends: 47 [2018-11-23 11:21:34,262 INFO L226 Difference]: Without dead ends: 34 [2018-11-23 11:21:34,263 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 17 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2018-11-23 11:21:34,264 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 34 states. [2018-11-23 11:21:34,278 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 34 to 33. [2018-11-23 11:21:34,278 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:21:34,278 INFO L82 GeneralOperation]: Start isEquivalent. First operand 34 states. Second operand 33 states. [2018-11-23 11:21:34,278 INFO L74 IsIncluded]: Start isIncluded. First operand 34 states. Second operand 33 states. [2018-11-23 11:21:34,278 INFO L87 Difference]: Start difference. First operand 34 states. Second operand 33 states. [2018-11-23 11:21:34,281 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:34,281 INFO L93 Difference]: Finished difference Result 34 states and 42 transitions. [2018-11-23 11:21:34,281 INFO L276 IsEmpty]: Start isEmpty. Operand 34 states and 42 transitions. [2018-11-23 11:21:34,282 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:34,282 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:34,282 INFO L74 IsIncluded]: Start isIncluded. First operand 33 states. Second operand 34 states. [2018-11-23 11:21:34,282 INFO L87 Difference]: Start difference. First operand 33 states. Second operand 34 states. [2018-11-23 11:21:34,285 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:34,285 INFO L93 Difference]: Finished difference Result 34 states and 42 transitions. [2018-11-23 11:21:34,286 INFO L276 IsEmpty]: Start isEmpty. Operand 34 states and 42 transitions. [2018-11-23 11:21:34,286 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:34,286 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:34,287 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:21:34,287 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:21:34,287 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 33 states. [2018-11-23 11:21:34,289 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 33 states to 33 states and 41 transitions. [2018-11-23 11:21:34,289 INFO L78 Accepts]: Start accepts. Automaton has 33 states and 41 transitions. Word has length 20 [2018-11-23 11:21:34,290 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:21:34,290 INFO L480 AbstractCegarLoop]: Abstraction has 33 states and 41 transitions. [2018-11-23 11:21:34,290 INFO L481 AbstractCegarLoop]: Interpolant automaton has 4 states. [2018-11-23 11:21:34,290 INFO L276 IsEmpty]: Start isEmpty. Operand 33 states and 41 transitions. [2018-11-23 11:21:34,291 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2018-11-23 11:21:34,291 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:21:34,291 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:21:34,291 INFO L423 AbstractCegarLoop]: === Iteration 3 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:21:34,292 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:21:34,292 INFO L82 PathProgramCache]: Analyzing trace with hash 1260302498, now seen corresponding path program 1 times [2018-11-23 11:21:34,292 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:21:34,292 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:21:34,312 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:21:34,344 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:34,376 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:34,379 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:21:34,510 INFO L256 TraceCheckUtils]: 0: Hoare triple {508#true} call ULTIMATE.init(); {508#true} is VALID [2018-11-23 11:21:34,510 INFO L273 TraceCheckUtils]: 1: Hoare triple {508#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {508#true} is VALID [2018-11-23 11:21:34,510 INFO L273 TraceCheckUtils]: 2: Hoare triple {508#true} assume true; {508#true} is VALID [2018-11-23 11:21:34,511 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {508#true} {508#true} #110#return; {508#true} is VALID [2018-11-23 11:21:34,511 INFO L256 TraceCheckUtils]: 4: Hoare triple {508#true} call #t~ret18 := main(); {508#true} is VALID [2018-11-23 11:21:34,513 INFO L273 TraceCheckUtils]: 5: Hoare triple {508#true} ~len~0 := 5bv32; {528#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} is VALID [2018-11-23 11:21:34,514 INFO L256 TraceCheckUtils]: 6: Hoare triple {528#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {508#true} is VALID [2018-11-23 11:21:34,514 INFO L273 TraceCheckUtils]: 7: Hoare triple {508#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {535#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:34,515 INFO L273 TraceCheckUtils]: 8: Hoare triple {535#(= dll_create_~len |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {539#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} is VALID [2018-11-23 11:21:34,515 INFO L273 TraceCheckUtils]: 9: Hoare triple {539#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {539#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} is VALID [2018-11-23 11:21:34,516 INFO L273 TraceCheckUtils]: 10: Hoare triple {539#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} assume true; {539#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} is VALID [2018-11-23 11:21:34,521 INFO L268 TraceCheckUtils]: 11: Hoare quadruple {539#(not (bvsgt |dll_create_#in~len| (_ bv0 32)))} {528#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} #114#return; {509#false} is VALID [2018-11-23 11:21:34,521 INFO L273 TraceCheckUtils]: 12: Hoare triple {509#false} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {509#false} is VALID [2018-11-23 11:21:34,521 INFO L273 TraceCheckUtils]: 13: Hoare triple {509#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {509#false} is VALID [2018-11-23 11:21:34,522 INFO L273 TraceCheckUtils]: 14: Hoare triple {509#false} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {509#false} is VALID [2018-11-23 11:21:34,522 INFO L273 TraceCheckUtils]: 15: Hoare triple {509#false} assume #t~short7; {509#false} is VALID [2018-11-23 11:21:34,522 INFO L273 TraceCheckUtils]: 16: Hoare triple {509#false} #t~short9 := #t~short7; {509#false} is VALID [2018-11-23 11:21:34,522 INFO L273 TraceCheckUtils]: 17: Hoare triple {509#false} assume #t~short9; {509#false} is VALID [2018-11-23 11:21:34,523 INFO L273 TraceCheckUtils]: 18: Hoare triple {509#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {509#false} is VALID [2018-11-23 11:21:34,523 INFO L273 TraceCheckUtils]: 19: Hoare triple {509#false} assume !false; {509#false} is VALID [2018-11-23 11:21:34,524 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:21:34,524 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:21:34,526 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:21:34,526 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2018-11-23 11:21:34,526 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 20 [2018-11-23 11:21:34,527 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:21:34,527 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2018-11-23 11:21:34,563 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:34,564 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2018-11-23 11:21:34,564 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2018-11-23 11:21:34,564 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2018-11-23 11:21:34,565 INFO L87 Difference]: Start difference. First operand 33 states and 41 transitions. Second operand 5 states. [2018-11-23 11:21:38,687 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:38,688 INFO L93 Difference]: Finished difference Result 58 states and 74 transitions. [2018-11-23 11:21:38,688 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2018-11-23 11:21:38,688 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 20 [2018-11-23 11:21:38,689 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:21:38,689 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2018-11-23 11:21:38,692 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 68 transitions. [2018-11-23 11:21:38,692 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2018-11-23 11:21:38,695 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 68 transitions. [2018-11-23 11:21:38,695 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 68 transitions. [2018-11-23 11:21:38,966 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 68 edges. 68 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:38,969 INFO L225 Difference]: With dead ends: 58 [2018-11-23 11:21:38,969 INFO L226 Difference]: Without dead ends: 38 [2018-11-23 11:21:38,970 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 16 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2018-11-23 11:21:38,970 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 38 states. [2018-11-23 11:21:38,987 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 38 to 34. [2018-11-23 11:21:38,988 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:21:38,988 INFO L82 GeneralOperation]: Start isEquivalent. First operand 38 states. Second operand 34 states. [2018-11-23 11:21:38,988 INFO L74 IsIncluded]: Start isIncluded. First operand 38 states. Second operand 34 states. [2018-11-23 11:21:38,988 INFO L87 Difference]: Start difference. First operand 38 states. Second operand 34 states. [2018-11-23 11:21:38,991 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:38,991 INFO L93 Difference]: Finished difference Result 38 states and 47 transitions. [2018-11-23 11:21:38,991 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states and 47 transitions. [2018-11-23 11:21:38,992 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:38,992 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:38,992 INFO L74 IsIncluded]: Start isIncluded. First operand 34 states. Second operand 38 states. [2018-11-23 11:21:38,993 INFO L87 Difference]: Start difference. First operand 34 states. Second operand 38 states. [2018-11-23 11:21:38,995 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:38,995 INFO L93 Difference]: Finished difference Result 38 states and 47 transitions. [2018-11-23 11:21:38,996 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states and 47 transitions. [2018-11-23 11:21:38,996 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:38,997 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:38,997 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:21:38,997 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:21:38,997 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 34 states. [2018-11-23 11:21:38,999 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 34 states to 34 states and 42 transitions. [2018-11-23 11:21:38,999 INFO L78 Accepts]: Start accepts. Automaton has 34 states and 42 transitions. Word has length 20 [2018-11-23 11:21:39,000 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:21:39,000 INFO L480 AbstractCegarLoop]: Abstraction has 34 states and 42 transitions. [2018-11-23 11:21:39,000 INFO L481 AbstractCegarLoop]: Interpolant automaton has 5 states. [2018-11-23 11:21:39,000 INFO L276 IsEmpty]: Start isEmpty. Operand 34 states and 42 transitions. [2018-11-23 11:21:39,001 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2018-11-23 11:21:39,001 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:21:39,001 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:21:39,002 INFO L423 AbstractCegarLoop]: === Iteration 4 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:21:39,002 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:21:39,002 INFO L82 PathProgramCache]: Analyzing trace with hash 1673054840, now seen corresponding path program 1 times [2018-11-23 11:21:39,003 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:21:39,003 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:21:39,030 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:21:39,068 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:39,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:39,096 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:21:39,202 INFO L256 TraceCheckUtils]: 0: Hoare triple {764#true} call ULTIMATE.init(); {764#true} is VALID [2018-11-23 11:21:39,203 INFO L273 TraceCheckUtils]: 1: Hoare triple {764#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {764#true} is VALID [2018-11-23 11:21:39,203 INFO L273 TraceCheckUtils]: 2: Hoare triple {764#true} assume true; {764#true} is VALID [2018-11-23 11:21:39,204 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {764#true} {764#true} #110#return; {764#true} is VALID [2018-11-23 11:21:39,204 INFO L256 TraceCheckUtils]: 4: Hoare triple {764#true} call #t~ret18 := main(); {764#true} is VALID [2018-11-23 11:21:39,205 INFO L273 TraceCheckUtils]: 5: Hoare triple {764#true} ~len~0 := 5bv32; {764#true} is VALID [2018-11-23 11:21:39,205 INFO L256 TraceCheckUtils]: 6: Hoare triple {764#true} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {764#true} is VALID [2018-11-23 11:21:39,206 INFO L273 TraceCheckUtils]: 7: Hoare triple {764#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {790#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:21:39,208 INFO L273 TraceCheckUtils]: 8: Hoare triple {790#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {790#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:21:39,209 INFO L273 TraceCheckUtils]: 9: Hoare triple {790#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {790#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:21:39,210 INFO L273 TraceCheckUtils]: 10: Hoare triple {790#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {790#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} is VALID [2018-11-23 11:21:39,211 INFO L273 TraceCheckUtils]: 11: Hoare triple {790#(and (= (_ bv0 32) dll_create_~head~0.base) (= (_ bv0 32) dll_create_~head~0.offset))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {765#false} is VALID [2018-11-23 11:21:39,211 INFO L273 TraceCheckUtils]: 12: Hoare triple {765#false} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {765#false} is VALID [2018-11-23 11:21:39,212 INFO L273 TraceCheckUtils]: 13: Hoare triple {765#false} assume !~bvsgt32(~len, 0bv32); {765#false} is VALID [2018-11-23 11:21:39,212 INFO L273 TraceCheckUtils]: 14: Hoare triple {765#false} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {765#false} is VALID [2018-11-23 11:21:39,212 INFO L273 TraceCheckUtils]: 15: Hoare triple {765#false} assume true; {765#false} is VALID [2018-11-23 11:21:39,212 INFO L268 TraceCheckUtils]: 16: Hoare quadruple {765#false} {764#true} #114#return; {765#false} is VALID [2018-11-23 11:21:39,212 INFO L273 TraceCheckUtils]: 17: Hoare triple {765#false} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {765#false} is VALID [2018-11-23 11:21:39,213 INFO L273 TraceCheckUtils]: 18: Hoare triple {765#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {765#false} is VALID [2018-11-23 11:21:39,213 INFO L273 TraceCheckUtils]: 19: Hoare triple {765#false} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {765#false} is VALID [2018-11-23 11:21:39,213 INFO L273 TraceCheckUtils]: 20: Hoare triple {765#false} assume #t~short7; {765#false} is VALID [2018-11-23 11:21:39,214 INFO L273 TraceCheckUtils]: 21: Hoare triple {765#false} #t~short9 := #t~short7; {765#false} is VALID [2018-11-23 11:21:39,214 INFO L273 TraceCheckUtils]: 22: Hoare triple {765#false} assume #t~short9; {765#false} is VALID [2018-11-23 11:21:39,215 INFO L273 TraceCheckUtils]: 23: Hoare triple {765#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {765#false} is VALID [2018-11-23 11:21:39,215 INFO L273 TraceCheckUtils]: 24: Hoare triple {765#false} assume !false; {765#false} is VALID [2018-11-23 11:21:39,216 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:21:39,216 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:21:39,218 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:21:39,218 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2018-11-23 11:21:39,218 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 25 [2018-11-23 11:21:39,219 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:21:39,219 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2018-11-23 11:21:39,296 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:39,296 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2018-11-23 11:21:39,296 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2018-11-23 11:21:39,296 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:21:39,297 INFO L87 Difference]: Start difference. First operand 34 states and 42 transitions. Second operand 3 states. [2018-11-23 11:21:42,536 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:42,537 INFO L93 Difference]: Finished difference Result 63 states and 80 transitions. [2018-11-23 11:21:42,537 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2018-11-23 11:21:42,537 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 25 [2018-11-23 11:21:42,537 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:21:42,537 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:21:42,540 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 74 transitions. [2018-11-23 11:21:42,540 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:21:42,542 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 74 transitions. [2018-11-23 11:21:42,543 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 74 transitions. [2018-11-23 11:21:42,661 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 74 edges. 74 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:42,664 INFO L225 Difference]: With dead ends: 63 [2018-11-23 11:21:42,664 INFO L226 Difference]: Without dead ends: 38 [2018-11-23 11:21:42,665 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 24 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:21:42,665 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 38 states. [2018-11-23 11:21:42,680 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 38 to 37. [2018-11-23 11:21:42,680 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:21:42,680 INFO L82 GeneralOperation]: Start isEquivalent. First operand 38 states. Second operand 37 states. [2018-11-23 11:21:42,680 INFO L74 IsIncluded]: Start isIncluded. First operand 38 states. Second operand 37 states. [2018-11-23 11:21:42,681 INFO L87 Difference]: Start difference. First operand 38 states. Second operand 37 states. [2018-11-23 11:21:42,683 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:42,683 INFO L93 Difference]: Finished difference Result 38 states and 46 transitions. [2018-11-23 11:21:42,683 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states and 46 transitions. [2018-11-23 11:21:42,684 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:42,684 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:42,684 INFO L74 IsIncluded]: Start isIncluded. First operand 37 states. Second operand 38 states. [2018-11-23 11:21:42,684 INFO L87 Difference]: Start difference. First operand 37 states. Second operand 38 states. [2018-11-23 11:21:42,686 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:42,687 INFO L93 Difference]: Finished difference Result 38 states and 46 transitions. [2018-11-23 11:21:42,687 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states and 46 transitions. [2018-11-23 11:21:42,688 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:42,688 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:42,688 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:21:42,688 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:21:42,688 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 37 states. [2018-11-23 11:21:42,690 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 37 states to 37 states and 45 transitions. [2018-11-23 11:21:42,690 INFO L78 Accepts]: Start accepts. Automaton has 37 states and 45 transitions. Word has length 25 [2018-11-23 11:21:42,691 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:21:42,691 INFO L480 AbstractCegarLoop]: Abstraction has 37 states and 45 transitions. [2018-11-23 11:21:42,691 INFO L481 AbstractCegarLoop]: Interpolant automaton has 3 states. [2018-11-23 11:21:42,691 INFO L276 IsEmpty]: Start isEmpty. Operand 37 states and 45 transitions. [2018-11-23 11:21:42,692 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2018-11-23 11:21:42,692 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:21:42,692 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:21:42,693 INFO L423 AbstractCegarLoop]: === Iteration 5 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:21:42,693 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:21:42,693 INFO L82 PathProgramCache]: Analyzing trace with hash 661937590, now seen corresponding path program 1 times [2018-11-23 11:21:42,694 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:21:42,694 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:21:42,711 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:21:42,757 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:42,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:42,771 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:21:42,880 INFO L256 TraceCheckUtils]: 0: Hoare triple {1040#true} call ULTIMATE.init(); {1040#true} is VALID [2018-11-23 11:21:42,881 INFO L273 TraceCheckUtils]: 1: Hoare triple {1040#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1040#true} is VALID [2018-11-23 11:21:42,881 INFO L273 TraceCheckUtils]: 2: Hoare triple {1040#true} assume true; {1040#true} is VALID [2018-11-23 11:21:42,882 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1040#true} {1040#true} #110#return; {1040#true} is VALID [2018-11-23 11:21:42,882 INFO L256 TraceCheckUtils]: 4: Hoare triple {1040#true} call #t~ret18 := main(); {1040#true} is VALID [2018-11-23 11:21:42,886 INFO L273 TraceCheckUtils]: 5: Hoare triple {1040#true} ~len~0 := 5bv32; {1060#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} is VALID [2018-11-23 11:21:42,886 INFO L256 TraceCheckUtils]: 6: Hoare triple {1060#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {1040#true} is VALID [2018-11-23 11:21:42,887 INFO L273 TraceCheckUtils]: 7: Hoare triple {1040#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1067#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:42,887 INFO L273 TraceCheckUtils]: 8: Hoare triple {1067#(= dll_create_~len |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1067#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:42,888 INFO L273 TraceCheckUtils]: 9: Hoare triple {1067#(= dll_create_~len |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1067#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:42,888 INFO L273 TraceCheckUtils]: 10: Hoare triple {1067#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1067#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:42,889 INFO L273 TraceCheckUtils]: 11: Hoare triple {1067#(= dll_create_~len |dll_create_#in~len|)} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1067#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:42,889 INFO L273 TraceCheckUtils]: 12: Hoare triple {1067#(= dll_create_~len |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {1083#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:42,890 INFO L273 TraceCheckUtils]: 13: Hoare triple {1083#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:42,891 INFO L273 TraceCheckUtils]: 14: Hoare triple {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:42,891 INFO L273 TraceCheckUtils]: 15: Hoare triple {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} assume true; {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:42,894 INFO L268 TraceCheckUtils]: 16: Hoare quadruple {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} {1060#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} #114#return; {1041#false} is VALID [2018-11-23 11:21:42,894 INFO L273 TraceCheckUtils]: 17: Hoare triple {1041#false} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {1041#false} is VALID [2018-11-23 11:21:42,895 INFO L273 TraceCheckUtils]: 18: Hoare triple {1041#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {1041#false} is VALID [2018-11-23 11:21:42,895 INFO L273 TraceCheckUtils]: 19: Hoare triple {1041#false} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {1041#false} is VALID [2018-11-23 11:21:42,895 INFO L273 TraceCheckUtils]: 20: Hoare triple {1041#false} assume #t~short7; {1041#false} is VALID [2018-11-23 11:21:42,896 INFO L273 TraceCheckUtils]: 21: Hoare triple {1041#false} #t~short9 := #t~short7; {1041#false} is VALID [2018-11-23 11:21:42,896 INFO L273 TraceCheckUtils]: 22: Hoare triple {1041#false} assume #t~short9; {1041#false} is VALID [2018-11-23 11:21:42,896 INFO L273 TraceCheckUtils]: 23: Hoare triple {1041#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {1041#false} is VALID [2018-11-23 11:21:42,896 INFO L273 TraceCheckUtils]: 24: Hoare triple {1041#false} assume !false; {1041#false} is VALID [2018-11-23 11:21:42,898 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:21:42,898 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:21:43,328 INFO L273 TraceCheckUtils]: 24: Hoare triple {1041#false} assume !false; {1041#false} is VALID [2018-11-23 11:21:43,329 INFO L273 TraceCheckUtils]: 23: Hoare triple {1041#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {1041#false} is VALID [2018-11-23 11:21:43,329 INFO L273 TraceCheckUtils]: 22: Hoare triple {1041#false} assume #t~short9; {1041#false} is VALID [2018-11-23 11:21:43,330 INFO L273 TraceCheckUtils]: 21: Hoare triple {1041#false} #t~short9 := #t~short7; {1041#false} is VALID [2018-11-23 11:21:43,330 INFO L273 TraceCheckUtils]: 20: Hoare triple {1041#false} assume #t~short7; {1041#false} is VALID [2018-11-23 11:21:43,330 INFO L273 TraceCheckUtils]: 19: Hoare triple {1041#false} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {1041#false} is VALID [2018-11-23 11:21:43,331 INFO L273 TraceCheckUtils]: 18: Hoare triple {1041#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {1041#false} is VALID [2018-11-23 11:21:43,331 INFO L273 TraceCheckUtils]: 17: Hoare triple {1041#false} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {1041#false} is VALID [2018-11-23 11:21:43,332 INFO L268 TraceCheckUtils]: 16: Hoare quadruple {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} {1145#(bvsgt (bvadd main_~len~0 (_ bv4294967295 32)) (_ bv0 32))} #114#return; {1041#false} is VALID [2018-11-23 11:21:43,333 INFO L273 TraceCheckUtils]: 15: Hoare triple {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} assume true; {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:43,333 INFO L273 TraceCheckUtils]: 14: Hoare triple {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:43,350 INFO L273 TraceCheckUtils]: 13: Hoare triple {1158#(or (bvsgt dll_create_~len (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !~bvsgt32(~len, 0bv32); {1087#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:43,352 INFO L273 TraceCheckUtils]: 12: Hoare triple {1162#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {1158#(or (bvsgt dll_create_~len (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:21:43,354 INFO L273 TraceCheckUtils]: 11: Hoare triple {1162#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1162#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:21:43,356 INFO L273 TraceCheckUtils]: 10: Hoare triple {1162#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1162#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:21:43,356 INFO L273 TraceCheckUtils]: 9: Hoare triple {1162#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1162#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:21:43,357 INFO L273 TraceCheckUtils]: 8: Hoare triple {1162#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1162#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:21:43,360 INFO L273 TraceCheckUtils]: 7: Hoare triple {1040#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1162#(or (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)) (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967295 32)) (_ bv0 32))))} is VALID [2018-11-23 11:21:43,360 INFO L256 TraceCheckUtils]: 6: Hoare triple {1145#(bvsgt (bvadd main_~len~0 (_ bv4294967295 32)) (_ bv0 32))} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {1040#true} is VALID [2018-11-23 11:21:43,363 INFO L273 TraceCheckUtils]: 5: Hoare triple {1040#true} ~len~0 := 5bv32; {1145#(bvsgt (bvadd main_~len~0 (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:21:43,363 INFO L256 TraceCheckUtils]: 4: Hoare triple {1040#true} call #t~ret18 := main(); {1040#true} is VALID [2018-11-23 11:21:43,364 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1040#true} {1040#true} #110#return; {1040#true} is VALID [2018-11-23 11:21:43,364 INFO L273 TraceCheckUtils]: 2: Hoare triple {1040#true} assume true; {1040#true} is VALID [2018-11-23 11:21:43,364 INFO L273 TraceCheckUtils]: 1: Hoare triple {1040#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1040#true} is VALID [2018-11-23 11:21:43,364 INFO L256 TraceCheckUtils]: 0: Hoare triple {1040#true} call ULTIMATE.init(); {1040#true} is VALID [2018-11-23 11:21:43,366 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:21:43,370 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:21:43,370 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 6] total 9 [2018-11-23 11:21:43,370 INFO L78 Accepts]: Start accepts. Automaton has 9 states. Word has length 25 [2018-11-23 11:21:43,371 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:21:43,371 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states. [2018-11-23 11:21:43,468 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 35 edges. 35 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:43,468 INFO L459 AbstractCegarLoop]: Interpolant automaton has 9 states [2018-11-23 11:21:43,469 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2018-11-23 11:21:43,469 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=52, Unknown=0, NotChecked=0, Total=72 [2018-11-23 11:21:43,469 INFO L87 Difference]: Start difference. First operand 37 states and 45 transitions. Second operand 9 states. [2018-11-23 11:21:48,420 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:48,420 INFO L93 Difference]: Finished difference Result 63 states and 79 transitions. [2018-11-23 11:21:48,420 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2018-11-23 11:21:48,420 INFO L78 Accepts]: Start accepts. Automaton has 9 states. Word has length 25 [2018-11-23 11:21:48,420 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:21:48,421 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 9 states. [2018-11-23 11:21:48,423 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 73 transitions. [2018-11-23 11:21:48,423 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 9 states. [2018-11-23 11:21:48,425 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 73 transitions. [2018-11-23 11:21:48,425 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 73 transitions. [2018-11-23 11:21:48,567 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 73 edges. 73 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:48,569 INFO L225 Difference]: With dead ends: 63 [2018-11-23 11:21:48,569 INFO L226 Difference]: Without dead ends: 43 [2018-11-23 11:21:48,570 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 42 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=31, Invalid=79, Unknown=0, NotChecked=0, Total=110 [2018-11-23 11:21:48,570 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 43 states. [2018-11-23 11:21:48,598 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 43 to 39. [2018-11-23 11:21:48,599 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:21:48,599 INFO L82 GeneralOperation]: Start isEquivalent. First operand 43 states. Second operand 39 states. [2018-11-23 11:21:48,599 INFO L74 IsIncluded]: Start isIncluded. First operand 43 states. Second operand 39 states. [2018-11-23 11:21:48,600 INFO L87 Difference]: Start difference. First operand 43 states. Second operand 39 states. [2018-11-23 11:21:48,602 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:48,602 INFO L93 Difference]: Finished difference Result 43 states and 52 transitions. [2018-11-23 11:21:48,603 INFO L276 IsEmpty]: Start isEmpty. Operand 43 states and 52 transitions. [2018-11-23 11:21:48,603 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:48,603 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:48,603 INFO L74 IsIncluded]: Start isIncluded. First operand 39 states. Second operand 43 states. [2018-11-23 11:21:48,604 INFO L87 Difference]: Start difference. First operand 39 states. Second operand 43 states. [2018-11-23 11:21:48,606 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:21:48,606 INFO L93 Difference]: Finished difference Result 43 states and 52 transitions. [2018-11-23 11:21:48,606 INFO L276 IsEmpty]: Start isEmpty. Operand 43 states and 52 transitions. [2018-11-23 11:21:48,607 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:21:48,607 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:21:48,607 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:21:48,607 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:21:48,607 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 39 states. [2018-11-23 11:21:48,609 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 39 states to 39 states and 47 transitions. [2018-11-23 11:21:48,609 INFO L78 Accepts]: Start accepts. Automaton has 39 states and 47 transitions. Word has length 25 [2018-11-23 11:21:48,610 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:21:48,610 INFO L480 AbstractCegarLoop]: Abstraction has 39 states and 47 transitions. [2018-11-23 11:21:48,610 INFO L481 AbstractCegarLoop]: Interpolant automaton has 9 states. [2018-11-23 11:21:48,610 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 47 transitions. [2018-11-23 11:21:48,611 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2018-11-23 11:21:48,611 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:21:48,611 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:21:48,611 INFO L423 AbstractCegarLoop]: === Iteration 6 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:21:48,612 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:21:48,612 INFO L82 PathProgramCache]: Analyzing trace with hash 1292380644, now seen corresponding path program 1 times [2018-11-23 11:21:48,612 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:21:48,612 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:21:48,635 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:21:48,699 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:48,717 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:21:48,719 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:21:48,844 INFO L256 TraceCheckUtils]: 0: Hoare triple {1414#true} call ULTIMATE.init(); {1414#true} is VALID [2018-11-23 11:21:48,845 INFO L273 TraceCheckUtils]: 1: Hoare triple {1414#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1414#true} is VALID [2018-11-23 11:21:48,846 INFO L273 TraceCheckUtils]: 2: Hoare triple {1414#true} assume true; {1414#true} is VALID [2018-11-23 11:21:48,846 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1414#true} {1414#true} #110#return; {1414#true} is VALID [2018-11-23 11:21:48,846 INFO L256 TraceCheckUtils]: 4: Hoare triple {1414#true} call #t~ret18 := main(); {1414#true} is VALID [2018-11-23 11:21:48,847 INFO L273 TraceCheckUtils]: 5: Hoare triple {1414#true} ~len~0 := 5bv32; {1434#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} is VALID [2018-11-23 11:21:48,847 INFO L256 TraceCheckUtils]: 6: Hoare triple {1434#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {1414#true} is VALID [2018-11-23 11:21:48,848 INFO L273 TraceCheckUtils]: 7: Hoare triple {1414#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1441#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:48,850 INFO L273 TraceCheckUtils]: 8: Hoare triple {1441#(= dll_create_~len |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1441#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:48,850 INFO L273 TraceCheckUtils]: 9: Hoare triple {1441#(= dll_create_~len |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1441#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:48,851 INFO L273 TraceCheckUtils]: 10: Hoare triple {1441#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1441#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:48,851 INFO L273 TraceCheckUtils]: 11: Hoare triple {1441#(= dll_create_~len |dll_create_#in~len|)} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1441#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:21:48,852 INFO L273 TraceCheckUtils]: 12: Hoare triple {1441#(= dll_create_~len |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {1457#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:48,852 INFO L273 TraceCheckUtils]: 13: Hoare triple {1457#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1457#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:48,853 INFO L273 TraceCheckUtils]: 14: Hoare triple {1457#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1457#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:48,854 INFO L273 TraceCheckUtils]: 15: Hoare triple {1457#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1457#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:48,854 INFO L273 TraceCheckUtils]: 16: Hoare triple {1457#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {1457#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:48,880 INFO L273 TraceCheckUtils]: 17: Hoare triple {1457#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {1473#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:21:48,881 INFO L273 TraceCheckUtils]: 18: Hoare triple {1473#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:48,881 INFO L273 TraceCheckUtils]: 19: Hoare triple {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:48,882 INFO L273 TraceCheckUtils]: 20: Hoare triple {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} assume true; {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:48,884 INFO L268 TraceCheckUtils]: 21: Hoare quadruple {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} {1434#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} #114#return; {1415#false} is VALID [2018-11-23 11:21:48,884 INFO L273 TraceCheckUtils]: 22: Hoare triple {1415#false} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {1415#false} is VALID [2018-11-23 11:21:48,885 INFO L273 TraceCheckUtils]: 23: Hoare triple {1415#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {1415#false} is VALID [2018-11-23 11:21:48,885 INFO L273 TraceCheckUtils]: 24: Hoare triple {1415#false} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {1415#false} is VALID [2018-11-23 11:21:48,885 INFO L273 TraceCheckUtils]: 25: Hoare triple {1415#false} assume #t~short7; {1415#false} is VALID [2018-11-23 11:21:48,885 INFO L273 TraceCheckUtils]: 26: Hoare triple {1415#false} #t~short9 := #t~short7; {1415#false} is VALID [2018-11-23 11:21:48,885 INFO L273 TraceCheckUtils]: 27: Hoare triple {1415#false} assume #t~short9; {1415#false} is VALID [2018-11-23 11:21:48,886 INFO L273 TraceCheckUtils]: 28: Hoare triple {1415#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {1415#false} is VALID [2018-11-23 11:21:48,886 INFO L273 TraceCheckUtils]: 29: Hoare triple {1415#false} assume !false; {1415#false} is VALID [2018-11-23 11:21:48,888 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 0 proven. 7 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:21:48,888 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:21:49,212 INFO L273 TraceCheckUtils]: 29: Hoare triple {1415#false} assume !false; {1415#false} is VALID [2018-11-23 11:21:49,212 INFO L273 TraceCheckUtils]: 28: Hoare triple {1415#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {1415#false} is VALID [2018-11-23 11:21:49,212 INFO L273 TraceCheckUtils]: 27: Hoare triple {1415#false} assume #t~short9; {1415#false} is VALID [2018-11-23 11:21:49,213 INFO L273 TraceCheckUtils]: 26: Hoare triple {1415#false} #t~short9 := #t~short7; {1415#false} is VALID [2018-11-23 11:21:49,213 INFO L273 TraceCheckUtils]: 25: Hoare triple {1415#false} assume #t~short7; {1415#false} is VALID [2018-11-23 11:21:49,213 INFO L273 TraceCheckUtils]: 24: Hoare triple {1415#false} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {1415#false} is VALID [2018-11-23 11:21:49,214 INFO L273 TraceCheckUtils]: 23: Hoare triple {1415#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {1415#false} is VALID [2018-11-23 11:21:49,214 INFO L273 TraceCheckUtils]: 22: Hoare triple {1415#false} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {1415#false} is VALID [2018-11-23 11:21:49,215 INFO L268 TraceCheckUtils]: 21: Hoare quadruple {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} {1535#(bvsgt (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} #114#return; {1415#false} is VALID [2018-11-23 11:21:49,215 INFO L273 TraceCheckUtils]: 20: Hoare triple {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} assume true; {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,215 INFO L273 TraceCheckUtils]: 19: Hoare triple {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,216 INFO L273 TraceCheckUtils]: 18: Hoare triple {1548#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} assume !~bvsgt32(~len, 0bv32); {1477#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,218 INFO L273 TraceCheckUtils]: 17: Hoare triple {1552#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {1548#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} is VALID [2018-11-23 11:21:49,218 INFO L273 TraceCheckUtils]: 16: Hoare triple {1552#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {1552#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,219 INFO L273 TraceCheckUtils]: 15: Hoare triple {1552#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1552#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,220 INFO L273 TraceCheckUtils]: 14: Hoare triple {1552#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1552#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,221 INFO L273 TraceCheckUtils]: 13: Hoare triple {1552#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1552#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,227 INFO L273 TraceCheckUtils]: 12: Hoare triple {1568#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {1552#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,227 INFO L273 TraceCheckUtils]: 11: Hoare triple {1568#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1568#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,227 INFO L273 TraceCheckUtils]: 10: Hoare triple {1568#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1568#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,228 INFO L273 TraceCheckUtils]: 9: Hoare triple {1568#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1568#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,228 INFO L273 TraceCheckUtils]: 8: Hoare triple {1568#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1568#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,229 INFO L273 TraceCheckUtils]: 7: Hoare triple {1414#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1568#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967294 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:21:49,229 INFO L256 TraceCheckUtils]: 6: Hoare triple {1535#(bvsgt (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {1414#true} is VALID [2018-11-23 11:21:49,229 INFO L273 TraceCheckUtils]: 5: Hoare triple {1414#true} ~len~0 := 5bv32; {1535#(bvsgt (bvadd main_~len~0 (_ bv4294967294 32)) (_ bv0 32))} is VALID [2018-11-23 11:21:49,230 INFO L256 TraceCheckUtils]: 4: Hoare triple {1414#true} call #t~ret18 := main(); {1414#true} is VALID [2018-11-23 11:21:49,230 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1414#true} {1414#true} #110#return; {1414#true} is VALID [2018-11-23 11:21:49,230 INFO L273 TraceCheckUtils]: 2: Hoare triple {1414#true} assume true; {1414#true} is VALID [2018-11-23 11:21:49,230 INFO L273 TraceCheckUtils]: 1: Hoare triple {1414#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1414#true} is VALID [2018-11-23 11:21:49,230 INFO L256 TraceCheckUtils]: 0: Hoare triple {1414#true} call ULTIMATE.init(); {1414#true} is VALID [2018-11-23 11:21:49,233 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 0 proven. 7 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:21:49,236 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:21:49,236 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 7] total 11 [2018-11-23 11:21:49,236 INFO L78 Accepts]: Start accepts. Automaton has 11 states. Word has length 30 [2018-11-23 11:21:49,237 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:21:49,237 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states. [2018-11-23 11:21:49,363 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 45 edges. 45 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:21:49,363 INFO L459 AbstractCegarLoop]: Interpolant automaton has 11 states [2018-11-23 11:21:49,363 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2018-11-23 11:21:49,363 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=26, Invalid=84, Unknown=0, NotChecked=0, Total=110 [2018-11-23 11:21:49,364 INFO L87 Difference]: Start difference. First operand 39 states and 47 transitions. Second operand 11 states. [2018-11-23 11:22:00,100 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:22:00,101 INFO L93 Difference]: Finished difference Result 68 states and 85 transitions. [2018-11-23 11:22:00,101 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2018-11-23 11:22:00,101 INFO L78 Accepts]: Start accepts. Automaton has 11 states. Word has length 30 [2018-11-23 11:22:00,101 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:22:00,102 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2018-11-23 11:22:00,104 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 79 transitions. [2018-11-23 11:22:00,104 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2018-11-23 11:22:00,106 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 79 transitions. [2018-11-23 11:22:00,107 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 79 transitions. [2018-11-23 11:22:00,380 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 79 edges. 79 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:22:00,381 INFO L225 Difference]: With dead ends: 68 [2018-11-23 11:22:00,381 INFO L226 Difference]: Without dead ends: 48 [2018-11-23 11:22:00,385 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 62 GetRequests, 50 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=44, Invalid=138, Unknown=0, NotChecked=0, Total=182 [2018-11-23 11:22:00,385 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 48 states. [2018-11-23 11:22:00,412 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 48 to 44. [2018-11-23 11:22:00,412 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:22:00,412 INFO L82 GeneralOperation]: Start isEquivalent. First operand 48 states. Second operand 44 states. [2018-11-23 11:22:00,412 INFO L74 IsIncluded]: Start isIncluded. First operand 48 states. Second operand 44 states. [2018-11-23 11:22:00,413 INFO L87 Difference]: Start difference. First operand 48 states. Second operand 44 states. [2018-11-23 11:22:00,416 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:22:00,416 INFO L93 Difference]: Finished difference Result 48 states and 58 transitions. [2018-11-23 11:22:00,416 INFO L276 IsEmpty]: Start isEmpty. Operand 48 states and 58 transitions. [2018-11-23 11:22:00,417 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:22:00,417 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:22:00,417 INFO L74 IsIncluded]: Start isIncluded. First operand 44 states. Second operand 48 states. [2018-11-23 11:22:00,418 INFO L87 Difference]: Start difference. First operand 44 states. Second operand 48 states. [2018-11-23 11:22:00,420 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:22:00,420 INFO L93 Difference]: Finished difference Result 48 states and 58 transitions. [2018-11-23 11:22:00,420 INFO L276 IsEmpty]: Start isEmpty. Operand 48 states and 58 transitions. [2018-11-23 11:22:00,420 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:22:00,421 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:22:00,421 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:22:00,421 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:22:00,421 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 44 states. [2018-11-23 11:22:00,423 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 44 states to 44 states and 53 transitions. [2018-11-23 11:22:00,423 INFO L78 Accepts]: Start accepts. Automaton has 44 states and 53 transitions. Word has length 30 [2018-11-23 11:22:00,423 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:22:00,423 INFO L480 AbstractCegarLoop]: Abstraction has 44 states and 53 transitions. [2018-11-23 11:22:00,423 INFO L481 AbstractCegarLoop]: Interpolant automaton has 11 states. [2018-11-23 11:22:00,424 INFO L276 IsEmpty]: Start isEmpty. Operand 44 states and 53 transitions. [2018-11-23 11:22:00,424 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2018-11-23 11:22:00,425 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:22:00,425 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:22:00,425 INFO L423 AbstractCegarLoop]: === Iteration 7 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:22:00,425 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:22:00,425 INFO L82 PathProgramCache]: Analyzing trace with hash 376621686, now seen corresponding path program 2 times [2018-11-23 11:22:00,426 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:22:00,426 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:22:00,449 INFO L101 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2018-11-23 11:22:00,554 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2018-11-23 11:22:00,554 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-11-23 11:22:00,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:22:00,588 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:22:00,887 INFO L256 TraceCheckUtils]: 0: Hoare triple {1844#true} call ULTIMATE.init(); {1844#true} is VALID [2018-11-23 11:22:00,887 INFO L273 TraceCheckUtils]: 1: Hoare triple {1844#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1844#true} is VALID [2018-11-23 11:22:00,887 INFO L273 TraceCheckUtils]: 2: Hoare triple {1844#true} assume true; {1844#true} is VALID [2018-11-23 11:22:00,888 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1844#true} {1844#true} #110#return; {1844#true} is VALID [2018-11-23 11:22:00,888 INFO L256 TraceCheckUtils]: 4: Hoare triple {1844#true} call #t~ret18 := main(); {1844#true} is VALID [2018-11-23 11:22:00,888 INFO L273 TraceCheckUtils]: 5: Hoare triple {1844#true} ~len~0 := 5bv32; {1864#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} is VALID [2018-11-23 11:22:00,888 INFO L256 TraceCheckUtils]: 6: Hoare triple {1864#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {1844#true} is VALID [2018-11-23 11:22:00,895 INFO L273 TraceCheckUtils]: 7: Hoare triple {1844#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1871#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,899 INFO L273 TraceCheckUtils]: 8: Hoare triple {1871#(= dll_create_~len |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1871#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,899 INFO L273 TraceCheckUtils]: 9: Hoare triple {1871#(= dll_create_~len |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1871#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,901 INFO L273 TraceCheckUtils]: 10: Hoare triple {1871#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1871#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,901 INFO L273 TraceCheckUtils]: 11: Hoare triple {1871#(= dll_create_~len |dll_create_#in~len|)} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {1871#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,904 INFO L273 TraceCheckUtils]: 12: Hoare triple {1871#(= dll_create_~len |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {1887#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,906 INFO L273 TraceCheckUtils]: 13: Hoare triple {1887#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1887#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,906 INFO L273 TraceCheckUtils]: 14: Hoare triple {1887#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1887#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,909 INFO L273 TraceCheckUtils]: 15: Hoare triple {1887#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1887#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,909 INFO L273 TraceCheckUtils]: 16: Hoare triple {1887#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {1887#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,931 INFO L273 TraceCheckUtils]: 17: Hoare triple {1887#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {1903#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,934 INFO L273 TraceCheckUtils]: 18: Hoare triple {1903#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1903#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,934 INFO L273 TraceCheckUtils]: 19: Hoare triple {1903#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1903#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,936 INFO L273 TraceCheckUtils]: 20: Hoare triple {1903#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1903#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,936 INFO L273 TraceCheckUtils]: 21: Hoare triple {1903#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {1903#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,964 INFO L273 TraceCheckUtils]: 22: Hoare triple {1903#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {1919#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:22:00,965 INFO L273 TraceCheckUtils]: 23: Hoare triple {1919#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:00,966 INFO L273 TraceCheckUtils]: 24: Hoare triple {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:00,968 INFO L273 TraceCheckUtils]: 25: Hoare triple {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} assume true; {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:00,971 INFO L268 TraceCheckUtils]: 26: Hoare quadruple {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} {1864#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} #114#return; {1845#false} is VALID [2018-11-23 11:22:00,971 INFO L273 TraceCheckUtils]: 27: Hoare triple {1845#false} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {1845#false} is VALID [2018-11-23 11:22:00,971 INFO L273 TraceCheckUtils]: 28: Hoare triple {1845#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {1845#false} is VALID [2018-11-23 11:22:00,971 INFO L273 TraceCheckUtils]: 29: Hoare triple {1845#false} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {1845#false} is VALID [2018-11-23 11:22:00,972 INFO L273 TraceCheckUtils]: 30: Hoare triple {1845#false} assume #t~short7; {1845#false} is VALID [2018-11-23 11:22:00,972 INFO L273 TraceCheckUtils]: 31: Hoare triple {1845#false} #t~short9 := #t~short7; {1845#false} is VALID [2018-11-23 11:22:00,972 INFO L273 TraceCheckUtils]: 32: Hoare triple {1845#false} assume #t~short9; {1845#false} is VALID [2018-11-23 11:22:00,972 INFO L273 TraceCheckUtils]: 33: Hoare triple {1845#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {1845#false} is VALID [2018-11-23 11:22:00,972 INFO L273 TraceCheckUtils]: 34: Hoare triple {1845#false} assume !false; {1845#false} is VALID [2018-11-23 11:22:00,993 INFO L134 CoverageAnalysis]: Checked inductivity of 18 backedges. 0 proven. 18 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:22:00,993 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:22:01,492 INFO L273 TraceCheckUtils]: 34: Hoare triple {1845#false} assume !false; {1845#false} is VALID [2018-11-23 11:22:01,493 INFO L273 TraceCheckUtils]: 33: Hoare triple {1845#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {1845#false} is VALID [2018-11-23 11:22:01,493 INFO L273 TraceCheckUtils]: 32: Hoare triple {1845#false} assume #t~short9; {1845#false} is VALID [2018-11-23 11:22:01,493 INFO L273 TraceCheckUtils]: 31: Hoare triple {1845#false} #t~short9 := #t~short7; {1845#false} is VALID [2018-11-23 11:22:01,494 INFO L273 TraceCheckUtils]: 30: Hoare triple {1845#false} assume #t~short7; {1845#false} is VALID [2018-11-23 11:22:01,494 INFO L273 TraceCheckUtils]: 29: Hoare triple {1845#false} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {1845#false} is VALID [2018-11-23 11:22:01,494 INFO L273 TraceCheckUtils]: 28: Hoare triple {1845#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {1845#false} is VALID [2018-11-23 11:22:01,494 INFO L273 TraceCheckUtils]: 27: Hoare triple {1845#false} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {1845#false} is VALID [2018-11-23 11:22:01,495 INFO L268 TraceCheckUtils]: 26: Hoare quadruple {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} {1981#(bvsgt (bvadd main_~len~0 (_ bv4294967293 32)) (_ bv0 32))} #114#return; {1845#false} is VALID [2018-11-23 11:22:01,496 INFO L273 TraceCheckUtils]: 25: Hoare triple {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} assume true; {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,496 INFO L273 TraceCheckUtils]: 24: Hoare triple {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,500 INFO L273 TraceCheckUtils]: 23: Hoare triple {1994#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} assume !~bvsgt32(~len, 0bv32); {1923#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,501 INFO L273 TraceCheckUtils]: 22: Hoare triple {1998#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {1994#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} is VALID [2018-11-23 11:22:01,501 INFO L273 TraceCheckUtils]: 21: Hoare triple {1998#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {1998#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,502 INFO L273 TraceCheckUtils]: 20: Hoare triple {1998#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {1998#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,502 INFO L273 TraceCheckUtils]: 19: Hoare triple {1998#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {1998#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,502 INFO L273 TraceCheckUtils]: 18: Hoare triple {1998#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {1998#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,510 INFO L273 TraceCheckUtils]: 17: Hoare triple {2014#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {1998#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,511 INFO L273 TraceCheckUtils]: 16: Hoare triple {2014#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2014#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,513 INFO L273 TraceCheckUtils]: 15: Hoare triple {2014#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2014#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,513 INFO L273 TraceCheckUtils]: 14: Hoare triple {2014#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2014#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,513 INFO L273 TraceCheckUtils]: 13: Hoare triple {2014#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2014#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,519 INFO L273 TraceCheckUtils]: 12: Hoare triple {2030#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2014#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,520 INFO L273 TraceCheckUtils]: 11: Hoare triple {2030#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {2030#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,522 INFO L273 TraceCheckUtils]: 10: Hoare triple {2030#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2030#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,526 INFO L273 TraceCheckUtils]: 9: Hoare triple {2030#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2030#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,528 INFO L273 TraceCheckUtils]: 8: Hoare triple {2030#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2030#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,528 INFO L273 TraceCheckUtils]: 7: Hoare triple {1844#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {2030#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967293 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:22:01,528 INFO L256 TraceCheckUtils]: 6: Hoare triple {1981#(bvsgt (bvadd main_~len~0 (_ bv4294967293 32)) (_ bv0 32))} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {1844#true} is VALID [2018-11-23 11:22:01,529 INFO L273 TraceCheckUtils]: 5: Hoare triple {1844#true} ~len~0 := 5bv32; {1981#(bvsgt (bvadd main_~len~0 (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:22:01,529 INFO L256 TraceCheckUtils]: 4: Hoare triple {1844#true} call #t~ret18 := main(); {1844#true} is VALID [2018-11-23 11:22:01,529 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1844#true} {1844#true} #110#return; {1844#true} is VALID [2018-11-23 11:22:01,530 INFO L273 TraceCheckUtils]: 2: Hoare triple {1844#true} assume true; {1844#true} is VALID [2018-11-23 11:22:01,530 INFO L273 TraceCheckUtils]: 1: Hoare triple {1844#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1844#true} is VALID [2018-11-23 11:22:01,530 INFO L256 TraceCheckUtils]: 0: Hoare triple {1844#true} call ULTIMATE.init(); {1844#true} is VALID [2018-11-23 11:22:01,533 INFO L134 CoverageAnalysis]: Checked inductivity of 18 backedges. 0 proven. 18 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:22:01,537 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:22:01,538 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 8] total 13 [2018-11-23 11:22:01,538 INFO L78 Accepts]: Start accepts. Automaton has 13 states. Word has length 35 [2018-11-23 11:22:01,539 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:22:01,539 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states. [2018-11-23 11:22:01,748 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 55 edges. 55 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:22:01,748 INFO L459 AbstractCegarLoop]: Interpolant automaton has 13 states [2018-11-23 11:22:01,748 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 13 interpolants. [2018-11-23 11:22:01,748 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=32, Invalid=124, Unknown=0, NotChecked=0, Total=156 [2018-11-23 11:22:01,749 INFO L87 Difference]: Start difference. First operand 44 states and 53 transitions. Second operand 13 states. [2018-11-23 11:22:16,550 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:22:16,550 INFO L93 Difference]: Finished difference Result 73 states and 91 transitions. [2018-11-23 11:22:16,551 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2018-11-23 11:22:16,551 INFO L78 Accepts]: Start accepts. Automaton has 13 states. Word has length 35 [2018-11-23 11:22:16,551 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:22:16,551 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 13 states. [2018-11-23 11:22:16,553 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 85 transitions. [2018-11-23 11:22:16,553 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 13 states. [2018-11-23 11:22:16,556 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 85 transitions. [2018-11-23 11:22:16,556 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 85 transitions. [2018-11-23 11:22:16,811 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 85 edges. 85 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:22:16,812 INFO L225 Difference]: With dead ends: 73 [2018-11-23 11:22:16,812 INFO L226 Difference]: Without dead ends: 53 [2018-11-23 11:22:16,813 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 73 GetRequests, 58 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 16 ImplicationChecksByTransitivity, 0.6s TimeCoverageRelationStatistics Valid=58, Invalid=214, Unknown=0, NotChecked=0, Total=272 [2018-11-23 11:22:16,813 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 53 states. [2018-11-23 11:22:16,828 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 53 to 49. [2018-11-23 11:22:16,828 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:22:16,828 INFO L82 GeneralOperation]: Start isEquivalent. First operand 53 states. Second operand 49 states. [2018-11-23 11:22:16,829 INFO L74 IsIncluded]: Start isIncluded. First operand 53 states. Second operand 49 states. [2018-11-23 11:22:16,829 INFO L87 Difference]: Start difference. First operand 53 states. Second operand 49 states. [2018-11-23 11:22:16,831 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:22:16,831 INFO L93 Difference]: Finished difference Result 53 states and 64 transitions. [2018-11-23 11:22:16,831 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 64 transitions. [2018-11-23 11:22:16,832 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:22:16,832 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:22:16,832 INFO L74 IsIncluded]: Start isIncluded. First operand 49 states. Second operand 53 states. [2018-11-23 11:22:16,832 INFO L87 Difference]: Start difference. First operand 49 states. Second operand 53 states. [2018-11-23 11:22:16,834 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:22:16,834 INFO L93 Difference]: Finished difference Result 53 states and 64 transitions. [2018-11-23 11:22:16,834 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 64 transitions. [2018-11-23 11:22:16,834 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:22:16,834 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:22:16,835 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:22:16,835 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:22:16,835 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 49 states. [2018-11-23 11:22:16,836 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 49 states to 49 states and 59 transitions. [2018-11-23 11:22:16,837 INFO L78 Accepts]: Start accepts. Automaton has 49 states and 59 transitions. Word has length 35 [2018-11-23 11:22:16,837 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:22:16,837 INFO L480 AbstractCegarLoop]: Abstraction has 49 states and 59 transitions. [2018-11-23 11:22:16,837 INFO L481 AbstractCegarLoop]: Interpolant automaton has 13 states. [2018-11-23 11:22:16,837 INFO L276 IsEmpty]: Start isEmpty. Operand 49 states and 59 transitions. [2018-11-23 11:22:16,838 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2018-11-23 11:22:16,838 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:22:16,838 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 4, 4, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:22:16,838 INFO L423 AbstractCegarLoop]: === Iteration 8 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:22:16,839 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:22:16,839 INFO L82 PathProgramCache]: Analyzing trace with hash -1613777628, now seen corresponding path program 3 times [2018-11-23 11:22:16,839 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:22:16,839 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 9 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 9 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:22:16,861 INFO L101 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2018-11-23 11:22:17,181 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 4 check-sat command(s) [2018-11-23 11:22:17,181 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-11-23 11:22:17,219 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:22:17,221 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:22:17,339 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:22:17,367 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:22:17,401 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:17,402 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2018-11-23 11:22:17,405 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:22:17,405 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_43|]. (= |#valid| (store |v_#valid_43| dll_create_~new_head~0.base (_ bv1 1))) [2018-11-23 11:22:17,405 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base)) [2018-11-23 11:22:17,457 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,459 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,461 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:22:17,463 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:22:17,470 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:17,470 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:16, output treesize:8 [2018-11-23 11:22:17,523 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:22:17,559 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:22:17,667 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 34 [2018-11-23 11:22:17,687 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 34 treesize of output 37 [2018-11-23 11:22:17,695 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,697 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 45 [2018-11-23 11:22:17,719 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,730 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,741 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,742 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 61 [2018-11-23 11:22:17,795 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,802 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,810 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,843 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,853 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,858 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,894 INFO L303 Elim1Store]: Index analysis took 129 ms [2018-11-23 11:22:17,898 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 6 disjoint index pairs (out of 3 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 41 treesize of output 85 [2018-11-23 11:22:17,921 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,923 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,924 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,926 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,929 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,930 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,932 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,934 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,935 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,937 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:22:17,959 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 4 select indices, 4 select index equivalence classes, 10 disjoint index pairs (out of 6 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 43 treesize of output 107 [2018-11-23 11:22:17,963 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:22:18,001 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:18,023 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:18,040 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:18,057 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:18,072 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:18,100 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:18,100 INFO L202 ElimStorePlain]: Needed 9 recursive calls to eliminate 2 variables, input treesize:59, output treesize:33 [2018-11-23 11:22:18,341 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:22:18,342 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_48|, |v_#memory_int_47|]. (let ((.cse1 (select |v_#memory_int_47| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= |v_#memory_int_47| (store |v_#memory_int_48| dll_create_~new_head~0.base (let ((.cse0 (bvadd dll_create_~new_head~0.offset (_ bv4 32)))) (store (store (store (store (select |v_#memory_int_48| dll_create_~new_head~0.base) dll_create_~new_head~0.offset (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv8 32)) (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) (_ bv0 32)) .cse0 (select .cse1 .cse0))))) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)) (= (store |v_#memory_int_47| dll_create_~new_head~0.base (let ((.cse2 (bvadd dll_create_~new_head~0.offset (_ bv12 32)))) (store .cse1 .cse2 (select (select |#memory_int| dll_create_~new_head~0.base) .cse2)))) |#memory_int|))) [2018-11-23 11:22:18,342 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))) [2018-11-23 11:22:18,422 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 45 treesize of output 46 [2018-11-23 11:22:18,429 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 1 [2018-11-23 11:22:18,430 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:22:18,442 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:18,466 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:18,466 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:52, output treesize:29 [2018-11-23 11:22:18,478 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:22:18,478 WARN L384 uantifierElimination]: Input elimination task: ∃ [dll_create_~head~0.base, dll_create_~head~0.offset, |v_#memory_int_49|]. (let ((.cse1 (select |v_#memory_int_49| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (store |v_#memory_int_49| dll_create_~head~0.base (let ((.cse0 (bvadd dll_create_~head~0.offset (_ bv12 32)))) (store (select |v_#memory_int_49| dll_create_~head~0.base) .cse0 (select (select |#memory_int| dll_create_~head~0.base) .cse0)))) |#memory_int|) (= (select .cse1 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (select .cse1 dll_create_~new_head~0.offset) (_ bv0 32)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)) (= (select .cse1 (bvadd dll_create_~new_head~0.offset (_ bv16 32))) (_ bv0 32)))) [2018-11-23 11:22:18,479 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)))) [2018-11-23 11:22:18,905 INFO L256 TraceCheckUtils]: 0: Hoare triple {2330#true} call ULTIMATE.init(); {2330#true} is VALID [2018-11-23 11:22:18,905 INFO L273 TraceCheckUtils]: 1: Hoare triple {2330#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2330#true} is VALID [2018-11-23 11:22:18,905 INFO L273 TraceCheckUtils]: 2: Hoare triple {2330#true} assume true; {2330#true} is VALID [2018-11-23 11:22:18,905 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2330#true} {2330#true} #110#return; {2330#true} is VALID [2018-11-23 11:22:18,906 INFO L256 TraceCheckUtils]: 4: Hoare triple {2330#true} call #t~ret18 := main(); {2330#true} is VALID [2018-11-23 11:22:18,906 INFO L273 TraceCheckUtils]: 5: Hoare triple {2330#true} ~len~0 := 5bv32; {2330#true} is VALID [2018-11-23 11:22:18,906 INFO L256 TraceCheckUtils]: 6: Hoare triple {2330#true} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {2330#true} is VALID [2018-11-23 11:22:18,906 INFO L273 TraceCheckUtils]: 7: Hoare triple {2330#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {2330#true} is VALID [2018-11-23 11:22:18,907 INFO L273 TraceCheckUtils]: 8: Hoare triple {2330#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2330#true} is VALID [2018-11-23 11:22:18,907 INFO L273 TraceCheckUtils]: 9: Hoare triple {2330#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2330#true} is VALID [2018-11-23 11:22:18,907 INFO L273 TraceCheckUtils]: 10: Hoare triple {2330#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2330#true} is VALID [2018-11-23 11:22:18,907 INFO L273 TraceCheckUtils]: 11: Hoare triple {2330#true} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {2330#true} is VALID [2018-11-23 11:22:18,907 INFO L273 TraceCheckUtils]: 12: Hoare triple {2330#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2330#true} is VALID [2018-11-23 11:22:18,908 INFO L273 TraceCheckUtils]: 13: Hoare triple {2330#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2330#true} is VALID [2018-11-23 11:22:18,908 INFO L273 TraceCheckUtils]: 14: Hoare triple {2330#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2330#true} is VALID [2018-11-23 11:22:18,908 INFO L273 TraceCheckUtils]: 15: Hoare triple {2330#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2330#true} is VALID [2018-11-23 11:22:18,908 INFO L273 TraceCheckUtils]: 16: Hoare triple {2330#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2330#true} is VALID [2018-11-23 11:22:18,908 INFO L273 TraceCheckUtils]: 17: Hoare triple {2330#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2330#true} is VALID [2018-11-23 11:22:18,910 INFO L273 TraceCheckUtils]: 18: Hoare triple {2330#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:22:18,910 INFO L273 TraceCheckUtils]: 19: Hoare triple {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:22:18,911 INFO L273 TraceCheckUtils]: 20: Hoare triple {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:22:18,911 INFO L273 TraceCheckUtils]: 21: Hoare triple {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:22:18,919 INFO L273 TraceCheckUtils]: 22: Hoare triple {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2402#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:22:18,919 INFO L273 TraceCheckUtils]: 23: Hoare triple {2402#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2406#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:22:18,920 INFO L273 TraceCheckUtils]: 24: Hoare triple {2406#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2406#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:22:18,942 INFO L273 TraceCheckUtils]: 25: Hoare triple {2406#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2413#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:22:18,944 INFO L273 TraceCheckUtils]: 26: Hoare triple {2413#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2417#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} is VALID [2018-11-23 11:22:18,947 INFO L273 TraceCheckUtils]: 27: Hoare triple {2417#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2421#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:22:18,948 INFO L273 TraceCheckUtils]: 28: Hoare triple {2421#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} assume !~bvsgt32(~len, 0bv32); {2421#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:22:18,949 INFO L273 TraceCheckUtils]: 29: Hoare triple {2421#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {2428#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} is VALID [2018-11-23 11:22:18,951 INFO L273 TraceCheckUtils]: 30: Hoare triple {2428#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} assume true; {2428#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} is VALID [2018-11-23 11:22:18,953 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {2428#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} {2330#true} #114#return; {2435#(and (= (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv16 32))) (_ bv0 32)) (= (select (select |#memory_int| |main_#t~ret4.base|) |main_#t~ret4.offset|) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv8 32)))) (= (_ bv0 32) |main_#t~ret4.offset|))} is VALID [2018-11-23 11:22:18,955 INFO L273 TraceCheckUtils]: 32: Hoare triple {2435#(and (= (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv16 32))) (_ bv0 32)) (= (select (select |#memory_int| |main_#t~ret4.base|) |main_#t~ret4.offset|) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv8 32)))) (= (_ bv0 32) |main_#t~ret4.offset|))} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {2439#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32)))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:22:18,956 INFO L273 TraceCheckUtils]: 33: Hoare triple {2439#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32)))) (= (_ bv0 32) main_~head~1.offset))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {2439#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32)))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:22:18,957 INFO L273 TraceCheckUtils]: 34: Hoare triple {2439#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32)))) (= (_ bv0 32) main_~head~1.offset))} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {2446#(not |main_#t~short7|)} is VALID [2018-11-23 11:22:18,958 INFO L273 TraceCheckUtils]: 35: Hoare triple {2446#(not |main_#t~short7|)} assume #t~short7; {2331#false} is VALID [2018-11-23 11:22:18,958 INFO L273 TraceCheckUtils]: 36: Hoare triple {2331#false} #t~short9 := #t~short7; {2331#false} is VALID [2018-11-23 11:22:18,959 INFO L273 TraceCheckUtils]: 37: Hoare triple {2331#false} assume #t~short9; {2331#false} is VALID [2018-11-23 11:22:18,959 INFO L273 TraceCheckUtils]: 38: Hoare triple {2331#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {2331#false} is VALID [2018-11-23 11:22:18,959 INFO L273 TraceCheckUtils]: 39: Hoare triple {2331#false} assume !false; {2331#false} is VALID [2018-11-23 11:22:18,964 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 22 proven. 5 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2018-11-23 11:22:18,964 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:22:19,792 WARN L180 SmtUtils]: Spent 751.00 ms on a formula simplification that was a NOOP. DAG size: 64 [2018-11-23 11:22:20,199 WARN L180 SmtUtils]: Spent 403.00 ms on a formula simplification that was a NOOP. DAG size: 58 [2018-11-23 11:22:20,626 WARN L180 SmtUtils]: Spent 424.00 ms on a formula simplification that was a NOOP. DAG size: 62 [2018-11-23 11:22:21,187 WARN L180 SmtUtils]: Spent 560.00 ms on a formula simplification that was a NOOP. DAG size: 62 [2018-11-23 11:22:21,546 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:22:21,558 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:22:21,563 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:22:21,563 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:28, output treesize:17 [2018-11-23 11:22:21,602 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:22:21,602 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_67|, dll_create_~head~0.offset]. (or (= (_ bv0 32) (select (select |v_#memory_int_67| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= (store |#memory_int| dll_create_~head~0.base (let ((.cse0 (bvadd dll_create_~head~0.offset (_ bv12 32)))) (store (select |#memory_int| dll_create_~head~0.base) .cse0 (select (select |v_#memory_int_67| dll_create_~head~0.base) .cse0)))) |v_#memory_int_67|))) [2018-11-23 11:22:21,602 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [dll_create_~head~0.offset, v_DerPreprocessor_4]. (= (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_4)) dll_create_~new_head~0.base) dll_create_~new_head~0.offset) (_ bv0 32)) [2018-11-23 11:22:23,957 WARN L180 SmtUtils]: Spent 214.00 ms on a formula simplification. DAG size of input: 45 DAG size of output: 41 [2018-11-23 11:22:23,963 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:22:23,970 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:24,019 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:22:24,022 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:24,058 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:22:24,059 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 5 variables, input treesize:71, output treesize:4 [2018-11-23 11:22:24,116 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:22:24,117 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_68|, dll_create_~head~0.offset, v_DerPreprocessor_4, |#memory_int|, |v_#memory_int_47|]. (let ((.cse1 (select |v_#memory_int_47| dll_create_~new_head~0.base))) (or (= (select (select (store |v_#memory_int_68| dll_create_~head~0.base (store (select |v_#memory_int_68| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_4)) dll_create_~new_head~0.base) dll_create_~new_head~0.offset) (_ bv0 32)) (not (= (store |#memory_int| dll_create_~new_head~0.base (let ((.cse0 (bvadd dll_create_~new_head~0.offset (_ bv4 32)))) (store (store (store (store (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv8 32)) (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) (_ bv0 32)) .cse0 (select .cse1 .cse0)))) |v_#memory_int_47|)) (not (= (store |v_#memory_int_47| dll_create_~new_head~0.base (let ((.cse2 (bvadd dll_create_~new_head~0.offset (_ bv12 32)))) (store .cse1 .cse2 (select (select |v_#memory_int_68| dll_create_~new_head~0.base) .cse2)))) |v_#memory_int_68|)))) [2018-11-23 11:22:24,117 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ []. (not (= dll_create_~new_head~0.base dll_create_~head~0.base)) [2018-11-23 11:22:24,457 INFO L273 TraceCheckUtils]: 39: Hoare triple {2331#false} assume !false; {2331#false} is VALID [2018-11-23 11:22:24,457 INFO L273 TraceCheckUtils]: 38: Hoare triple {2331#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {2331#false} is VALID [2018-11-23 11:22:24,457 INFO L273 TraceCheckUtils]: 37: Hoare triple {2331#false} assume #t~short9; {2331#false} is VALID [2018-11-23 11:22:24,458 INFO L273 TraceCheckUtils]: 36: Hoare triple {2331#false} #t~short9 := #t~short7; {2331#false} is VALID [2018-11-23 11:22:24,460 INFO L273 TraceCheckUtils]: 35: Hoare triple {2446#(not |main_#t~short7|)} assume #t~short7; {2331#false} is VALID [2018-11-23 11:22:24,460 INFO L273 TraceCheckUtils]: 34: Hoare triple {2477#(= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32))} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {2446#(not |main_#t~short7|)} is VALID [2018-11-23 11:22:24,462 INFO L273 TraceCheckUtils]: 33: Hoare triple {2477#(= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {2477#(= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32))} is VALID [2018-11-23 11:22:24,462 INFO L273 TraceCheckUtils]: 32: Hoare triple {2484#(= (select (select |#memory_int| |main_#t~ret4.base|) |main_#t~ret4.offset|) (_ bv0 32))} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {2477#(= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32))} is VALID [2018-11-23 11:22:24,463 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {2491#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|))} {2330#true} #114#return; {2484#(= (select (select |#memory_int| |main_#t~ret4.base|) |main_#t~ret4.offset|) (_ bv0 32))} is VALID [2018-11-23 11:22:24,464 INFO L273 TraceCheckUtils]: 30: Hoare triple {2491#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|))} assume true; {2491#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|))} is VALID [2018-11-23 11:22:24,464 INFO L273 TraceCheckUtils]: 29: Hoare triple {2498#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {2491#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|))} is VALID [2018-11-23 11:22:24,465 INFO L273 TraceCheckUtils]: 28: Hoare triple {2498#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset))} assume !~bvsgt32(~len, 0bv32); {2498#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset))} is VALID [2018-11-23 11:22:24,466 INFO L273 TraceCheckUtils]: 27: Hoare triple {2505#(= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2498#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset))} is VALID [2018-11-23 11:22:24,470 INFO L273 TraceCheckUtils]: 26: Hoare triple {2509#(forall ((v_DerPreprocessor_4 (_ BitVec 32)) (dll_create_~head~0.offset (_ BitVec 32))) (= (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_4)) dll_create_~new_head~0.base) dll_create_~new_head~0.offset) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2505#(= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset))} is VALID [2018-11-23 11:22:24,475 INFO L273 TraceCheckUtils]: 25: Hoare triple {2513#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2509#(forall ((v_DerPreprocessor_4 (_ BitVec 32)) (dll_create_~head~0.offset (_ BitVec 32))) (= (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_4)) dll_create_~new_head~0.base) dll_create_~new_head~0.offset) (_ bv0 32)))} is VALID [2018-11-23 11:22:24,475 INFO L273 TraceCheckUtils]: 24: Hoare triple {2513#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2513#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} is VALID [2018-11-23 11:22:24,476 INFO L273 TraceCheckUtils]: 23: Hoare triple {2402#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2513#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} is VALID [2018-11-23 11:22:24,477 INFO L273 TraceCheckUtils]: 22: Hoare triple {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2402#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:22:24,478 INFO L273 TraceCheckUtils]: 21: Hoare triple {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:22:24,478 INFO L273 TraceCheckUtils]: 20: Hoare triple {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:22:24,478 INFO L273 TraceCheckUtils]: 19: Hoare triple {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:22:24,479 INFO L273 TraceCheckUtils]: 18: Hoare triple {2330#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2389#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:22:24,480 INFO L273 TraceCheckUtils]: 17: Hoare triple {2330#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2330#true} is VALID [2018-11-23 11:22:24,480 INFO L273 TraceCheckUtils]: 16: Hoare triple {2330#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2330#true} is VALID [2018-11-23 11:22:24,480 INFO L273 TraceCheckUtils]: 15: Hoare triple {2330#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2330#true} is VALID [2018-11-23 11:22:24,480 INFO L273 TraceCheckUtils]: 14: Hoare triple {2330#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2330#true} is VALID [2018-11-23 11:22:24,480 INFO L273 TraceCheckUtils]: 13: Hoare triple {2330#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2330#true} is VALID [2018-11-23 11:22:24,481 INFO L273 TraceCheckUtils]: 12: Hoare triple {2330#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2330#true} is VALID [2018-11-23 11:22:24,481 INFO L273 TraceCheckUtils]: 11: Hoare triple {2330#true} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {2330#true} is VALID [2018-11-23 11:22:24,481 INFO L273 TraceCheckUtils]: 10: Hoare triple {2330#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2330#true} is VALID [2018-11-23 11:22:24,481 INFO L273 TraceCheckUtils]: 9: Hoare triple {2330#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2330#true} is VALID [2018-11-23 11:22:24,481 INFO L273 TraceCheckUtils]: 8: Hoare triple {2330#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2330#true} is VALID [2018-11-23 11:22:24,482 INFO L273 TraceCheckUtils]: 7: Hoare triple {2330#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {2330#true} is VALID [2018-11-23 11:22:24,482 INFO L256 TraceCheckUtils]: 6: Hoare triple {2330#true} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {2330#true} is VALID [2018-11-23 11:22:24,482 INFO L273 TraceCheckUtils]: 5: Hoare triple {2330#true} ~len~0 := 5bv32; {2330#true} is VALID [2018-11-23 11:22:24,482 INFO L256 TraceCheckUtils]: 4: Hoare triple {2330#true} call #t~ret18 := main(); {2330#true} is VALID [2018-11-23 11:22:24,482 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2330#true} {2330#true} #110#return; {2330#true} is VALID [2018-11-23 11:22:24,482 INFO L273 TraceCheckUtils]: 2: Hoare triple {2330#true} assume true; {2330#true} is VALID [2018-11-23 11:22:24,483 INFO L273 TraceCheckUtils]: 1: Hoare triple {2330#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2330#true} is VALID [2018-11-23 11:22:24,483 INFO L256 TraceCheckUtils]: 0: Hoare triple {2330#true} call ULTIMATE.init(); {2330#true} is VALID [2018-11-23 11:22:24,485 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 22 proven. 5 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2018-11-23 11:22:24,488 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:22:24,488 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 12] total 19 [2018-11-23 11:22:24,489 INFO L78 Accepts]: Start accepts. Automaton has 19 states. Word has length 40 [2018-11-23 11:22:24,489 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:22:24,489 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 19 states. [2018-11-23 11:22:24,564 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:22:24,565 INFO L459 AbstractCegarLoop]: Interpolant automaton has 19 states [2018-11-23 11:22:24,565 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 19 interpolants. [2018-11-23 11:22:24,565 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=48, Invalid=293, Unknown=1, NotChecked=0, Total=342 [2018-11-23 11:22:24,566 INFO L87 Difference]: Start difference. First operand 49 states and 59 transitions. Second operand 19 states. [2018-11-23 11:23:01,173 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:23:01,173 INFO L93 Difference]: Finished difference Result 68 states and 83 transitions. [2018-11-23 11:23:01,173 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2018-11-23 11:23:01,174 INFO L78 Accepts]: Start accepts. Automaton has 19 states. Word has length 40 [2018-11-23 11:23:01,174 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:23:01,174 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 19 states. [2018-11-23 11:23:01,176 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 72 transitions. [2018-11-23 11:23:01,176 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 19 states. [2018-11-23 11:23:01,178 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 72 transitions. [2018-11-23 11:23:01,178 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 72 transitions. [2018-11-23 11:23:01,318 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 72 edges. 72 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:23:01,319 INFO L225 Difference]: With dead ends: 68 [2018-11-23 11:23:01,320 INFO L226 Difference]: Without dead ends: 63 [2018-11-23 11:23:01,321 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 89 GetRequests, 62 SyntacticMatches, 1 SemanticMatches, 26 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 72 ImplicationChecksByTransitivity, 3.4s TimeCoverageRelationStatistics Valid=135, Invalid=620, Unknown=1, NotChecked=0, Total=756 [2018-11-23 11:23:01,321 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 63 states. [2018-11-23 11:23:01,389 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 63 to 52. [2018-11-23 11:23:01,389 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:23:01,390 INFO L82 GeneralOperation]: Start isEquivalent. First operand 63 states. Second operand 52 states. [2018-11-23 11:23:01,390 INFO L74 IsIncluded]: Start isIncluded. First operand 63 states. Second operand 52 states. [2018-11-23 11:23:01,390 INFO L87 Difference]: Start difference. First operand 63 states. Second operand 52 states. [2018-11-23 11:23:01,394 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:23:01,394 INFO L93 Difference]: Finished difference Result 63 states and 78 transitions. [2018-11-23 11:23:01,394 INFO L276 IsEmpty]: Start isEmpty. Operand 63 states and 78 transitions. [2018-11-23 11:23:01,395 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:23:01,395 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:23:01,395 INFO L74 IsIncluded]: Start isIncluded. First operand 52 states. Second operand 63 states. [2018-11-23 11:23:01,395 INFO L87 Difference]: Start difference. First operand 52 states. Second operand 63 states. [2018-11-23 11:23:01,397 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:23:01,397 INFO L93 Difference]: Finished difference Result 63 states and 78 transitions. [2018-11-23 11:23:01,397 INFO L276 IsEmpty]: Start isEmpty. Operand 63 states and 78 transitions. [2018-11-23 11:23:01,397 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:23:01,398 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:23:01,398 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:23:01,398 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:23:01,398 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 52 states. [2018-11-23 11:23:01,400 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 52 states to 52 states and 63 transitions. [2018-11-23 11:23:01,400 INFO L78 Accepts]: Start accepts. Automaton has 52 states and 63 transitions. Word has length 40 [2018-11-23 11:23:01,400 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:23:01,400 INFO L480 AbstractCegarLoop]: Abstraction has 52 states and 63 transitions. [2018-11-23 11:23:01,400 INFO L481 AbstractCegarLoop]: Interpolant automaton has 19 states. [2018-11-23 11:23:01,401 INFO L276 IsEmpty]: Start isEmpty. Operand 52 states and 63 transitions. [2018-11-23 11:23:01,401 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2018-11-23 11:23:01,401 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:23:01,402 INFO L402 BasicCegarLoop]: trace histogram [4, 4, 4, 4, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:23:01,402 INFO L423 AbstractCegarLoop]: === Iteration 9 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:23:01,402 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:23:01,402 INFO L82 PathProgramCache]: Analyzing trace with hash -1611928664, now seen corresponding path program 1 times [2018-11-23 11:23:01,403 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:23:01,403 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 10 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 10 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:23:01,432 INFO L101 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2018-11-23 11:23:01,535 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:23:01,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:23:01,588 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:23:01,814 INFO L256 TraceCheckUtils]: 0: Hoare triple {2883#true} call ULTIMATE.init(); {2883#true} is VALID [2018-11-23 11:23:01,815 INFO L273 TraceCheckUtils]: 1: Hoare triple {2883#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2883#true} is VALID [2018-11-23 11:23:01,815 INFO L273 TraceCheckUtils]: 2: Hoare triple {2883#true} assume true; {2883#true} is VALID [2018-11-23 11:23:01,815 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2883#true} {2883#true} #110#return; {2883#true} is VALID [2018-11-23 11:23:01,815 INFO L256 TraceCheckUtils]: 4: Hoare triple {2883#true} call #t~ret18 := main(); {2883#true} is VALID [2018-11-23 11:23:01,816 INFO L273 TraceCheckUtils]: 5: Hoare triple {2883#true} ~len~0 := 5bv32; {2903#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} is VALID [2018-11-23 11:23:01,816 INFO L256 TraceCheckUtils]: 6: Hoare triple {2903#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {2883#true} is VALID [2018-11-23 11:23:01,816 INFO L273 TraceCheckUtils]: 7: Hoare triple {2883#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {2910#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,817 INFO L273 TraceCheckUtils]: 8: Hoare triple {2910#(= dll_create_~len |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2910#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,817 INFO L273 TraceCheckUtils]: 9: Hoare triple {2910#(= dll_create_~len |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2910#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,818 INFO L273 TraceCheckUtils]: 10: Hoare triple {2910#(= dll_create_~len |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2910#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,818 INFO L273 TraceCheckUtils]: 11: Hoare triple {2910#(= dll_create_~len |dll_create_#in~len|)} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {2910#(= dll_create_~len |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,819 INFO L273 TraceCheckUtils]: 12: Hoare triple {2910#(= dll_create_~len |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2926#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,819 INFO L273 TraceCheckUtils]: 13: Hoare triple {2926#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2926#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,819 INFO L273 TraceCheckUtils]: 14: Hoare triple {2926#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2926#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,820 INFO L273 TraceCheckUtils]: 15: Hoare triple {2926#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2926#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,820 INFO L273 TraceCheckUtils]: 16: Hoare triple {2926#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2926#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,844 INFO L273 TraceCheckUtils]: 17: Hoare triple {2926#(= (bvadd dll_create_~len (_ bv1 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2942#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,844 INFO L273 TraceCheckUtils]: 18: Hoare triple {2942#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2942#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,845 INFO L273 TraceCheckUtils]: 19: Hoare triple {2942#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2942#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,845 INFO L273 TraceCheckUtils]: 20: Hoare triple {2942#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2942#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,845 INFO L273 TraceCheckUtils]: 21: Hoare triple {2942#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2942#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,876 INFO L273 TraceCheckUtils]: 22: Hoare triple {2942#(= (bvadd dll_create_~len (_ bv2 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2958#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,876 INFO L273 TraceCheckUtils]: 23: Hoare triple {2958#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {2958#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,877 INFO L273 TraceCheckUtils]: 24: Hoare triple {2958#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {2958#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,877 INFO L273 TraceCheckUtils]: 25: Hoare triple {2958#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {2958#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,878 INFO L273 TraceCheckUtils]: 26: Hoare triple {2958#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {2958#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,897 INFO L273 TraceCheckUtils]: 27: Hoare triple {2958#(= (bvadd dll_create_~len (_ bv3 32)) |dll_create_#in~len|)} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {2974#(= (bvadd dll_create_~len (_ bv4 32)) |dll_create_#in~len|)} is VALID [2018-11-23 11:23:01,898 INFO L273 TraceCheckUtils]: 28: Hoare triple {2974#(= (bvadd dll_create_~len (_ bv4 32)) |dll_create_#in~len|)} assume !~bvsgt32(~len, 0bv32); {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:01,898 INFO L273 TraceCheckUtils]: 29: Hoare triple {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:01,898 INFO L273 TraceCheckUtils]: 30: Hoare triple {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} assume true; {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:01,899 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} {2903#(= (bvadd main_~len~0 (_ bv4294967291 32)) (_ bv0 32))} #114#return; {2884#false} is VALID [2018-11-23 11:23:01,899 INFO L273 TraceCheckUtils]: 32: Hoare triple {2884#false} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {2884#false} is VALID [2018-11-23 11:23:01,900 INFO L273 TraceCheckUtils]: 33: Hoare triple {2884#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {2884#false} is VALID [2018-11-23 11:23:01,900 INFO L273 TraceCheckUtils]: 34: Hoare triple {2884#false} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {2884#false} is VALID [2018-11-23 11:23:01,900 INFO L273 TraceCheckUtils]: 35: Hoare triple {2884#false} assume !#t~short7;call #t~mem6 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short7 := 0bv32 != #t~mem6; {2884#false} is VALID [2018-11-23 11:23:01,901 INFO L273 TraceCheckUtils]: 36: Hoare triple {2884#false} #t~short9 := #t~short7; {2884#false} is VALID [2018-11-23 11:23:01,901 INFO L273 TraceCheckUtils]: 37: Hoare triple {2884#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {2884#false} is VALID [2018-11-23 11:23:01,901 INFO L273 TraceCheckUtils]: 38: Hoare triple {2884#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {2884#false} is VALID [2018-11-23 11:23:01,901 INFO L273 TraceCheckUtils]: 39: Hoare triple {2884#false} assume !false; {2884#false} is VALID [2018-11-23 11:23:01,905 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:23:01,905 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:23:02,527 INFO L273 TraceCheckUtils]: 39: Hoare triple {2884#false} assume !false; {2884#false} is VALID [2018-11-23 11:23:02,527 INFO L273 TraceCheckUtils]: 38: Hoare triple {2884#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {2884#false} is VALID [2018-11-23 11:23:02,527 INFO L273 TraceCheckUtils]: 37: Hoare triple {2884#false} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {2884#false} is VALID [2018-11-23 11:23:02,528 INFO L273 TraceCheckUtils]: 36: Hoare triple {2884#false} #t~short9 := #t~short7; {2884#false} is VALID [2018-11-23 11:23:02,528 INFO L273 TraceCheckUtils]: 35: Hoare triple {2884#false} assume !#t~short7;call #t~mem6 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short7 := 0bv32 != #t~mem6; {2884#false} is VALID [2018-11-23 11:23:02,528 INFO L273 TraceCheckUtils]: 34: Hoare triple {2884#false} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {2884#false} is VALID [2018-11-23 11:23:02,528 INFO L273 TraceCheckUtils]: 33: Hoare triple {2884#false} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {2884#false} is VALID [2018-11-23 11:23:02,528 INFO L273 TraceCheckUtils]: 32: Hoare triple {2884#false} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {2884#false} is VALID [2018-11-23 11:23:02,529 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} {3036#(bvsgt (bvadd main_~len~0 (_ bv4294967292 32)) (_ bv0 32))} #114#return; {2884#false} is VALID [2018-11-23 11:23:02,530 INFO L273 TraceCheckUtils]: 30: Hoare triple {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} assume true; {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,540 INFO L273 TraceCheckUtils]: 29: Hoare triple {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,540 INFO L273 TraceCheckUtils]: 28: Hoare triple {3049#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} assume !~bvsgt32(~len, 0bv32); {2978#(not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,541 INFO L273 TraceCheckUtils]: 27: Hoare triple {3053#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3049#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt dll_create_~len (_ bv0 32)))} is VALID [2018-11-23 11:23:02,541 INFO L273 TraceCheckUtils]: 26: Hoare triple {3053#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3053#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,542 INFO L273 TraceCheckUtils]: 25: Hoare triple {3053#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3053#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,542 INFO L273 TraceCheckUtils]: 24: Hoare triple {3053#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3053#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,543 INFO L273 TraceCheckUtils]: 23: Hoare triple {3053#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3053#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,548 INFO L273 TraceCheckUtils]: 22: Hoare triple {3069#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3053#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,549 INFO L273 TraceCheckUtils]: 21: Hoare triple {3069#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3069#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,549 INFO L273 TraceCheckUtils]: 20: Hoare triple {3069#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3069#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,550 INFO L273 TraceCheckUtils]: 19: Hoare triple {3069#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3069#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,550 INFO L273 TraceCheckUtils]: 18: Hoare triple {3069#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3069#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,555 INFO L273 TraceCheckUtils]: 17: Hoare triple {3085#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3069#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,555 INFO L273 TraceCheckUtils]: 16: Hoare triple {3085#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3085#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,561 INFO L273 TraceCheckUtils]: 15: Hoare triple {3085#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3085#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,562 INFO L273 TraceCheckUtils]: 14: Hoare triple {3085#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3085#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,562 INFO L273 TraceCheckUtils]: 13: Hoare triple {3085#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3085#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,567 INFO L273 TraceCheckUtils]: 12: Hoare triple {3101#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3085#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,568 INFO L273 TraceCheckUtils]: 11: Hoare triple {3101#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {3101#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,568 INFO L273 TraceCheckUtils]: 10: Hoare triple {3101#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3101#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,569 INFO L273 TraceCheckUtils]: 9: Hoare triple {3101#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3101#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,569 INFO L273 TraceCheckUtils]: 8: Hoare triple {3101#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3101#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,570 INFO L273 TraceCheckUtils]: 7: Hoare triple {2883#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {3101#(or (not (bvsgt (bvadd |dll_create_#in~len| (_ bv4294967292 32)) (_ bv0 32))) (bvsgt (bvadd dll_create_~len (_ bv4294967292 32)) (_ bv0 32)))} is VALID [2018-11-23 11:23:02,570 INFO L256 TraceCheckUtils]: 6: Hoare triple {3036#(bvsgt (bvadd main_~len~0 (_ bv4294967292 32)) (_ bv0 32))} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {2883#true} is VALID [2018-11-23 11:23:02,570 INFO L273 TraceCheckUtils]: 5: Hoare triple {2883#true} ~len~0 := 5bv32; {3036#(bvsgt (bvadd main_~len~0 (_ bv4294967292 32)) (_ bv0 32))} is VALID [2018-11-23 11:23:02,570 INFO L256 TraceCheckUtils]: 4: Hoare triple {2883#true} call #t~ret18 := main(); {2883#true} is VALID [2018-11-23 11:23:02,571 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2883#true} {2883#true} #110#return; {2883#true} is VALID [2018-11-23 11:23:02,571 INFO L273 TraceCheckUtils]: 2: Hoare triple {2883#true} assume true; {2883#true} is VALID [2018-11-23 11:23:02,571 INFO L273 TraceCheckUtils]: 1: Hoare triple {2883#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2883#true} is VALID [2018-11-23 11:23:02,571 INFO L256 TraceCheckUtils]: 0: Hoare triple {2883#true} call ULTIMATE.init(); {2883#true} is VALID [2018-11-23 11:23:02,576 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:23:02,578 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:23:02,578 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 15 [2018-11-23 11:23:02,578 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 40 [2018-11-23 11:23:02,579 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:23:02,579 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states. [2018-11-23 11:23:02,842 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 65 edges. 65 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:23:02,842 INFO L459 AbstractCegarLoop]: Interpolant automaton has 15 states [2018-11-23 11:23:02,842 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2018-11-23 11:23:02,842 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=38, Invalid=172, Unknown=0, NotChecked=0, Total=210 [2018-11-23 11:23:02,843 INFO L87 Difference]: Start difference. First operand 52 states and 63 transitions. Second operand 15 states. [2018-11-23 11:23:29,360 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:23:29,360 INFO L93 Difference]: Finished difference Result 84 states and 105 transitions. [2018-11-23 11:23:29,360 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2018-11-23 11:23:29,361 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 40 [2018-11-23 11:23:29,361 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:23:29,361 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2018-11-23 11:23:29,363 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 91 transitions. [2018-11-23 11:23:29,363 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2018-11-23 11:23:29,365 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 91 transitions. [2018-11-23 11:23:29,365 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 91 transitions. [2018-11-23 11:23:29,698 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 91 edges. 91 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:23:29,700 INFO L225 Difference]: With dead ends: 84 [2018-11-23 11:23:29,700 INFO L226 Difference]: Without dead ends: 61 [2018-11-23 11:23:29,701 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 84 GetRequests, 66 SyntacticMatches, 0 SemanticMatches, 18 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 0.7s TimeCoverageRelationStatistics Valid=73, Invalid=307, Unknown=0, NotChecked=0, Total=380 [2018-11-23 11:23:29,701 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 61 states. [2018-11-23 11:23:29,805 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 61 to 57. [2018-11-23 11:23:29,805 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:23:29,806 INFO L82 GeneralOperation]: Start isEquivalent. First operand 61 states. Second operand 57 states. [2018-11-23 11:23:29,806 INFO L74 IsIncluded]: Start isIncluded. First operand 61 states. Second operand 57 states. [2018-11-23 11:23:29,806 INFO L87 Difference]: Start difference. First operand 61 states. Second operand 57 states. [2018-11-23 11:23:29,809 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:23:29,809 INFO L93 Difference]: Finished difference Result 61 states and 74 transitions. [2018-11-23 11:23:29,809 INFO L276 IsEmpty]: Start isEmpty. Operand 61 states and 74 transitions. [2018-11-23 11:23:29,809 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:23:29,810 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:23:29,810 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand 61 states. [2018-11-23 11:23:29,810 INFO L87 Difference]: Start difference. First operand 57 states. Second operand 61 states. [2018-11-23 11:23:29,812 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:23:29,812 INFO L93 Difference]: Finished difference Result 61 states and 74 transitions. [2018-11-23 11:23:29,812 INFO L276 IsEmpty]: Start isEmpty. Operand 61 states and 74 transitions. [2018-11-23 11:23:29,813 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:23:29,813 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:23:29,813 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:23:29,813 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:23:29,813 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 57 states. [2018-11-23 11:23:29,815 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 57 states to 57 states and 69 transitions. [2018-11-23 11:23:29,815 INFO L78 Accepts]: Start accepts. Automaton has 57 states and 69 transitions. Word has length 40 [2018-11-23 11:23:29,815 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:23:29,815 INFO L480 AbstractCegarLoop]: Abstraction has 57 states and 69 transitions. [2018-11-23 11:23:29,815 INFO L481 AbstractCegarLoop]: Interpolant automaton has 15 states. [2018-11-23 11:23:29,815 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 69 transitions. [2018-11-23 11:23:29,816 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 46 [2018-11-23 11:23:29,816 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:23:29,816 INFO L402 BasicCegarLoop]: trace histogram [5, 5, 5, 5, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:23:29,816 INFO L423 AbstractCegarLoop]: === Iteration 10 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:23:29,817 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:23:29,817 INFO L82 PathProgramCache]: Analyzing trace with hash 117210554, now seen corresponding path program 2 times [2018-11-23 11:23:29,817 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:23:29,817 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 11 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 11 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:23:29,839 INFO L101 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2018-11-23 11:23:30,011 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2018-11-23 11:23:30,011 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-11-23 11:23:30,053 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:23:30,055 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:23:30,094 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:23:30,095 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,097 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,097 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2018-11-23 11:23:30,101 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:23:30,101 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_73|]. (= (store |v_#valid_73| dll_create_~new_head~0.base (_ bv1 1)) |#valid|) [2018-11-23 11:23:30,102 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base)) [2018-11-23 11:23:30,132 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,133 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,134 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:23:30,135 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,144 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,144 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:16, output treesize:8 [2018-11-23 11:23:30,181 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:23:30,219 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:23:30,351 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 34 [2018-11-23 11:23:30,357 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 34 treesize of output 37 [2018-11-23 11:23:30,365 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,366 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 45 [2018-11-23 11:23:30,434 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,446 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,457 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,458 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 61 [2018-11-23 11:23:30,477 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,479 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,481 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,483 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,485 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,486 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,496 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 6 disjoint index pairs (out of 3 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 41 treesize of output 85 [2018-11-23 11:23:30,545 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,547 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,550 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,551 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,552 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,554 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,555 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,557 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,558 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,560 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:23:30,583 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 4 select indices, 4 select index equivalence classes, 10 disjoint index pairs (out of 6 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 43 treesize of output 107 [2018-11-23 11:23:30,588 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,620 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,642 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,660 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,677 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,694 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,721 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,722 INFO L202 ElimStorePlain]: Needed 9 recursive calls to eliminate 2 variables, input treesize:59, output treesize:33 [2018-11-23 11:23:30,852 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:23:30,852 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_89|, |v_#memory_int_88|]. (let ((.cse1 (select |v_#memory_int_88| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (store |v_#memory_int_89| dll_create_~new_head~0.base (let ((.cse0 (bvadd dll_create_~new_head~0.offset (_ bv4 32)))) (store (store (store (store (select |v_#memory_int_89| dll_create_~new_head~0.base) dll_create_~new_head~0.offset (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv8 32)) (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) (_ bv0 32)) .cse0 (select .cse1 .cse0)))) |v_#memory_int_88|) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)) (= (store |v_#memory_int_88| dll_create_~new_head~0.base (let ((.cse2 (bvadd dll_create_~new_head~0.offset (_ bv12 32)))) (store .cse1 .cse2 (select (select |#memory_int| dll_create_~new_head~0.base) .cse2)))) |#memory_int|))) [2018-11-23 11:23:30,852 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))) [2018-11-23 11:23:30,922 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 45 treesize of output 46 [2018-11-23 11:23:30,929 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 1 [2018-11-23 11:23:30,930 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,944 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,969 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:30,970 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:52, output treesize:29 [2018-11-23 11:23:30,982 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:23:30,982 WARN L384 uantifierElimination]: Input elimination task: ∃ [dll_create_~head~0.base, dll_create_~head~0.offset, |v_#memory_int_90|]. (let ((.cse0 (select |v_#memory_int_90| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)) (= (store |v_#memory_int_90| dll_create_~head~0.base (let ((.cse1 (bvadd dll_create_~head~0.offset (_ bv12 32)))) (store (select |v_#memory_int_90| dll_create_~head~0.base) .cse1 (select (select |#memory_int| dll_create_~head~0.base) .cse1)))) |#memory_int|))) [2018-11-23 11:23:30,982 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)))) [2018-11-23 11:23:31,308 INFO L256 TraceCheckUtils]: 0: Hoare triple {3443#true} call ULTIMATE.init(); {3443#true} is VALID [2018-11-23 11:23:31,308 INFO L273 TraceCheckUtils]: 1: Hoare triple {3443#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {3443#true} is VALID [2018-11-23 11:23:31,309 INFO L273 TraceCheckUtils]: 2: Hoare triple {3443#true} assume true; {3443#true} is VALID [2018-11-23 11:23:31,309 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {3443#true} {3443#true} #110#return; {3443#true} is VALID [2018-11-23 11:23:31,309 INFO L256 TraceCheckUtils]: 4: Hoare triple {3443#true} call #t~ret18 := main(); {3443#true} is VALID [2018-11-23 11:23:31,309 INFO L273 TraceCheckUtils]: 5: Hoare triple {3443#true} ~len~0 := 5bv32; {3443#true} is VALID [2018-11-23 11:23:31,309 INFO L256 TraceCheckUtils]: 6: Hoare triple {3443#true} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {3443#true} is VALID [2018-11-23 11:23:31,309 INFO L273 TraceCheckUtils]: 7: Hoare triple {3443#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {3443#true} is VALID [2018-11-23 11:23:31,310 INFO L273 TraceCheckUtils]: 8: Hoare triple {3443#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3443#true} is VALID [2018-11-23 11:23:31,310 INFO L273 TraceCheckUtils]: 9: Hoare triple {3443#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3443#true} is VALID [2018-11-23 11:23:31,310 INFO L273 TraceCheckUtils]: 10: Hoare triple {3443#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3443#true} is VALID [2018-11-23 11:23:31,310 INFO L273 TraceCheckUtils]: 11: Hoare triple {3443#true} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {3443#true} is VALID [2018-11-23 11:23:31,310 INFO L273 TraceCheckUtils]: 12: Hoare triple {3443#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3443#true} is VALID [2018-11-23 11:23:31,311 INFO L273 TraceCheckUtils]: 13: Hoare triple {3443#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3443#true} is VALID [2018-11-23 11:23:31,311 INFO L273 TraceCheckUtils]: 14: Hoare triple {3443#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3443#true} is VALID [2018-11-23 11:23:31,311 INFO L273 TraceCheckUtils]: 15: Hoare triple {3443#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3443#true} is VALID [2018-11-23 11:23:31,311 INFO L273 TraceCheckUtils]: 16: Hoare triple {3443#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3443#true} is VALID [2018-11-23 11:23:31,311 INFO L273 TraceCheckUtils]: 17: Hoare triple {3443#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3443#true} is VALID [2018-11-23 11:23:31,311 INFO L273 TraceCheckUtils]: 18: Hoare triple {3443#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3443#true} is VALID [2018-11-23 11:23:31,312 INFO L273 TraceCheckUtils]: 19: Hoare triple {3443#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3443#true} is VALID [2018-11-23 11:23:31,312 INFO L273 TraceCheckUtils]: 20: Hoare triple {3443#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3443#true} is VALID [2018-11-23 11:23:31,312 INFO L273 TraceCheckUtils]: 21: Hoare triple {3443#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3443#true} is VALID [2018-11-23 11:23:31,312 INFO L273 TraceCheckUtils]: 22: Hoare triple {3443#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3443#true} is VALID [2018-11-23 11:23:31,314 INFO L273 TraceCheckUtils]: 23: Hoare triple {3443#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:23:31,315 INFO L273 TraceCheckUtils]: 24: Hoare triple {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:23:31,315 INFO L273 TraceCheckUtils]: 25: Hoare triple {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:23:31,315 INFO L273 TraceCheckUtils]: 26: Hoare triple {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:23:31,317 INFO L273 TraceCheckUtils]: 27: Hoare triple {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3530#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:23:31,318 INFO L273 TraceCheckUtils]: 28: Hoare triple {3530#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3534#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:23:31,319 INFO L273 TraceCheckUtils]: 29: Hoare triple {3534#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3534#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:23:31,343 INFO L273 TraceCheckUtils]: 30: Hoare triple {3534#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3541#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:23:31,345 INFO L273 TraceCheckUtils]: 31: Hoare triple {3541#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3545#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} is VALID [2018-11-23 11:23:31,347 INFO L273 TraceCheckUtils]: 32: Hoare triple {3545#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3549#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:23:31,347 INFO L273 TraceCheckUtils]: 33: Hoare triple {3549#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} assume !~bvsgt32(~len, 0bv32); {3549#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:23:31,349 INFO L273 TraceCheckUtils]: 34: Hoare triple {3549#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {3556#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} is VALID [2018-11-23 11:23:31,350 INFO L273 TraceCheckUtils]: 35: Hoare triple {3556#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} assume true; {3556#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} is VALID [2018-11-23 11:23:31,352 INFO L268 TraceCheckUtils]: 36: Hoare quadruple {3556#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} {3443#true} #114#return; {3563#(and (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (_ bv0 32))) (= (select (select |#memory_int| |main_#t~ret4.base|) (_ bv16 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (_ bv8 32))) (= (_ bv0 32) |main_#t~ret4.offset|))} is VALID [2018-11-23 11:23:31,353 INFO L273 TraceCheckUtils]: 37: Hoare triple {3563#(and (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (_ bv0 32))) (= (select (select |#memory_int| |main_#t~ret4.base|) (_ bv16 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (_ bv8 32))) (= (_ bv0 32) |main_#t~ret4.offset|))} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {3567#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:23:31,354 INFO L273 TraceCheckUtils]: 38: Hoare triple {3567#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {3567#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:23:31,355 INFO L273 TraceCheckUtils]: 39: Hoare triple {3567#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {3567#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:23:31,356 INFO L273 TraceCheckUtils]: 40: Hoare triple {3567#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} assume !#t~short7;call #t~mem6 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short7 := 0bv32 != #t~mem6; {3567#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:23:31,357 INFO L273 TraceCheckUtils]: 41: Hoare triple {3567#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} #t~short9 := #t~short7; {3567#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:23:31,358 INFO L273 TraceCheckUtils]: 42: Hoare triple {3567#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {3583#(not |main_#t~short9|)} is VALID [2018-11-23 11:23:31,359 INFO L273 TraceCheckUtils]: 43: Hoare triple {3583#(not |main_#t~short9|)} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {3444#false} is VALID [2018-11-23 11:23:31,359 INFO L273 TraceCheckUtils]: 44: Hoare triple {3444#false} assume !false; {3444#false} is VALID [2018-11-23 11:23:31,364 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 32 proven. 5 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2018-11-23 11:23:31,364 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:23:31,931 WARN L180 SmtUtils]: Spent 467.00 ms on a formula simplification that was a NOOP. DAG size: 64 [2018-11-23 11:23:32,308 WARN L180 SmtUtils]: Spent 375.00 ms on a formula simplification that was a NOOP. DAG size: 58 [2018-11-23 11:23:32,938 WARN L180 SmtUtils]: Spent 621.00 ms on a formula simplification that was a NOOP. DAG size: 62 [2018-11-23 11:23:33,629 WARN L180 SmtUtils]: Spent 690.00 ms on a formula simplification that was a NOOP. DAG size: 62 [2018-11-23 11:23:37,670 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:23:37,679 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:23:37,687 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:23:37,687 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:30, output treesize:19 [2018-11-23 11:23:37,722 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:23:37,723 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_110|, dll_create_~head~0.offset]. (or (not (= |v_#memory_int_110| (store |#memory_int| dll_create_~head~0.base (let ((.cse0 (bvadd dll_create_~head~0.offset (_ bv12 32)))) (store (select |#memory_int| dll_create_~head~0.base) .cse0 (select (select |v_#memory_int_110| dll_create_~head~0.base) .cse0)))))) (= (select (select |v_#memory_int_110| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32))) (_ bv0 32))) [2018-11-23 11:23:37,723 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [dll_create_~head~0.offset, v_DerPreprocessor_12]. (= (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_12)) dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32))) (_ bv0 32)) [2018-11-23 11:23:38,093 WARN L180 SmtUtils]: Spent 219.00 ms on a formula simplification. DAG size of input: 43 DAG size of output: 39 [2018-11-23 11:23:38,113 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:23:38,133 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:23:38,211 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 35 [2018-11-23 11:23:38,222 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 35 treesize of output 39 [2018-11-23 11:23:38,233 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,235 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 47 [2018-11-23 11:23:38,263 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,263 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,265 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,266 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 42 treesize of output 62 [2018-11-23 11:23:38,301 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,314 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,327 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,338 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,352 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,365 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,436 INFO L303 Elim1Store]: Index analysis took 161 ms [2018-11-23 11:23:38,437 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 6 disjoint index pairs (out of 3 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 45 treesize of output 84 [2018-11-23 11:23:38,546 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,550 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,551 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,555 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,558 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,558 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,558 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,559 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,559 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,560 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,597 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 4 select indices, 4 select index equivalence classes, 10 disjoint index pairs (out of 6 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 48 treesize of output 101 [2018-11-23 11:23:38,604 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:23:38,664 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:38,704 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:38,737 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:38,766 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:38,798 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:38,885 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 31 [2018-11-23 11:23:38,895 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,896 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,896 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,897 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,897 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,897 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:23:38,908 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 4 select indices, 4 select index equivalence classes, 6 disjoint index pairs (out of 6 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 37 [2018-11-23 11:23:38,912 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:23:38,915 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:38,955 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:23:38,955 INFO L202 ElimStorePlain]: Needed 11 recursive calls to eliminate 5 variables, input treesize:73, output treesize:4 [2018-11-23 11:23:39,078 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:23:39,078 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_111|, dll_create_~head~0.offset, v_DerPreprocessor_12, |v_#memory_int_88|, |#memory_int|]. (let ((.cse0 (select |v_#memory_int_88| dll_create_~new_head~0.base)) (.cse2 (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (or (not (= |v_#memory_int_111| (store |v_#memory_int_88| dll_create_~new_head~0.base (let ((.cse1 (bvadd dll_create_~new_head~0.offset (_ bv12 32)))) (store .cse0 .cse1 (select (select |v_#memory_int_111| dll_create_~new_head~0.base) .cse1)))))) (not (= |v_#memory_int_88| (store |#memory_int| dll_create_~new_head~0.base (let ((.cse3 (bvadd dll_create_~new_head~0.offset (_ bv4 32)))) (store (store (store (store (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv8 32)) (_ bv0 32)) .cse2 (_ bv0 32)) .cse3 (select .cse0 .cse3)))))) (= (_ bv0 32) (select (select (store |v_#memory_int_111| dll_create_~head~0.base (store (select |v_#memory_int_111| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_12)) dll_create_~new_head~0.base) .cse2)))) [2018-11-23 11:23:39,079 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ []. (not (= dll_create_~new_head~0.base dll_create_~head~0.base)) [2018-11-23 11:23:39,151 INFO L273 TraceCheckUtils]: 44: Hoare triple {3444#false} assume !false; {3444#false} is VALID [2018-11-23 11:23:39,152 INFO L273 TraceCheckUtils]: 43: Hoare triple {3583#(not |main_#t~short9|)} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {3444#false} is VALID [2018-11-23 11:23:39,152 INFO L273 TraceCheckUtils]: 42: Hoare triple {3596#(= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32))))} assume !#t~short9;call #t~mem8 := read~intINTTYPE4(~head~1.base, ~bvadd32(16bv32, ~head~1.offset), 4bv32);#t~short9 := 0bv32 != #t~mem8; {3583#(not |main_#t~short9|)} is VALID [2018-11-23 11:23:39,153 INFO L273 TraceCheckUtils]: 41: Hoare triple {3596#(= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32))))} #t~short9 := #t~short7; {3596#(= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32))))} is VALID [2018-11-23 11:23:39,153 INFO L273 TraceCheckUtils]: 40: Hoare triple {3596#(= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32))))} assume !#t~short7;call #t~mem6 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short7 := 0bv32 != #t~mem6; {3596#(= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32))))} is VALID [2018-11-23 11:23:39,154 INFO L273 TraceCheckUtils]: 39: Hoare triple {3596#(= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32))))} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {3596#(= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32))))} is VALID [2018-11-23 11:23:39,155 INFO L273 TraceCheckUtils]: 38: Hoare triple {3596#(= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32))))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {3596#(= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32))))} is VALID [2018-11-23 11:23:39,155 INFO L273 TraceCheckUtils]: 37: Hoare triple {3612#(= (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv16 32))) (_ bv0 32))} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {3596#(= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32))))} is VALID [2018-11-23 11:23:39,169 INFO L268 TraceCheckUtils]: 36: Hoare quadruple {3619#(= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32))} {3443#true} #114#return; {3612#(= (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv16 32))) (_ bv0 32))} is VALID [2018-11-23 11:23:39,169 INFO L273 TraceCheckUtils]: 35: Hoare triple {3619#(= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32))} assume true; {3619#(= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32))} is VALID [2018-11-23 11:23:39,170 INFO L273 TraceCheckUtils]: 34: Hoare triple {3626#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32))))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {3619#(= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32))} is VALID [2018-11-23 11:23:39,170 INFO L273 TraceCheckUtils]: 33: Hoare triple {3626#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32))))} assume !~bvsgt32(~len, 0bv32); {3626#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32))))} is VALID [2018-11-23 11:23:39,171 INFO L273 TraceCheckUtils]: 32: Hoare triple {3633#(= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32))))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3626#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32))))} is VALID [2018-11-23 11:23:39,174 INFO L273 TraceCheckUtils]: 31: Hoare triple {3637#(forall ((dll_create_~head~0.offset (_ BitVec 32)) (v_DerPreprocessor_12 (_ BitVec 32))) (= (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_12)) dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32))) (_ bv0 32)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3633#(= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32))))} is VALID [2018-11-23 11:23:39,178 INFO L273 TraceCheckUtils]: 30: Hoare triple {3641#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3637#(forall ((dll_create_~head~0.offset (_ BitVec 32)) (v_DerPreprocessor_12 (_ BitVec 32))) (= (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_12)) dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32))) (_ bv0 32)))} is VALID [2018-11-23 11:23:39,179 INFO L273 TraceCheckUtils]: 29: Hoare triple {3641#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3641#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} is VALID [2018-11-23 11:23:39,179 INFO L273 TraceCheckUtils]: 28: Hoare triple {3530#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3641#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} is VALID [2018-11-23 11:23:39,181 INFO L273 TraceCheckUtils]: 27: Hoare triple {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3530#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:23:39,182 INFO L273 TraceCheckUtils]: 26: Hoare triple {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:23:39,182 INFO L273 TraceCheckUtils]: 25: Hoare triple {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:23:39,183 INFO L273 TraceCheckUtils]: 24: Hoare triple {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:23:39,184 INFO L273 TraceCheckUtils]: 23: Hoare triple {3443#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3517#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:23:39,184 INFO L273 TraceCheckUtils]: 22: Hoare triple {3443#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3443#true} is VALID [2018-11-23 11:23:39,185 INFO L273 TraceCheckUtils]: 21: Hoare triple {3443#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3443#true} is VALID [2018-11-23 11:23:39,185 INFO L273 TraceCheckUtils]: 20: Hoare triple {3443#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3443#true} is VALID [2018-11-23 11:23:39,185 INFO L273 TraceCheckUtils]: 19: Hoare triple {3443#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3443#true} is VALID [2018-11-23 11:23:39,185 INFO L273 TraceCheckUtils]: 18: Hoare triple {3443#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3443#true} is VALID [2018-11-23 11:23:39,186 INFO L273 TraceCheckUtils]: 17: Hoare triple {3443#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3443#true} is VALID [2018-11-23 11:23:39,186 INFO L273 TraceCheckUtils]: 16: Hoare triple {3443#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {3443#true} is VALID [2018-11-23 11:23:39,186 INFO L273 TraceCheckUtils]: 15: Hoare triple {3443#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3443#true} is VALID [2018-11-23 11:23:39,186 INFO L273 TraceCheckUtils]: 14: Hoare triple {3443#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3443#true} is VALID [2018-11-23 11:23:39,186 INFO L273 TraceCheckUtils]: 13: Hoare triple {3443#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3443#true} is VALID [2018-11-23 11:23:39,187 INFO L273 TraceCheckUtils]: 12: Hoare triple {3443#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {3443#true} is VALID [2018-11-23 11:23:39,187 INFO L273 TraceCheckUtils]: 11: Hoare triple {3443#true} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {3443#true} is VALID [2018-11-23 11:23:39,187 INFO L273 TraceCheckUtils]: 10: Hoare triple {3443#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {3443#true} is VALID [2018-11-23 11:23:39,187 INFO L273 TraceCheckUtils]: 9: Hoare triple {3443#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {3443#true} is VALID [2018-11-23 11:23:39,187 INFO L273 TraceCheckUtils]: 8: Hoare triple {3443#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {3443#true} is VALID [2018-11-23 11:23:39,188 INFO L273 TraceCheckUtils]: 7: Hoare triple {3443#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {3443#true} is VALID [2018-11-23 11:23:39,188 INFO L256 TraceCheckUtils]: 6: Hoare triple {3443#true} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {3443#true} is VALID [2018-11-23 11:23:39,188 INFO L273 TraceCheckUtils]: 5: Hoare triple {3443#true} ~len~0 := 5bv32; {3443#true} is VALID [2018-11-23 11:23:39,188 INFO L256 TraceCheckUtils]: 4: Hoare triple {3443#true} call #t~ret18 := main(); {3443#true} is VALID [2018-11-23 11:23:39,189 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {3443#true} {3443#true} #110#return; {3443#true} is VALID [2018-11-23 11:23:39,189 INFO L273 TraceCheckUtils]: 2: Hoare triple {3443#true} assume true; {3443#true} is VALID [2018-11-23 11:23:39,189 INFO L273 TraceCheckUtils]: 1: Hoare triple {3443#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {3443#true} is VALID [2018-11-23 11:23:39,189 INFO L256 TraceCheckUtils]: 0: Hoare triple {3443#true} call ULTIMATE.init(); {3443#true} is VALID [2018-11-23 11:23:39,192 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 32 proven. 5 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2018-11-23 11:23:39,195 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:23:39,195 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 12] total 19 [2018-11-23 11:23:39,196 INFO L78 Accepts]: Start accepts. Automaton has 19 states. Word has length 45 [2018-11-23 11:23:39,196 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:23:39,196 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 19 states. [2018-11-23 11:23:39,280 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 51 edges. 51 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:23:39,280 INFO L459 AbstractCegarLoop]: Interpolant automaton has 19 states [2018-11-23 11:23:39,281 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 19 interpolants. [2018-11-23 11:23:39,281 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=48, Invalid=294, Unknown=0, NotChecked=0, Total=342 [2018-11-23 11:23:39,281 INFO L87 Difference]: Start difference. First operand 57 states and 69 transitions. Second operand 19 states. [2018-11-23 11:24:06,830 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:24:06,830 INFO L93 Difference]: Finished difference Result 70 states and 85 transitions. [2018-11-23 11:24:06,830 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2018-11-23 11:24:06,830 INFO L78 Accepts]: Start accepts. Automaton has 19 states. Word has length 45 [2018-11-23 11:24:06,831 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:24:06,831 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 19 states. [2018-11-23 11:24:06,837 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 69 transitions. [2018-11-23 11:24:06,837 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 19 states. [2018-11-23 11:24:06,838 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 69 transitions. [2018-11-23 11:24:06,838 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 69 transitions. [2018-11-23 11:24:06,983 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 69 edges. 69 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:24:06,984 INFO L225 Difference]: With dead ends: 70 [2018-11-23 11:24:06,984 INFO L226 Difference]: Without dead ends: 68 [2018-11-23 11:24:06,985 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 99 GetRequests, 72 SyntacticMatches, 1 SemanticMatches, 26 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 72 ImplicationChecksByTransitivity, 1.2s TimeCoverageRelationStatistics Valid=135, Invalid=621, Unknown=0, NotChecked=0, Total=756 [2018-11-23 11:24:06,985 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 68 states. [2018-11-23 11:24:07,049 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 68 to 60. [2018-11-23 11:24:07,049 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:24:07,050 INFO L82 GeneralOperation]: Start isEquivalent. First operand 68 states. Second operand 60 states. [2018-11-23 11:24:07,050 INFO L74 IsIncluded]: Start isIncluded. First operand 68 states. Second operand 60 states. [2018-11-23 11:24:07,050 INFO L87 Difference]: Start difference. First operand 68 states. Second operand 60 states. [2018-11-23 11:24:07,052 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:24:07,052 INFO L93 Difference]: Finished difference Result 68 states and 83 transitions. [2018-11-23 11:24:07,052 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 83 transitions. [2018-11-23 11:24:07,052 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:24:07,053 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:24:07,053 INFO L74 IsIncluded]: Start isIncluded. First operand 60 states. Second operand 68 states. [2018-11-23 11:24:07,053 INFO L87 Difference]: Start difference. First operand 60 states. Second operand 68 states. [2018-11-23 11:24:07,054 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:24:07,054 INFO L93 Difference]: Finished difference Result 68 states and 83 transitions. [2018-11-23 11:24:07,054 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 83 transitions. [2018-11-23 11:24:07,055 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:24:07,055 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:24:07,055 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:24:07,055 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:24:07,055 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 60 states. [2018-11-23 11:24:07,056 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 60 states to 60 states and 73 transitions. [2018-11-23 11:24:07,057 INFO L78 Accepts]: Start accepts. Automaton has 60 states and 73 transitions. Word has length 45 [2018-11-23 11:24:07,057 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:24:07,057 INFO L480 AbstractCegarLoop]: Abstraction has 60 states and 73 transitions. [2018-11-23 11:24:07,057 INFO L481 AbstractCegarLoop]: Interpolant automaton has 19 states. [2018-11-23 11:24:07,057 INFO L276 IsEmpty]: Start isEmpty. Operand 60 states and 73 transitions. [2018-11-23 11:24:07,058 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 46 [2018-11-23 11:24:07,058 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:24:07,058 INFO L402 BasicCegarLoop]: trace histogram [5, 5, 5, 5, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:24:07,058 INFO L423 AbstractCegarLoop]: === Iteration 11 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:24:07,059 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:24:07,059 INFO L82 PathProgramCache]: Analyzing trace with hash 117208632, now seen corresponding path program 1 times [2018-11-23 11:24:07,059 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:24:07,059 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 12 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 12 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:24:07,086 INFO L101 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2018-11-23 11:24:07,237 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:24:07,276 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:24:07,278 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:24:07,301 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:24:07,303 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:07,305 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:07,306 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2018-11-23 11:24:07,310 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:24:07,310 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_90|]. (= (store |v_#valid_90| dll_create_~new_head~0.base (_ bv1 1)) |#valid|) [2018-11-23 11:24:07,310 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base)) [2018-11-23 11:24:07,344 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,345 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,346 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:24:07,348 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:07,355 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:07,355 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:16, output treesize:8 [2018-11-23 11:24:07,395 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:24:07,431 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:24:07,610 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 34 [2018-11-23 11:24:07,668 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 34 treesize of output 37 [2018-11-23 11:24:07,734 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,735 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 45 [2018-11-23 11:24:07,769 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,779 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,789 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,790 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 61 [2018-11-23 11:24:07,799 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,800 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,802 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,803 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,806 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,807 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,816 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 6 disjoint index pairs (out of 3 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 41 treesize of output 85 [2018-11-23 11:24:07,828 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,830 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,832 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,834 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,836 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,837 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,839 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,840 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,841 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,842 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:07,863 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 4 select indices, 4 select index equivalence classes, 10 disjoint index pairs (out of 6 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 43 treesize of output 107 [2018-11-23 11:24:07,867 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:07,900 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:07,922 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:07,939 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:07,956 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:07,971 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:07,998 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:07,999 INFO L202 ElimStorePlain]: Needed 9 recursive calls to eliminate 2 variables, input treesize:59, output treesize:33 [2018-11-23 11:24:08,603 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:24:08,603 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_114|, |v_#memory_int_115|]. (let ((.cse0 (select |v_#memory_int_114| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (store |v_#memory_int_114| dll_create_~new_head~0.base (let ((.cse1 (bvadd dll_create_~new_head~0.offset (_ bv12 32)))) (store .cse0 .cse1 (select (select |#memory_int| dll_create_~new_head~0.base) .cse1)))) |#memory_int|) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)) (= (store |v_#memory_int_115| dll_create_~new_head~0.base (let ((.cse2 (bvadd dll_create_~new_head~0.offset (_ bv4 32)))) (store (store (store (store (select |v_#memory_int_115| dll_create_~new_head~0.base) dll_create_~new_head~0.offset (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv8 32)) (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) (_ bv0 32)) .cse2 (select .cse0 .cse2)))) |v_#memory_int_114|))) [2018-11-23 11:24:08,604 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))) [2018-11-23 11:24:08,670 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 45 treesize of output 46 [2018-11-23 11:24:08,679 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 1 [2018-11-23 11:24:08,686 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:08,703 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:08,730 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:08,730 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:52, output treesize:29 [2018-11-23 11:24:08,745 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:24:08,745 WARN L384 uantifierElimination]: Input elimination task: ∃ [dll_create_~head~0.base, dll_create_~head~0.offset, |v_#memory_int_116|]. (let ((.cse0 (select |v_#memory_int_116| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (select .cse0 dll_create_~new_head~0.offset) (_ bv0 32)) (= (store |v_#memory_int_116| dll_create_~head~0.base (let ((.cse1 (bvadd dll_create_~head~0.offset (_ bv12 32)))) (store (select |v_#memory_int_116| dll_create_~head~0.base) .cse1 (select (select |#memory_int| dll_create_~head~0.base) .cse1)))) |#memory_int|) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv16 32))) (_ bv0 32)))) [2018-11-23 11:24:08,745 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)))) [2018-11-23 11:24:09,124 INFO L256 TraceCheckUtils]: 0: Hoare triple {4048#true} call ULTIMATE.init(); {4048#true} is VALID [2018-11-23 11:24:09,125 INFO L273 TraceCheckUtils]: 1: Hoare triple {4048#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {4048#true} is VALID [2018-11-23 11:24:09,125 INFO L273 TraceCheckUtils]: 2: Hoare triple {4048#true} assume true; {4048#true} is VALID [2018-11-23 11:24:09,125 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {4048#true} {4048#true} #110#return; {4048#true} is VALID [2018-11-23 11:24:09,126 INFO L256 TraceCheckUtils]: 4: Hoare triple {4048#true} call #t~ret18 := main(); {4048#true} is VALID [2018-11-23 11:24:09,126 INFO L273 TraceCheckUtils]: 5: Hoare triple {4048#true} ~len~0 := 5bv32; {4048#true} is VALID [2018-11-23 11:24:09,126 INFO L256 TraceCheckUtils]: 6: Hoare triple {4048#true} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {4048#true} is VALID [2018-11-23 11:24:09,127 INFO L273 TraceCheckUtils]: 7: Hoare triple {4048#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {4048#true} is VALID [2018-11-23 11:24:09,127 INFO L273 TraceCheckUtils]: 8: Hoare triple {4048#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4048#true} is VALID [2018-11-23 11:24:09,127 INFO L273 TraceCheckUtils]: 9: Hoare triple {4048#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4048#true} is VALID [2018-11-23 11:24:09,127 INFO L273 TraceCheckUtils]: 10: Hoare triple {4048#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4048#true} is VALID [2018-11-23 11:24:09,128 INFO L273 TraceCheckUtils]: 11: Hoare triple {4048#true} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {4048#true} is VALID [2018-11-23 11:24:09,128 INFO L273 TraceCheckUtils]: 12: Hoare triple {4048#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4048#true} is VALID [2018-11-23 11:24:09,128 INFO L273 TraceCheckUtils]: 13: Hoare triple {4048#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4048#true} is VALID [2018-11-23 11:24:09,128 INFO L273 TraceCheckUtils]: 14: Hoare triple {4048#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4048#true} is VALID [2018-11-23 11:24:09,128 INFO L273 TraceCheckUtils]: 15: Hoare triple {4048#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4048#true} is VALID [2018-11-23 11:24:09,129 INFO L273 TraceCheckUtils]: 16: Hoare triple {4048#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4048#true} is VALID [2018-11-23 11:24:09,129 INFO L273 TraceCheckUtils]: 17: Hoare triple {4048#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4048#true} is VALID [2018-11-23 11:24:09,129 INFO L273 TraceCheckUtils]: 18: Hoare triple {4048#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4048#true} is VALID [2018-11-23 11:24:09,129 INFO L273 TraceCheckUtils]: 19: Hoare triple {4048#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4048#true} is VALID [2018-11-23 11:24:09,129 INFO L273 TraceCheckUtils]: 20: Hoare triple {4048#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4048#true} is VALID [2018-11-23 11:24:09,129 INFO L273 TraceCheckUtils]: 21: Hoare triple {4048#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4048#true} is VALID [2018-11-23 11:24:09,129 INFO L273 TraceCheckUtils]: 22: Hoare triple {4048#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4048#true} is VALID [2018-11-23 11:24:09,131 INFO L273 TraceCheckUtils]: 23: Hoare triple {4048#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:09,131 INFO L273 TraceCheckUtils]: 24: Hoare triple {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:09,131 INFO L273 TraceCheckUtils]: 25: Hoare triple {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:09,132 INFO L273 TraceCheckUtils]: 26: Hoare triple {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:09,133 INFO L273 TraceCheckUtils]: 27: Hoare triple {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4135#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:24:09,134 INFO L273 TraceCheckUtils]: 28: Hoare triple {4135#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4139#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:24:09,135 INFO L273 TraceCheckUtils]: 29: Hoare triple {4139#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4139#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:24:09,156 INFO L273 TraceCheckUtils]: 30: Hoare triple {4139#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4146#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:24:09,158 INFO L273 TraceCheckUtils]: 31: Hoare triple {4146#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4150#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} is VALID [2018-11-23 11:24:09,160 INFO L273 TraceCheckUtils]: 32: Hoare triple {4150#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4154#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:24:09,161 INFO L273 TraceCheckUtils]: 33: Hoare triple {4154#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} assume !~bvsgt32(~len, 0bv32); {4154#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:24:09,163 INFO L273 TraceCheckUtils]: 34: Hoare triple {4154#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {4161#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} is VALID [2018-11-23 11:24:09,164 INFO L273 TraceCheckUtils]: 35: Hoare triple {4161#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} assume true; {4161#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} is VALID [2018-11-23 11:24:09,166 INFO L268 TraceCheckUtils]: 36: Hoare quadruple {4161#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} {4048#true} #114#return; {4168#(and (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (_ bv0 32))) (= (select (select |#memory_int| |main_#t~ret4.base|) (_ bv16 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (_ bv8 32))) (= (_ bv0 32) |main_#t~ret4.offset|))} is VALID [2018-11-23 11:24:09,167 INFO L273 TraceCheckUtils]: 37: Hoare triple {4168#(and (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (_ bv0 32))) (= (select (select |#memory_int| |main_#t~ret4.base|) (_ bv16 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (_ bv8 32))) (= (_ bv0 32) |main_#t~ret4.offset|))} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {4172#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:24:09,169 INFO L273 TraceCheckUtils]: 38: Hoare triple {4172#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {4172#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:24:09,170 INFO L273 TraceCheckUtils]: 39: Hoare triple {4172#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {4172#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:24:09,171 INFO L273 TraceCheckUtils]: 40: Hoare triple {4172#(and (= (select (select |#memory_int| main_~head~1.base) (_ bv16 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (_ bv8 32)) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (_ bv0 32))) (= (_ bv0 32) main_~head~1.offset))} assume !#t~short7;call #t~mem6 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short7 := 0bv32 != #t~mem6; {4182#(not |main_#t~short7|)} is VALID [2018-11-23 11:24:09,172 INFO L273 TraceCheckUtils]: 41: Hoare triple {4182#(not |main_#t~short7|)} #t~short9 := #t~short7; {4186#(not |main_#t~short9|)} is VALID [2018-11-23 11:24:09,172 INFO L273 TraceCheckUtils]: 42: Hoare triple {4186#(not |main_#t~short9|)} assume #t~short9; {4049#false} is VALID [2018-11-23 11:24:09,173 INFO L273 TraceCheckUtils]: 43: Hoare triple {4049#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {4049#false} is VALID [2018-11-23 11:24:09,173 INFO L273 TraceCheckUtils]: 44: Hoare triple {4049#false} assume !false; {4049#false} is VALID [2018-11-23 11:24:09,178 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 32 proven. 5 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2018-11-23 11:24:09,179 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:24:09,892 WARN L180 SmtUtils]: Spent 605.00 ms on a formula simplification that was a NOOP. DAG size: 64 [2018-11-23 11:24:10,269 WARN L180 SmtUtils]: Spent 374.00 ms on a formula simplification that was a NOOP. DAG size: 58 [2018-11-23 11:24:10,717 WARN L180 SmtUtils]: Spent 444.00 ms on a formula simplification that was a NOOP. DAG size: 62 [2018-11-23 11:24:11,139 WARN L180 SmtUtils]: Spent 420.00 ms on a formula simplification that was a NOOP. DAG size: 62 [2018-11-23 11:24:13,142 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:24:13,152 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:24:13,162 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:24:13,162 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:30, output treesize:19 [2018-11-23 11:24:13,182 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:24:13,182 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_136|, dll_create_~head~0.offset]. (or (not (= |v_#memory_int_136| (store |#memory_int| dll_create_~head~0.base (let ((.cse0 (bvadd dll_create_~head~0.offset (_ bv12 32)))) (store (select |#memory_int| dll_create_~head~0.base) .cse0 (select (select |v_#memory_int_136| dll_create_~head~0.base) .cse0)))))) (= (select (select |v_#memory_int_136| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32))) [2018-11-23 11:24:13,183 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [dll_create_~head~0.offset, v_DerPreprocessor_18]. (= (_ bv0 32) (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_18)) dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32)))) [2018-11-23 11:24:15,589 WARN L180 SmtUtils]: Spent 236.00 ms on a formula simplification. DAG size of input: 45 DAG size of output: 41 [2018-11-23 11:24:15,601 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:24:15,616 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:24:15,687 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:15,691 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:15,727 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:15,727 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 5 variables, input treesize:73, output treesize:4 [2018-11-23 11:24:15,893 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:24:15,893 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_137|, dll_create_~head~0.offset, v_DerPreprocessor_18, |v_#memory_int_114|, |#memory_int|]. (let ((.cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (.cse1 (select |v_#memory_int_114| dll_create_~new_head~0.base))) (or (= (select (select (store |v_#memory_int_137| dll_create_~head~0.base (store (select |v_#memory_int_137| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_18)) dll_create_~new_head~0.base) .cse0) (_ bv0 32)) (not (= |v_#memory_int_137| (store |v_#memory_int_114| dll_create_~new_head~0.base (let ((.cse2 (bvadd dll_create_~new_head~0.offset (_ bv12 32)))) (store .cse1 .cse2 (select (select |v_#memory_int_137| dll_create_~new_head~0.base) .cse2)))))) (not (= |v_#memory_int_114| (store |#memory_int| dll_create_~new_head~0.base (let ((.cse3 (bvadd dll_create_~new_head~0.offset (_ bv4 32)))) (store (store (store (store (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset (_ bv0 32)) .cse0 (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) (_ bv0 32)) .cse3 (select .cse1 .cse3)))))))) [2018-11-23 11:24:15,894 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ []. (not (= dll_create_~new_head~0.base dll_create_~head~0.base)) [2018-11-23 11:24:15,994 INFO L273 TraceCheckUtils]: 44: Hoare triple {4049#false} assume !false; {4049#false} is VALID [2018-11-23 11:24:15,994 INFO L273 TraceCheckUtils]: 43: Hoare triple {4049#false} assume #t~short9;havoc #t~mem5;havoc #t~mem8;havoc #t~short7;havoc #t~mem6;havoc #t~short9; {4049#false} is VALID [2018-11-23 11:24:15,995 INFO L273 TraceCheckUtils]: 42: Hoare triple {4186#(not |main_#t~short9|)} assume #t~short9; {4049#false} is VALID [2018-11-23 11:24:15,995 INFO L273 TraceCheckUtils]: 41: Hoare triple {4182#(not |main_#t~short7|)} #t~short9 := #t~short7; {4186#(not |main_#t~short9|)} is VALID [2018-11-23 11:24:15,996 INFO L273 TraceCheckUtils]: 40: Hoare triple {4208#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} assume !#t~short7;call #t~mem6 := read~intINTTYPE4(~head~1.base, ~bvadd32(8bv32, ~head~1.offset), 4bv32);#t~short7 := 0bv32 != #t~mem6; {4182#(not |main_#t~short7|)} is VALID [2018-11-23 11:24:15,997 INFO L273 TraceCheckUtils]: 39: Hoare triple {4208#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} assume !!(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset;call #t~mem5 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short7 := 0bv32 != #t~mem5; {4208#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} is VALID [2018-11-23 11:24:15,997 INFO L273 TraceCheckUtils]: 38: Hoare triple {4208#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {4208#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} is VALID [2018-11-23 11:24:15,998 INFO L273 TraceCheckUtils]: 37: Hoare triple {4218#(= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv8 32))))} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {4208#(= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32))} is VALID [2018-11-23 11:24:15,999 INFO L268 TraceCheckUtils]: 36: Hoare quadruple {4225#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32))))} {4048#true} #114#return; {4218#(= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv8 32))))} is VALID [2018-11-23 11:24:16,000 INFO L273 TraceCheckUtils]: 35: Hoare triple {4225#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32))))} assume true; {4225#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32))))} is VALID [2018-11-23 11:24:16,000 INFO L273 TraceCheckUtils]: 34: Hoare triple {4232#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32))))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {4225#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32))))} is VALID [2018-11-23 11:24:16,001 INFO L273 TraceCheckUtils]: 33: Hoare triple {4232#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32))))} assume !~bvsgt32(~len, 0bv32); {4232#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32))))} is VALID [2018-11-23 11:24:16,003 INFO L273 TraceCheckUtils]: 32: Hoare triple {4239#(= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4232#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32))))} is VALID [2018-11-23 11:24:16,009 INFO L273 TraceCheckUtils]: 31: Hoare triple {4243#(forall ((dll_create_~head~0.offset (_ BitVec 32)) (v_DerPreprocessor_18 (_ BitVec 32))) (= (_ bv0 32) (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_18)) dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32)))))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4239#(= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32))} is VALID [2018-11-23 11:24:16,013 INFO L273 TraceCheckUtils]: 30: Hoare triple {4247#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4243#(forall ((dll_create_~head~0.offset (_ BitVec 32)) (v_DerPreprocessor_18 (_ BitVec 32))) (= (_ bv0 32) (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_18)) dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:24:16,014 INFO L273 TraceCheckUtils]: 29: Hoare triple {4247#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4247#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} is VALID [2018-11-23 11:24:16,015 INFO L273 TraceCheckUtils]: 28: Hoare triple {4135#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4247#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} is VALID [2018-11-23 11:24:16,016 INFO L273 TraceCheckUtils]: 27: Hoare triple {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4135#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:24:16,016 INFO L273 TraceCheckUtils]: 26: Hoare triple {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:16,016 INFO L273 TraceCheckUtils]: 25: Hoare triple {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:16,017 INFO L273 TraceCheckUtils]: 24: Hoare triple {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:16,018 INFO L273 TraceCheckUtils]: 23: Hoare triple {4048#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4122#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:16,018 INFO L273 TraceCheckUtils]: 22: Hoare triple {4048#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4048#true} is VALID [2018-11-23 11:24:16,018 INFO L273 TraceCheckUtils]: 21: Hoare triple {4048#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4048#true} is VALID [2018-11-23 11:24:16,019 INFO L273 TraceCheckUtils]: 20: Hoare triple {4048#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4048#true} is VALID [2018-11-23 11:24:16,019 INFO L273 TraceCheckUtils]: 19: Hoare triple {4048#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4048#true} is VALID [2018-11-23 11:24:16,019 INFO L273 TraceCheckUtils]: 18: Hoare triple {4048#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4048#true} is VALID [2018-11-23 11:24:16,019 INFO L273 TraceCheckUtils]: 17: Hoare triple {4048#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4048#true} is VALID [2018-11-23 11:24:16,019 INFO L273 TraceCheckUtils]: 16: Hoare triple {4048#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4048#true} is VALID [2018-11-23 11:24:16,020 INFO L273 TraceCheckUtils]: 15: Hoare triple {4048#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4048#true} is VALID [2018-11-23 11:24:16,020 INFO L273 TraceCheckUtils]: 14: Hoare triple {4048#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4048#true} is VALID [2018-11-23 11:24:16,020 INFO L273 TraceCheckUtils]: 13: Hoare triple {4048#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4048#true} is VALID [2018-11-23 11:24:16,020 INFO L273 TraceCheckUtils]: 12: Hoare triple {4048#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4048#true} is VALID [2018-11-23 11:24:16,020 INFO L273 TraceCheckUtils]: 11: Hoare triple {4048#true} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {4048#true} is VALID [2018-11-23 11:24:16,020 INFO L273 TraceCheckUtils]: 10: Hoare triple {4048#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4048#true} is VALID [2018-11-23 11:24:16,020 INFO L273 TraceCheckUtils]: 9: Hoare triple {4048#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4048#true} is VALID [2018-11-23 11:24:16,021 INFO L273 TraceCheckUtils]: 8: Hoare triple {4048#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4048#true} is VALID [2018-11-23 11:24:16,021 INFO L273 TraceCheckUtils]: 7: Hoare triple {4048#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {4048#true} is VALID [2018-11-23 11:24:16,021 INFO L256 TraceCheckUtils]: 6: Hoare triple {4048#true} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {4048#true} is VALID [2018-11-23 11:24:16,021 INFO L273 TraceCheckUtils]: 5: Hoare triple {4048#true} ~len~0 := 5bv32; {4048#true} is VALID [2018-11-23 11:24:16,021 INFO L256 TraceCheckUtils]: 4: Hoare triple {4048#true} call #t~ret18 := main(); {4048#true} is VALID [2018-11-23 11:24:16,021 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {4048#true} {4048#true} #110#return; {4048#true} is VALID [2018-11-23 11:24:16,021 INFO L273 TraceCheckUtils]: 2: Hoare triple {4048#true} assume true; {4048#true} is VALID [2018-11-23 11:24:16,022 INFO L273 TraceCheckUtils]: 1: Hoare triple {4048#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {4048#true} is VALID [2018-11-23 11:24:16,022 INFO L256 TraceCheckUtils]: 0: Hoare triple {4048#true} call ULTIMATE.init(); {4048#true} is VALID [2018-11-23 11:24:16,025 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 32 proven. 5 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2018-11-23 11:24:16,027 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:24:16,027 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 13] total 20 [2018-11-23 11:24:16,027 INFO L78 Accepts]: Start accepts. Automaton has 20 states. Word has length 45 [2018-11-23 11:24:16,028 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:24:16,028 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 20 states. [2018-11-23 11:24:16,108 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 49 edges. 49 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:24:16,108 INFO L459 AbstractCegarLoop]: Interpolant automaton has 20 states [2018-11-23 11:24:16,108 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 20 interpolants. [2018-11-23 11:24:16,109 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=50, Invalid=329, Unknown=1, NotChecked=0, Total=380 [2018-11-23 11:24:16,109 INFO L87 Difference]: Start difference. First operand 60 states and 73 transitions. Second operand 20 states. [2018-11-23 11:24:53,033 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:24:53,033 INFO L93 Difference]: Finished difference Result 70 states and 84 transitions. [2018-11-23 11:24:53,033 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2018-11-23 11:24:53,033 INFO L78 Accepts]: Start accepts. Automaton has 20 states. Word has length 45 [2018-11-23 11:24:53,034 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:24:53,034 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 20 states. [2018-11-23 11:24:53,035 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 68 transitions. [2018-11-23 11:24:53,035 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 20 states. [2018-11-23 11:24:53,036 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 68 transitions. [2018-11-23 11:24:53,036 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states and 68 transitions. [2018-11-23 11:24:53,182 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 68 edges. 68 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:24:53,184 INFO L225 Difference]: With dead ends: 70 [2018-11-23 11:24:53,184 INFO L226 Difference]: Without dead ends: 67 [2018-11-23 11:24:53,185 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 100 GetRequests, 71 SyntacticMatches, 1 SemanticMatches, 28 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 84 ImplicationChecksByTransitivity, 3.4s TimeCoverageRelationStatistics Valid=144, Invalid=725, Unknown=1, NotChecked=0, Total=870 [2018-11-23 11:24:53,185 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 67 states. [2018-11-23 11:24:53,257 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 67 to 60. [2018-11-23 11:24:53,257 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:24:53,258 INFO L82 GeneralOperation]: Start isEquivalent. First operand 67 states. Second operand 60 states. [2018-11-23 11:24:53,258 INFO L74 IsIncluded]: Start isIncluded. First operand 67 states. Second operand 60 states. [2018-11-23 11:24:53,258 INFO L87 Difference]: Start difference. First operand 67 states. Second operand 60 states. [2018-11-23 11:24:53,260 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:24:53,260 INFO L93 Difference]: Finished difference Result 67 states and 81 transitions. [2018-11-23 11:24:53,260 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 81 transitions. [2018-11-23 11:24:53,261 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:24:53,261 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:24:53,261 INFO L74 IsIncluded]: Start isIncluded. First operand 60 states. Second operand 67 states. [2018-11-23 11:24:53,261 INFO L87 Difference]: Start difference. First operand 60 states. Second operand 67 states. [2018-11-23 11:24:53,262 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:24:53,262 INFO L93 Difference]: Finished difference Result 67 states and 81 transitions. [2018-11-23 11:24:53,262 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 81 transitions. [2018-11-23 11:24:53,262 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:24:53,263 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:24:53,263 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:24:53,263 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:24:53,263 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 60 states. [2018-11-23 11:24:53,264 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 60 states to 60 states and 72 transitions. [2018-11-23 11:24:53,264 INFO L78 Accepts]: Start accepts. Automaton has 60 states and 72 transitions. Word has length 45 [2018-11-23 11:24:53,264 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:24:53,264 INFO L480 AbstractCegarLoop]: Abstraction has 60 states and 72 transitions. [2018-11-23 11:24:53,264 INFO L481 AbstractCegarLoop]: Interpolant automaton has 20 states. [2018-11-23 11:24:53,264 INFO L276 IsEmpty]: Start isEmpty. Operand 60 states and 72 transitions. [2018-11-23 11:24:53,265 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 47 [2018-11-23 11:24:53,265 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:24:53,265 INFO L402 BasicCegarLoop]: trace histogram [5, 5, 5, 5, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:24:53,265 INFO L423 AbstractCegarLoop]: === Iteration 12 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:24:53,265 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:24:53,265 INFO L82 PathProgramCache]: Analyzing trace with hash -1725522861, now seen corresponding path program 1 times [2018-11-23 11:24:53,266 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:24:53,266 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 13 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 13 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:24:53,281 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:24:53,437 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:24:53,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:24:53,480 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:24:53,504 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:24:53,505 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:53,507 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:53,507 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2018-11-23 11:24:53,511 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:24:53,512 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_107|]. (= |#valid| (store |v_#valid_107| dll_create_~new_head~0.base (_ bv1 1))) [2018-11-23 11:24:53,512 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base)) [2018-11-23 11:24:53,545 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,546 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,547 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:24:53,548 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:53,555 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:53,555 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:16, output treesize:8 [2018-11-23 11:24:53,623 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 32 treesize of output 29 [2018-11-23 11:24:53,644 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 32 [2018-11-23 11:24:53,678 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,679 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 32 treesize of output 40 [2018-11-23 11:24:53,703 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,717 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,732 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,733 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 34 treesize of output 56 [2018-11-23 11:24:53,758 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,762 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,774 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,782 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,788 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,794 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:53,840 INFO L303 Elim1Store]: Index analysis took 102 ms [2018-11-23 11:24:53,841 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 6 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 36 treesize of output 68 [2018-11-23 11:24:53,843 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:53,891 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:53,920 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:53,947 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:53,974 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:54,028 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 45 treesize of output 36 [2018-11-23 11:24:54,040 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:54,042 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:54,045 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:54,047 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:54,051 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:54,053 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:24:54,067 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 6 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 36 treesize of output 68 [2018-11-23 11:24:54,069 INFO L267 ElimStorePlain]: Start of recursive call 8: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:54,089 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:54,110 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:54,111 INFO L202 ElimStorePlain]: Needed 8 recursive calls to eliminate 2 variables, input treesize:59, output treesize:33 [2018-11-23 11:24:54,376 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:24:54,376 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_141|, |v_#memory_int_140|]. (let ((.cse1 (select |v_#memory_int_140| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= |v_#memory_int_140| (store |v_#memory_int_141| dll_create_~new_head~0.base (let ((.cse0 (bvadd dll_create_~new_head~0.offset (_ bv4 32)))) (store (store (store (store (select |v_#memory_int_141| dll_create_~new_head~0.base) dll_create_~new_head~0.offset (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv8 32)) (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) (_ bv0 32)) .cse0 (select .cse1 .cse0))))) (= (store |v_#memory_int_140| dll_create_~new_head~0.base (let ((.cse2 (bvadd dll_create_~new_head~0.offset (_ bv12 32)))) (store .cse1 .cse2 (select (select |#memory_int| dll_create_~new_head~0.base) .cse2)))) |#memory_int|) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))) [2018-11-23 11:24:54,376 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))) [2018-11-23 11:24:54,442 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 45 treesize of output 46 [2018-11-23 11:24:54,449 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 1 [2018-11-23 11:24:54,450 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:54,461 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:54,487 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:54,488 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:52, output treesize:29 [2018-11-23 11:24:54,502 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:24:54,502 WARN L384 uantifierElimination]: Input elimination task: ∃ [dll_create_~head~0.base, dll_create_~head~0.offset, |v_#memory_int_142|]. (let ((.cse1 (select |v_#memory_int_142| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (store |v_#memory_int_142| dll_create_~head~0.base (let ((.cse0 (bvadd dll_create_~head~0.offset (_ bv12 32)))) (store (select |v_#memory_int_142| dll_create_~head~0.base) .cse0 (select (select |#memory_int| dll_create_~head~0.base) .cse0)))) |#memory_int|) (= (select .cse1 (bvadd dll_create_~new_head~0.offset (_ bv16 32))) (_ bv0 32)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)) (= (_ bv0 32) (select .cse1 dll_create_~new_head~0.offset)) (= (select .cse1 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)))) [2018-11-23 11:24:54,502 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| dll_create_~new_head~0.base))) (and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select .cse0 (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select .cse0 dll_create_~new_head~0.offset)))) [2018-11-23 11:24:54,838 WARN L180 SmtUtils]: Spent 112.00 ms on a formula simplification that was a NOOP. DAG size: 17 [2018-11-23 11:24:55,214 INFO L256 TraceCheckUtils]: 0: Hoare triple {4654#true} call ULTIMATE.init(); {4654#true} is VALID [2018-11-23 11:24:55,215 INFO L273 TraceCheckUtils]: 1: Hoare triple {4654#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {4654#true} is VALID [2018-11-23 11:24:55,215 INFO L273 TraceCheckUtils]: 2: Hoare triple {4654#true} assume true; {4654#true} is VALID [2018-11-23 11:24:55,215 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {4654#true} {4654#true} #110#return; {4654#true} is VALID [2018-11-23 11:24:55,215 INFO L256 TraceCheckUtils]: 4: Hoare triple {4654#true} call #t~ret18 := main(); {4654#true} is VALID [2018-11-23 11:24:55,215 INFO L273 TraceCheckUtils]: 5: Hoare triple {4654#true} ~len~0 := 5bv32; {4654#true} is VALID [2018-11-23 11:24:55,215 INFO L256 TraceCheckUtils]: 6: Hoare triple {4654#true} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {4654#true} is VALID [2018-11-23 11:24:55,215 INFO L273 TraceCheckUtils]: 7: Hoare triple {4654#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {4654#true} is VALID [2018-11-23 11:24:55,215 INFO L273 TraceCheckUtils]: 8: Hoare triple {4654#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4654#true} is VALID [2018-11-23 11:24:55,216 INFO L273 TraceCheckUtils]: 9: Hoare triple {4654#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4654#true} is VALID [2018-11-23 11:24:55,216 INFO L273 TraceCheckUtils]: 10: Hoare triple {4654#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4654#true} is VALID [2018-11-23 11:24:55,216 INFO L273 TraceCheckUtils]: 11: Hoare triple {4654#true} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {4654#true} is VALID [2018-11-23 11:24:55,216 INFO L273 TraceCheckUtils]: 12: Hoare triple {4654#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4654#true} is VALID [2018-11-23 11:24:55,216 INFO L273 TraceCheckUtils]: 13: Hoare triple {4654#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4654#true} is VALID [2018-11-23 11:24:55,216 INFO L273 TraceCheckUtils]: 14: Hoare triple {4654#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4654#true} is VALID [2018-11-23 11:24:55,216 INFO L273 TraceCheckUtils]: 15: Hoare triple {4654#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4654#true} is VALID [2018-11-23 11:24:55,216 INFO L273 TraceCheckUtils]: 16: Hoare triple {4654#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4654#true} is VALID [2018-11-23 11:24:55,217 INFO L273 TraceCheckUtils]: 17: Hoare triple {4654#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4654#true} is VALID [2018-11-23 11:24:55,217 INFO L273 TraceCheckUtils]: 18: Hoare triple {4654#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4654#true} is VALID [2018-11-23 11:24:55,217 INFO L273 TraceCheckUtils]: 19: Hoare triple {4654#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4654#true} is VALID [2018-11-23 11:24:55,217 INFO L273 TraceCheckUtils]: 20: Hoare triple {4654#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4654#true} is VALID [2018-11-23 11:24:55,217 INFO L273 TraceCheckUtils]: 21: Hoare triple {4654#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4654#true} is VALID [2018-11-23 11:24:55,217 INFO L273 TraceCheckUtils]: 22: Hoare triple {4654#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4654#true} is VALID [2018-11-23 11:24:55,218 INFO L273 TraceCheckUtils]: 23: Hoare triple {4654#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:55,218 INFO L273 TraceCheckUtils]: 24: Hoare triple {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:55,219 INFO L273 TraceCheckUtils]: 25: Hoare triple {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:55,219 INFO L273 TraceCheckUtils]: 26: Hoare triple {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:55,220 INFO L273 TraceCheckUtils]: 27: Hoare triple {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4741#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:24:55,221 INFO L273 TraceCheckUtils]: 28: Hoare triple {4741#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4745#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:24:55,221 INFO L273 TraceCheckUtils]: 29: Hoare triple {4745#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4745#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:24:55,242 INFO L273 TraceCheckUtils]: 30: Hoare triple {4745#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4752#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} is VALID [2018-11-23 11:24:55,244 INFO L273 TraceCheckUtils]: 31: Hoare triple {4752#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= dll_create_~new_head~0.base dll_create_~head~0.base)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4756#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} is VALID [2018-11-23 11:24:55,246 INFO L273 TraceCheckUtils]: 32: Hoare triple {4756#(and (= (_ bv0 32) dll_create_~new_head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv16 32)))) (= (select (select |#memory_int| dll_create_~new_head~0.base) (bvadd dll_create_~new_head~0.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4760#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:24:55,246 INFO L273 TraceCheckUtils]: 33: Hoare triple {4760#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} assume !~bvsgt32(~len, 0bv32); {4760#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:24:55,248 INFO L273 TraceCheckUtils]: 34: Hoare triple {4760#(and (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv16 32)))) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset)) (= (_ bv0 32) dll_create_~head~0.offset) (= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv8 32)))))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {4767#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} is VALID [2018-11-23 11:24:55,249 INFO L273 TraceCheckUtils]: 35: Hoare triple {4767#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} assume true; {4767#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} is VALID [2018-11-23 11:24:55,251 INFO L268 TraceCheckUtils]: 36: Hoare quadruple {4767#(and (= (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv16 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|)) (= |dll_create_#res.offset| (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) (bvadd |dll_create_#res.offset| (_ bv8 32)))))} {4654#true} #114#return; {4774#(and (= (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv16 32))) (_ bv0 32)) (= (select (select |#memory_int| |main_#t~ret4.base|) |main_#t~ret4.offset|) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv8 32)))) (= (_ bv0 32) |main_#t~ret4.offset|))} is VALID [2018-11-23 11:24:55,253 INFO L273 TraceCheckUtils]: 37: Hoare triple {4774#(and (= (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv16 32))) (_ bv0 32)) (= (select (select |#memory_int| |main_#t~ret4.base|) |main_#t~ret4.offset|) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| |main_#t~ret4.base|) (bvadd |main_#t~ret4.offset| (_ bv8 32)))) (= (_ bv0 32) |main_#t~ret4.offset|))} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {4778#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32)))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:24:55,253 INFO L273 TraceCheckUtils]: 38: Hoare triple {4778#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32)))) (= (_ bv0 32) main_~head~1.offset))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {4778#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32)))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:24:55,254 INFO L273 TraceCheckUtils]: 39: Hoare triple {4778#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32)))) (= (_ bv0 32) main_~head~1.offset))} assume !(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset; {4778#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32)))) (= (_ bv0 32) main_~head~1.offset))} is VALID [2018-11-23 11:24:55,255 INFO L273 TraceCheckUtils]: 40: Hoare triple {4778#(and (= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32)) (= (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv8 32))) (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_int| main_~head~1.base) (bvadd main_~head~1.offset (_ bv16 32)))) (= (_ bv0 32) main_~head~1.offset))} assume !!(~head~1.base != 0bv32 || ~head~1.offset != 0bv32);call #t~mem12.base, #t~mem12.offset := read~$Pointer$(~head~1.base, ~bvadd32(12bv32, ~head~1.offset), 4bv32);~temp~0.base, ~temp~0.offset := #t~mem12.base, #t~mem12.offset;havoc #t~mem12.base, #t~mem12.offset;call #t~mem13 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short15 := 0bv32 != #t~mem13; {4788#(not |main_#t~short15|)} is VALID [2018-11-23 11:24:55,255 INFO L273 TraceCheckUtils]: 41: Hoare triple {4788#(not |main_#t~short15|)} assume #t~short15; {4655#false} is VALID [2018-11-23 11:24:55,255 INFO L273 TraceCheckUtils]: 42: Hoare triple {4655#false} #t~short17 := #t~short15; {4655#false} is VALID [2018-11-23 11:24:55,255 INFO L273 TraceCheckUtils]: 43: Hoare triple {4655#false} assume #t~short17; {4655#false} is VALID [2018-11-23 11:24:55,256 INFO L273 TraceCheckUtils]: 44: Hoare triple {4655#false} assume #t~short17;havoc #t~mem16;havoc #t~short15;havoc #t~mem14;havoc #t~mem13;havoc #t~short17; {4655#false} is VALID [2018-11-23 11:24:55,256 INFO L273 TraceCheckUtils]: 45: Hoare triple {4655#false} assume !false; {4655#false} is VALID [2018-11-23 11:24:55,261 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 32 proven. 5 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2018-11-23 11:24:55,261 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:24:55,969 WARN L180 SmtUtils]: Spent 623.00 ms on a formula simplification that was a NOOP. DAG size: 64 [2018-11-23 11:24:56,534 WARN L180 SmtUtils]: Spent 563.00 ms on a formula simplification that was a NOOP. DAG size: 58 [2018-11-23 11:24:57,088 WARN L180 SmtUtils]: Spent 550.00 ms on a formula simplification that was a NOOP. DAG size: 62 [2018-11-23 11:24:57,849 WARN L180 SmtUtils]: Spent 760.00 ms on a formula simplification that was a NOOP. DAG size: 62 [2018-11-23 11:24:58,040 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:24:58,048 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:24:58,054 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:24:58,054 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:28, output treesize:17 [2018-11-23 11:24:58,075 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:24:58,076 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_162|, dll_create_~head~0.offset]. (or (not (= |v_#memory_int_162| (store |#memory_int| dll_create_~head~0.base (let ((.cse0 (bvadd dll_create_~head~0.offset (_ bv12 32)))) (store (select |#memory_int| dll_create_~head~0.base) .cse0 (select (select |v_#memory_int_162| dll_create_~head~0.base) .cse0)))))) (= (_ bv0 32) (select (select |v_#memory_int_162| dll_create_~new_head~0.base) dll_create_~new_head~0.offset))) [2018-11-23 11:24:58,076 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [dll_create_~head~0.offset, v_DerPreprocessor_24]. (= (_ bv0 32) (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_24)) dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) [2018-11-23 11:24:58,884 WARN L180 SmtUtils]: Spent 231.00 ms on a formula simplification. DAG size of input: 45 DAG size of output: 41 [2018-11-23 11:24:58,909 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 33 treesize of output 30 [2018-11-23 11:24:58,920 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 34 [2018-11-23 11:24:58,933 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:58,934 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 34 treesize of output 42 [2018-11-23 11:24:58,943 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:58,944 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:58,944 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:58,945 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 57 [2018-11-23 11:24:58,962 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:58,962 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:58,963 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:58,963 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:58,964 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:58,964 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:58,988 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 6 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 40 treesize of output 65 [2018-11-23 11:24:58,990 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:59,036 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:59,065 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:59,092 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:59,117 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:59,183 INFO L267 ElimStorePlain]: Start of recursive call 8: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:59,186 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:59,225 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 23 [2018-11-23 11:24:59,232 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:59,233 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:59,233 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:24:59,234 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 3 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 18 [2018-11-23 11:24:59,245 INFO L267 ElimStorePlain]: Start of recursive call 10: End of recursive call: and 1 xjuncts. [2018-11-23 11:24:59,248 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:59,268 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:24:59,268 INFO L202 ElimStorePlain]: Needed 10 recursive calls to eliminate 5 variables, input treesize:71, output treesize:4 [2018-11-23 11:24:59,388 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:24:59,388 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_163|, dll_create_~head~0.offset, v_DerPreprocessor_24, |#memory_int|, |v_#memory_int_140|]. (let ((.cse1 (select |v_#memory_int_140| dll_create_~new_head~0.base))) (or (not (= |v_#memory_int_140| (store |#memory_int| dll_create_~new_head~0.base (let ((.cse0 (bvadd dll_create_~new_head~0.offset (_ bv4 32)))) (store (store (store (store (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv8 32)) (_ bv0 32)) (bvadd dll_create_~new_head~0.offset (_ bv16 32)) (_ bv0 32)) .cse0 (select .cse1 .cse0)))))) (= (_ bv0 32) (select (select (store |v_#memory_int_163| dll_create_~head~0.base (store (select |v_#memory_int_163| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_24)) dll_create_~new_head~0.base) dll_create_~new_head~0.offset)) (not (= (store |v_#memory_int_140| dll_create_~new_head~0.base (let ((.cse2 (bvadd dll_create_~new_head~0.offset (_ bv12 32)))) (store .cse1 .cse2 (select (select |v_#memory_int_163| dll_create_~new_head~0.base) .cse2)))) |v_#memory_int_163|)))) [2018-11-23 11:24:59,388 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ []. (not (= dll_create_~new_head~0.base dll_create_~head~0.base)) [2018-11-23 11:24:59,459 INFO L273 TraceCheckUtils]: 45: Hoare triple {4655#false} assume !false; {4655#false} is VALID [2018-11-23 11:24:59,459 INFO L273 TraceCheckUtils]: 44: Hoare triple {4655#false} assume #t~short17;havoc #t~mem16;havoc #t~short15;havoc #t~mem14;havoc #t~mem13;havoc #t~short17; {4655#false} is VALID [2018-11-23 11:24:59,459 INFO L273 TraceCheckUtils]: 43: Hoare triple {4655#false} assume #t~short17; {4655#false} is VALID [2018-11-23 11:24:59,460 INFO L273 TraceCheckUtils]: 42: Hoare triple {4655#false} #t~short17 := #t~short15; {4655#false} is VALID [2018-11-23 11:24:59,460 INFO L273 TraceCheckUtils]: 41: Hoare triple {4788#(not |main_#t~short15|)} assume #t~short15; {4655#false} is VALID [2018-11-23 11:24:59,461 INFO L273 TraceCheckUtils]: 40: Hoare triple {4819#(= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32))} assume !!(~head~1.base != 0bv32 || ~head~1.offset != 0bv32);call #t~mem12.base, #t~mem12.offset := read~$Pointer$(~head~1.base, ~bvadd32(12bv32, ~head~1.offset), 4bv32);~temp~0.base, ~temp~0.offset := #t~mem12.base, #t~mem12.offset;havoc #t~mem12.base, #t~mem12.offset;call #t~mem13 := read~intINTTYPE4(~head~1.base, ~head~1.offset, 4bv32);#t~short15 := 0bv32 != #t~mem13; {4788#(not |main_#t~short15|)} is VALID [2018-11-23 11:24:59,462 INFO L273 TraceCheckUtils]: 39: Hoare triple {4819#(= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32))} assume !(#t~mem11.base != 0bv32 || #t~mem11.offset != 0bv32);havoc #t~mem11.base, #t~mem11.offset; {4819#(= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32))} is VALID [2018-11-23 11:24:59,462 INFO L273 TraceCheckUtils]: 38: Hoare triple {4819#(= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~head~1.base, ~bvadd32(4bv32, ~head~1.offset), 4bv32); {4819#(= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32))} is VALID [2018-11-23 11:24:59,480 INFO L273 TraceCheckUtils]: 37: Hoare triple {4829#(= (select (select |#memory_int| |main_#t~ret4.base|) |main_#t~ret4.offset|) (_ bv0 32))} ~head~1.base, ~head~1.offset := #t~ret4.base, #t~ret4.offset;havoc #t~ret4.base, #t~ret4.offset; {4819#(= (select (select |#memory_int| main_~head~1.base) main_~head~1.offset) (_ bv0 32))} is VALID [2018-11-23 11:24:59,485 INFO L268 TraceCheckUtils]: 36: Hoare quadruple {4836#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|))} {4654#true} #114#return; {4829#(= (select (select |#memory_int| |main_#t~ret4.base|) |main_#t~ret4.offset|) (_ bv0 32))} is VALID [2018-11-23 11:24:59,486 INFO L273 TraceCheckUtils]: 35: Hoare triple {4836#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|))} assume true; {4836#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|))} is VALID [2018-11-23 11:24:59,486 INFO L273 TraceCheckUtils]: 34: Hoare triple {4843#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset))} #res.base, #res.offset := ~head~0.base, ~head~0.offset; {4836#(= (_ bv0 32) (select (select |#memory_int| |dll_create_#res.base|) |dll_create_#res.offset|))} is VALID [2018-11-23 11:24:59,487 INFO L273 TraceCheckUtils]: 33: Hoare triple {4843#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset))} assume !~bvsgt32(~len, 0bv32); {4843#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset))} is VALID [2018-11-23 11:24:59,488 INFO L273 TraceCheckUtils]: 32: Hoare triple {4850#(= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4843#(= (_ bv0 32) (select (select |#memory_int| dll_create_~head~0.base) dll_create_~head~0.offset))} is VALID [2018-11-23 11:24:59,491 INFO L273 TraceCheckUtils]: 31: Hoare triple {4854#(forall ((dll_create_~head~0.offset (_ BitVec 32)) (v_DerPreprocessor_24 (_ BitVec 32))) (= (_ bv0 32) (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_24)) dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4850#(= (_ bv0 32) (select (select |#memory_int| dll_create_~new_head~0.base) dll_create_~new_head~0.offset))} is VALID [2018-11-23 11:24:59,495 INFO L273 TraceCheckUtils]: 30: Hoare triple {4858#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4854#(forall ((dll_create_~head~0.offset (_ BitVec 32)) (v_DerPreprocessor_24 (_ BitVec 32))) (= (_ bv0 32) (select (select (store |#memory_int| dll_create_~head~0.base (store (select |#memory_int| dll_create_~head~0.base) (bvadd dll_create_~head~0.offset (_ bv12 32)) v_DerPreprocessor_24)) dll_create_~new_head~0.base) dll_create_~new_head~0.offset)))} is VALID [2018-11-23 11:24:59,496 INFO L273 TraceCheckUtils]: 29: Hoare triple {4858#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4858#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} is VALID [2018-11-23 11:24:59,497 INFO L273 TraceCheckUtils]: 28: Hoare triple {4741#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4858#(not (= dll_create_~new_head~0.base dll_create_~head~0.base))} is VALID [2018-11-23 11:24:59,498 INFO L273 TraceCheckUtils]: 27: Hoare triple {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4741#(= (bvadd (select |#valid| dll_create_~head~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2018-11-23 11:24:59,498 INFO L273 TraceCheckUtils]: 26: Hoare triple {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:59,499 INFO L273 TraceCheckUtils]: 25: Hoare triple {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:59,499 INFO L273 TraceCheckUtils]: 24: Hoare triple {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:59,500 INFO L273 TraceCheckUtils]: 23: Hoare triple {4654#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4728#(= (_ bv1 1) (select |#valid| dll_create_~new_head~0.base))} is VALID [2018-11-23 11:24:59,501 INFO L273 TraceCheckUtils]: 22: Hoare triple {4654#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4654#true} is VALID [2018-11-23 11:24:59,501 INFO L273 TraceCheckUtils]: 21: Hoare triple {4654#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4654#true} is VALID [2018-11-23 11:24:59,501 INFO L273 TraceCheckUtils]: 20: Hoare triple {4654#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4654#true} is VALID [2018-11-23 11:24:59,501 INFO L273 TraceCheckUtils]: 19: Hoare triple {4654#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4654#true} is VALID [2018-11-23 11:24:59,501 INFO L273 TraceCheckUtils]: 18: Hoare triple {4654#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4654#true} is VALID [2018-11-23 11:24:59,502 INFO L273 TraceCheckUtils]: 17: Hoare triple {4654#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4654#true} is VALID [2018-11-23 11:24:59,502 INFO L273 TraceCheckUtils]: 16: Hoare triple {4654#true} assume ~head~0.base != 0bv32 || ~head~0.offset != 0bv32;call write~$Pointer$(~new_head~0.base, ~new_head~0.offset, ~head~0.base, ~bvadd32(12bv32, ~head~0.offset), 4bv32); {4654#true} is VALID [2018-11-23 11:24:59,502 INFO L273 TraceCheckUtils]: 15: Hoare triple {4654#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4654#true} is VALID [2018-11-23 11:24:59,502 INFO L273 TraceCheckUtils]: 14: Hoare triple {4654#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4654#true} is VALID [2018-11-23 11:24:59,502 INFO L273 TraceCheckUtils]: 13: Hoare triple {4654#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4654#true} is VALID [2018-11-23 11:24:59,503 INFO L273 TraceCheckUtils]: 12: Hoare triple {4654#true} ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset;#t~post3 := ~len;~len := ~bvsub32(#t~post3, 1bv32);havoc #t~post3; {4654#true} is VALID [2018-11-23 11:24:59,503 INFO L273 TraceCheckUtils]: 11: Hoare triple {4654#true} assume !(~head~0.base != 0bv32 || ~head~0.offset != 0bv32); {4654#true} is VALID [2018-11-23 11:24:59,503 INFO L273 TraceCheckUtils]: 10: Hoare triple {4654#true} call write~intINTTYPE4(0bv32, ~new_head~0.base, ~new_head~0.offset, 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(8bv32, ~new_head~0.offset), 4bv32);call write~intINTTYPE4(0bv32, ~new_head~0.base, ~bvadd32(16bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~bvadd32(4bv32, ~new_head~0.offset), 4bv32);call write~$Pointer$(0bv32, 0bv32, ~new_head~0.base, ~bvadd32(12bv32, ~new_head~0.offset), 4bv32); {4654#true} is VALID [2018-11-23 11:24:59,503 INFO L273 TraceCheckUtils]: 9: Hoare triple {4654#true} assume !(0bv32 == ~new_head~0.base && 0bv32 == ~new_head~0.offset); {4654#true} is VALID [2018-11-23 11:24:59,503 INFO L273 TraceCheckUtils]: 8: Hoare triple {4654#true} assume !!~bvsgt32(~len, 0bv32);call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(20bv32);~new_head~0.base, ~new_head~0.offset := #t~malloc2.base, #t~malloc2.offset; {4654#true} is VALID [2018-11-23 11:24:59,503 INFO L273 TraceCheckUtils]: 7: Hoare triple {4654#true} ~len := #in~len;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {4654#true} is VALID [2018-11-23 11:24:59,504 INFO L256 TraceCheckUtils]: 6: Hoare triple {4654#true} call #t~ret4.base, #t~ret4.offset := dll_create(~len~0); {4654#true} is VALID [2018-11-23 11:24:59,504 INFO L273 TraceCheckUtils]: 5: Hoare triple {4654#true} ~len~0 := 5bv32; {4654#true} is VALID [2018-11-23 11:24:59,504 INFO L256 TraceCheckUtils]: 4: Hoare triple {4654#true} call #t~ret18 := main(); {4654#true} is VALID [2018-11-23 11:24:59,504 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {4654#true} {4654#true} #110#return; {4654#true} is VALID [2018-11-23 11:24:59,504 INFO L273 TraceCheckUtils]: 2: Hoare triple {4654#true} assume true; {4654#true} is VALID [2018-11-23 11:24:59,504 INFO L273 TraceCheckUtils]: 1: Hoare triple {4654#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {4654#true} is VALID [2018-11-23 11:24:59,504 INFO L256 TraceCheckUtils]: 0: Hoare triple {4654#true} call ULTIMATE.init(); {4654#true} is VALID [2018-11-23 11:24:59,506 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 32 proven. 5 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2018-11-23 11:24:59,509 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:24:59,510 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 12] total 19 [2018-11-23 11:24:59,510 INFO L78 Accepts]: Start accepts. Automaton has 19 states. Word has length 46 [2018-11-23 11:24:59,511 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:24:59,511 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 19 states. [2018-11-23 11:24:59,588 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 50 edges. 50 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:24:59,588 INFO L459 AbstractCegarLoop]: Interpolant automaton has 19 states [2018-11-23 11:24:59,589 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 19 interpolants. [2018-11-23 11:24:59,589 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=48, Invalid=294, Unknown=0, NotChecked=0, Total=342 [2018-11-23 11:24:59,589 INFO L87 Difference]: Start difference. First operand 60 states and 72 transitions. Second operand 19 states.