java -ea -Xmx8000000000 -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc ../../../trunk/examples/toolchains/AutomizerCInline_WitnessPrinter.xml -s ../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf -i ../../../trunk/examples/svcomp/ldv-regression/ex3_forlist_true-termination.c_true-unreach-call.i -------------------------------------------------------------------------------- This is Ultimate 0.1.23-61f4311 [2018-11-23 11:06:27,592 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-11-23 11:06:27,594 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-11-23 11:06:27,609 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-11-23 11:06:27,609 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-11-23 11:06:27,610 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-11-23 11:06:27,611 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-11-23 11:06:27,613 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-11-23 11:06:27,615 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-11-23 11:06:27,616 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-11-23 11:06:27,617 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-11-23 11:06:27,617 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-11-23 11:06:27,618 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2018-11-23 11:06:27,619 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-11-23 11:06:27,620 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2018-11-23 11:06:27,621 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-11-23 11:06:27,622 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-11-23 11:06:27,624 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-11-23 11:06:27,626 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-11-23 11:06:27,628 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-11-23 11:06:27,629 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-11-23 11:06:27,630 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-11-23 11:06:27,634 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-11-23 11:06:27,635 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-11-23 11:06:27,635 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2018-11-23 11:06:27,638 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-11-23 11:06:27,639 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-11-23 11:06:27,640 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2018-11-23 11:06:27,646 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-11-23 11:06:27,647 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-11-23 11:06:27,647 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-11-23 11:06:27,648 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-11-23 11:06:27,648 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2018-11-23 11:06:27,648 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2018-11-23 11:06:27,649 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-11-23 11:06:27,652 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-11-23 11:06:27,652 INFO L98 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf [2018-11-23 11:06:27,676 INFO L110 SettingsManager]: Loading preferences was successful [2018-11-23 11:06:27,676 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-11-23 11:06:27,677 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-11-23 11:06:27,678 INFO L133 SettingsManager]: * ... calls to implemented procedures=ONLY_FOR_CONCURRENT_PROGRAMS [2018-11-23 11:06:27,678 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2018-11-23 11:06:27,678 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2018-11-23 11:06:27,679 INFO L133 SettingsManager]: * Use SBE=true [2018-11-23 11:06:27,679 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-11-23 11:06:27,679 INFO L133 SettingsManager]: * sizeof long=4 [2018-11-23 11:06:27,679 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-11-23 11:06:27,679 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-11-23 11:06:27,680 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2018-11-23 11:06:27,680 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-11-23 11:06:27,680 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2018-11-23 11:06:27,680 INFO L133 SettingsManager]: * Use bitvectors instead of ints=true [2018-11-23 11:06:27,681 INFO L133 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2018-11-23 11:06:27,681 INFO L133 SettingsManager]: * sizeof long double=12 [2018-11-23 11:06:27,681 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2018-11-23 11:06:27,681 INFO L133 SettingsManager]: * Use constant arrays=true [2018-11-23 11:06:27,681 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2018-11-23 11:06:27,682 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-11-23 11:06:27,682 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-11-23 11:06:27,682 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-11-23 11:06:27,682 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-11-23 11:06:27,682 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:06:27,683 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-11-23 11:06:27,683 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-11-23 11:06:27,683 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-11-23 11:06:27,683 INFO L133 SettingsManager]: * Trace refinement strategy=WOLF [2018-11-23 11:06:27,683 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-11-23 11:06:27,684 INFO L133 SettingsManager]: * Command for external solver=cvc4nyu --tear-down-incremental --rewrite-divk --print-success --lang smt [2018-11-23 11:06:27,684 INFO L133 SettingsManager]: * Logic for external solver=AUFBV [2018-11-23 11:06:27,684 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2018-11-23 11:06:27,743 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-11-23 11:06:27,768 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2018-11-23 11:06:27,773 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2018-11-23 11:06:27,774 INFO L271 PluginConnector]: Initializing CDTParser... [2018-11-23 11:06:27,775 INFO L276 PluginConnector]: CDTParser initialized [2018-11-23 11:06:27,776 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/ldv-regression/ex3_forlist_true-termination.c_true-unreach-call.i [2018-11-23 11:06:27,844 INFO L221 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/6c7267ebf/3db86e5e51034d9fb66cf62178dd783b/FLAGdd9e4595c [2018-11-23 11:06:28,262 INFO L307 CDTParser]: Found 1 translation units. [2018-11-23 11:06:28,262 INFO L161 CDTParser]: Scanning /storage/repos/ultimate/trunk/examples/svcomp/ldv-regression/ex3_forlist_true-termination.c_true-unreach-call.i [2018-11-23 11:06:28,268 INFO L355 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/6c7267ebf/3db86e5e51034d9fb66cf62178dd783b/FLAGdd9e4595c [2018-11-23 11:06:28,682 INFO L363 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/6c7267ebf/3db86e5e51034d9fb66cf62178dd783b [2018-11-23 11:06:28,691 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-11-23 11:06:28,693 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2018-11-23 11:06:28,694 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-11-23 11:06:28,694 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-11-23 11:06:28,698 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-11-23 11:06:28,699 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:06:28" (1/1) ... [2018-11-23 11:06:28,702 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4af6e8d2 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:28, skipping insertion in model container [2018-11-23 11:06:28,702 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:06:28" (1/1) ... [2018-11-23 11:06:28,713 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2018-11-23 11:06:28,744 INFO L176 MainTranslator]: Built tables and reachable declarations [2018-11-23 11:06:29,031 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:06:29,041 INFO L191 MainTranslator]: Completed pre-run [2018-11-23 11:06:29,072 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:06:29,104 INFO L195 MainTranslator]: Completed translation [2018-11-23 11:06:29,104 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29 WrapperNode [2018-11-23 11:06:29,105 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-11-23 11:06:29,106 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2018-11-23 11:06:29,106 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2018-11-23 11:06:29,106 INFO L276 PluginConnector]: Boogie Procedure Inliner initialized [2018-11-23 11:06:29,116 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29" (1/1) ... [2018-11-23 11:06:29,129 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29" (1/1) ... [2018-11-23 11:06:29,141 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2018-11-23 11:06:29,142 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-11-23 11:06:29,142 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-11-23 11:06:29,142 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-11-23 11:06:29,153 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29" (1/1) ... [2018-11-23 11:06:29,154 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29" (1/1) ... [2018-11-23 11:06:29,159 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29" (1/1) ... [2018-11-23 11:06:29,166 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29" (1/1) ... [2018-11-23 11:06:29,311 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29" (1/1) ... [2018-11-23 11:06:29,325 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29" (1/1) ... [2018-11-23 11:06:29,331 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29" (1/1) ... [2018-11-23 11:06:29,337 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-11-23 11:06:29,337 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-11-23 11:06:29,338 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-11-23 11:06:29,338 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-11-23 11:06:29,339 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:06:29,395 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2018-11-23 11:06:29,396 INFO L130 BoogieDeclarations]: Found specification of procedure malloc [2018-11-23 11:06:29,396 INFO L138 BoogieDeclarations]: Found implementation of procedure malloc [2018-11-23 11:06:29,396 INFO L130 BoogieDeclarations]: Found specification of procedure init [2018-11-23 11:06:29,396 INFO L138 BoogieDeclarations]: Found implementation of procedure init [2018-11-23 11:06:29,396 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$ [2018-11-23 11:06:29,396 INFO L130 BoogieDeclarations]: Found specification of procedure f [2018-11-23 11:06:29,398 INFO L138 BoogieDeclarations]: Found implementation of procedure f [2018-11-23 11:06:29,398 INFO L130 BoogieDeclarations]: Found specification of procedure g [2018-11-23 11:06:29,399 INFO L138 BoogieDeclarations]: Found implementation of procedure g [2018-11-23 11:06:29,399 INFO L130 BoogieDeclarations]: Found specification of procedure __blast_assert [2018-11-23 11:06:29,399 INFO L138 BoogieDeclarations]: Found implementation of procedure __blast_assert [2018-11-23 11:06:29,399 INFO L130 BoogieDeclarations]: Found specification of procedure main [2018-11-23 11:06:29,399 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2018-11-23 11:06:29,399 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~intINTTYPE4 [2018-11-23 11:06:29,400 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2018-11-23 11:06:29,400 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-11-23 11:06:29,400 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-11-23 11:06:29,400 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-11-23 11:06:29,400 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE4 [2018-11-23 11:06:29,400 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-11-23 11:06:29,400 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-11-23 11:06:29,400 INFO L130 BoogieDeclarations]: Found specification of procedure write~intINTTYPE4 [2018-11-23 11:06:30,449 INFO L275 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-11-23 11:06:30,450 INFO L280 CfgBuilder]: Removed 3 assue(true) statements. [2018-11-23 11:06:30,450 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:06:30 BoogieIcfgContainer [2018-11-23 11:06:30,450 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-11-23 11:06:30,451 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2018-11-23 11:06:30,451 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2018-11-23 11:06:30,455 INFO L276 PluginConnector]: TraceAbstraction initialized [2018-11-23 11:06:30,455 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 23.11 11:06:28" (1/3) ... [2018-11-23 11:06:30,456 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@76bf35ae and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:06:30, skipping insertion in model container [2018-11-23 11:06:30,456 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:06:29" (2/3) ... [2018-11-23 11:06:30,457 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@76bf35ae and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:06:30, skipping insertion in model container [2018-11-23 11:06:30,457 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:06:30" (3/3) ... [2018-11-23 11:06:30,459 INFO L112 eAbstractionObserver]: Analyzing ICFG ex3_forlist_true-termination.c_true-unreach-call.i [2018-11-23 11:06:30,470 INFO L156 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2018-11-23 11:06:30,479 INFO L168 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2018-11-23 11:06:30,497 INFO L257 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2018-11-23 11:06:30,531 INFO L133 ementStrategyFactory]: Using default assertion order modulation [2018-11-23 11:06:30,532 INFO L382 AbstractCegarLoop]: Interprodecural is true [2018-11-23 11:06:30,532 INFO L383 AbstractCegarLoop]: Hoare is true [2018-11-23 11:06:30,532 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2018-11-23 11:06:30,532 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2018-11-23 11:06:30,533 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2018-11-23 11:06:30,533 INFO L387 AbstractCegarLoop]: Difference is false [2018-11-23 11:06:30,533 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2018-11-23 11:06:30,533 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2018-11-23 11:06:30,552 INFO L276 IsEmpty]: Start isEmpty. Operand 48 states. [2018-11-23 11:06:30,559 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2018-11-23 11:06:30,559 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:06:30,560 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:06:30,563 INFO L423 AbstractCegarLoop]: === Iteration 1 === [__blast_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:06:30,569 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:06:30,569 INFO L82 PathProgramCache]: Analyzing trace with hash 2077048382, now seen corresponding path program 1 times [2018-11-23 11:06:30,573 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:06:30,574 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:06:30,592 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:06:30,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:06:30,724 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:06:30,730 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:06:30,927 INFO L256 TraceCheckUtils]: 0: Hoare triple {51#true} call ULTIMATE.init(); {51#true} is VALID [2018-11-23 11:06:30,931 INFO L273 TraceCheckUtils]: 1: Hoare triple {51#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];call ~#pp~0.base, ~#pp~0.offset := #Ultimate.alloc(8bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~#pp~0.offset, 4bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(4bv32, ~#pp~0.offset), 4bv32);call ~#pstate~0.base, ~#pstate~0.offset := #Ultimate.alloc(8bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~#pstate~0.offset, 4bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(4bv32, ~#pstate~0.offset), 4bv32);~counter~0 := 1bv32; {51#true} is VALID [2018-11-23 11:06:30,931 INFO L273 TraceCheckUtils]: 2: Hoare triple {51#true} assume true; {51#true} is VALID [2018-11-23 11:06:30,932 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {51#true} {51#true} #106#return; {51#true} is VALID [2018-11-23 11:06:30,932 INFO L256 TraceCheckUtils]: 4: Hoare triple {51#true} call #t~ret9 := main(); {51#true} is VALID [2018-11-23 11:06:30,932 INFO L273 TraceCheckUtils]: 5: Hoare triple {51#true} havoc ~a~0.base, ~a~0.offset;havoc ~b~0.base, ~b~0.offset; {51#true} is VALID [2018-11-23 11:06:30,933 INFO L256 TraceCheckUtils]: 6: Hoare triple {51#true} call init(); {51#true} is VALID [2018-11-23 11:06:30,933 INFO L273 TraceCheckUtils]: 7: Hoare triple {51#true} havoc ~i~0;~i~0 := 0bv32; {51#true} is VALID [2018-11-23 11:06:30,933 INFO L273 TraceCheckUtils]: 8: Hoare triple {51#true} assume !~bvslt32(~i~0, 2bv32); {51#true} is VALID [2018-11-23 11:06:30,934 INFO L273 TraceCheckUtils]: 9: Hoare triple {51#true} assume true; {51#true} is VALID [2018-11-23 11:06:30,934 INFO L268 TraceCheckUtils]: 10: Hoare quadruple {51#true} {51#true} #92#return; {51#true} is VALID [2018-11-23 11:06:30,934 INFO L256 TraceCheckUtils]: 11: Hoare triple {51#true} call #t~ret7.base, #t~ret7.offset := malloc(4bv32); {51#true} is VALID [2018-11-23 11:06:30,935 INFO L273 TraceCheckUtils]: 12: Hoare triple {51#true} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {51#true} is VALID [2018-11-23 11:06:30,935 INFO L273 TraceCheckUtils]: 13: Hoare triple {51#true} assume true; {51#true} is VALID [2018-11-23 11:06:30,936 INFO L268 TraceCheckUtils]: 14: Hoare quadruple {51#true} {51#true} #94#return; {51#true} is VALID [2018-11-23 11:06:30,936 INFO L273 TraceCheckUtils]: 15: Hoare triple {51#true} ~a~0.base, ~a~0.offset := #t~ret7.base, #t~ret7.offset;havoc #t~ret7.base, #t~ret7.offset; {51#true} is VALID [2018-11-23 11:06:30,937 INFO L256 TraceCheckUtils]: 16: Hoare triple {51#true} call #t~ret8.base, #t~ret8.offset := malloc(4bv32); {51#true} is VALID [2018-11-23 11:06:30,937 INFO L273 TraceCheckUtils]: 17: Hoare triple {51#true} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {51#true} is VALID [2018-11-23 11:06:30,937 INFO L273 TraceCheckUtils]: 18: Hoare triple {51#true} assume true; {51#true} is VALID [2018-11-23 11:06:30,938 INFO L268 TraceCheckUtils]: 19: Hoare quadruple {51#true} {51#true} #96#return; {51#true} is VALID [2018-11-23 11:06:30,938 INFO L273 TraceCheckUtils]: 20: Hoare triple {51#true} ~b~0.base, ~b~0.offset := #t~ret8.base, #t~ret8.offset;havoc #t~ret8.base, #t~ret8.offset; {51#true} is VALID [2018-11-23 11:06:30,938 INFO L273 TraceCheckUtils]: 21: Hoare triple {51#true} assume !((~a~0.base == 0bv32 && ~a~0.offset == 0bv32) || (~b~0.base == 0bv32 && ~b~0.offset == 0bv32)); {51#true} is VALID [2018-11-23 11:06:30,939 INFO L256 TraceCheckUtils]: 22: Hoare triple {51#true} call f(~a~0.base, ~a~0.offset); {51#true} is VALID [2018-11-23 11:06:30,939 INFO L273 TraceCheckUtils]: 23: Hoare triple {51#true} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {51#true} is VALID [2018-11-23 11:06:30,955 INFO L273 TraceCheckUtils]: 24: Hoare triple {51#true} assume !true; {52#false} is VALID [2018-11-23 11:06:30,955 INFO L273 TraceCheckUtils]: 25: Hoare triple {52#false} assume true; {52#false} is VALID [2018-11-23 11:06:30,956 INFO L268 TraceCheckUtils]: 26: Hoare quadruple {52#false} {51#true} #98#return; {52#false} is VALID [2018-11-23 11:06:30,956 INFO L256 TraceCheckUtils]: 27: Hoare triple {52#false} call f(~b~0.base, ~b~0.offset); {52#false} is VALID [2018-11-23 11:06:30,956 INFO L273 TraceCheckUtils]: 28: Hoare triple {52#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {52#false} is VALID [2018-11-23 11:06:30,957 INFO L273 TraceCheckUtils]: 29: Hoare triple {52#false} assume !true; {52#false} is VALID [2018-11-23 11:06:30,957 INFO L273 TraceCheckUtils]: 30: Hoare triple {52#false} assume true; {52#false} is VALID [2018-11-23 11:06:30,958 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {52#false} {52#false} #100#return; {52#false} is VALID [2018-11-23 11:06:30,958 INFO L256 TraceCheckUtils]: 32: Hoare triple {52#false} call g(~a~0.base, ~a~0.offset); {52#false} is VALID [2018-11-23 11:06:30,958 INFO L273 TraceCheckUtils]: 33: Hoare triple {52#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~2;~i~2 := 0bv32; {52#false} is VALID [2018-11-23 11:06:30,959 INFO L273 TraceCheckUtils]: 34: Hoare triple {52#false} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {52#false} is VALID [2018-11-23 11:06:30,959 INFO L273 TraceCheckUtils]: 35: Hoare triple {52#false} assume #t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset;havoc #t~mem4.base, #t~mem4.offset;call #t~mem5 := read~intINTTYPE4(~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {52#false} is VALID [2018-11-23 11:06:30,959 INFO L273 TraceCheckUtils]: 36: Hoare triple {52#false} assume !(1bv32 == #t~mem5); {52#false} is VALID [2018-11-23 11:06:30,960 INFO L256 TraceCheckUtils]: 37: Hoare triple {52#false} call __blast_assert(); {52#false} is VALID [2018-11-23 11:06:30,960 INFO L273 TraceCheckUtils]: 38: Hoare triple {52#false} assume !false; {52#false} is VALID [2018-11-23 11:06:30,969 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2018-11-23 11:06:30,970 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:06:30,976 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:06:30,976 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2018-11-23 11:06:30,982 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 39 [2018-11-23 11:06:30,988 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:06:30,992 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states. [2018-11-23 11:06:31,077 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:06:31,078 INFO L459 AbstractCegarLoop]: Interpolant automaton has 2 states [2018-11-23 11:06:31,087 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2018-11-23 11:06:31,087 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:06:31,089 INFO L87 Difference]: Start difference. First operand 48 states. Second operand 2 states. [2018-11-23 11:06:31,509 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:31,509 INFO L93 Difference]: Finished difference Result 84 states and 111 transitions. [2018-11-23 11:06:31,509 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2018-11-23 11:06:31,510 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 39 [2018-11-23 11:06:31,510 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:06:31,512 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:06:31,526 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 111 transitions. [2018-11-23 11:06:31,526 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:06:31,535 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 111 transitions. [2018-11-23 11:06:31,535 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 111 transitions. [2018-11-23 11:06:32,617 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 111 edges. 111 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:06:32,631 INFO L225 Difference]: With dead ends: 84 [2018-11-23 11:06:32,631 INFO L226 Difference]: Without dead ends: 41 [2018-11-23 11:06:32,635 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 38 GetRequests, 38 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:06:32,654 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 41 states. [2018-11-23 11:06:32,722 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 41 to 41. [2018-11-23 11:06:32,723 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:06:32,723 INFO L82 GeneralOperation]: Start isEquivalent. First operand 41 states. Second operand 41 states. [2018-11-23 11:06:32,724 INFO L74 IsIncluded]: Start isIncluded. First operand 41 states. Second operand 41 states. [2018-11-23 11:06:32,724 INFO L87 Difference]: Start difference. First operand 41 states. Second operand 41 states. [2018-11-23 11:06:32,732 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:32,733 INFO L93 Difference]: Finished difference Result 41 states and 48 transitions. [2018-11-23 11:06:32,733 INFO L276 IsEmpty]: Start isEmpty. Operand 41 states and 48 transitions. [2018-11-23 11:06:32,735 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:06:32,735 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:06:32,735 INFO L74 IsIncluded]: Start isIncluded. First operand 41 states. Second operand 41 states. [2018-11-23 11:06:32,735 INFO L87 Difference]: Start difference. First operand 41 states. Second operand 41 states. [2018-11-23 11:06:32,750 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:32,750 INFO L93 Difference]: Finished difference Result 41 states and 48 transitions. [2018-11-23 11:06:32,750 INFO L276 IsEmpty]: Start isEmpty. Operand 41 states and 48 transitions. [2018-11-23 11:06:32,751 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:06:32,752 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:06:32,752 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:06:32,752 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:06:32,752 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 41 states. [2018-11-23 11:06:32,761 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 41 states to 41 states and 48 transitions. [2018-11-23 11:06:32,764 INFO L78 Accepts]: Start accepts. Automaton has 41 states and 48 transitions. Word has length 39 [2018-11-23 11:06:32,764 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:06:32,765 INFO L480 AbstractCegarLoop]: Abstraction has 41 states and 48 transitions. [2018-11-23 11:06:32,765 INFO L481 AbstractCegarLoop]: Interpolant automaton has 2 states. [2018-11-23 11:06:32,765 INFO L276 IsEmpty]: Start isEmpty. Operand 41 states and 48 transitions. [2018-11-23 11:06:32,767 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2018-11-23 11:06:32,769 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:06:32,769 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:06:32,769 INFO L423 AbstractCegarLoop]: === Iteration 2 === [__blast_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:06:32,770 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:06:32,770 INFO L82 PathProgramCache]: Analyzing trace with hash 540528926, now seen corresponding path program 1 times [2018-11-23 11:06:32,771 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:06:32,771 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:06:32,793 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:06:32,878 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:06:32,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:06:32,926 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:06:33,081 INFO L256 TraceCheckUtils]: 0: Hoare triple {429#true} call ULTIMATE.init(); {429#true} is VALID [2018-11-23 11:06:33,081 INFO L273 TraceCheckUtils]: 1: Hoare triple {429#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];call ~#pp~0.base, ~#pp~0.offset := #Ultimate.alloc(8bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~#pp~0.offset, 4bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(4bv32, ~#pp~0.offset), 4bv32);call ~#pstate~0.base, ~#pstate~0.offset := #Ultimate.alloc(8bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~#pstate~0.offset, 4bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(4bv32, ~#pstate~0.offset), 4bv32);~counter~0 := 1bv32; {429#true} is VALID [2018-11-23 11:06:33,081 INFO L273 TraceCheckUtils]: 2: Hoare triple {429#true} assume true; {429#true} is VALID [2018-11-23 11:06:33,082 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {429#true} {429#true} #106#return; {429#true} is VALID [2018-11-23 11:06:33,082 INFO L256 TraceCheckUtils]: 4: Hoare triple {429#true} call #t~ret9 := main(); {429#true} is VALID [2018-11-23 11:06:33,083 INFO L273 TraceCheckUtils]: 5: Hoare triple {429#true} havoc ~a~0.base, ~a~0.offset;havoc ~b~0.base, ~b~0.offset; {429#true} is VALID [2018-11-23 11:06:33,083 INFO L256 TraceCheckUtils]: 6: Hoare triple {429#true} call init(); {429#true} is VALID [2018-11-23 11:06:33,085 INFO L273 TraceCheckUtils]: 7: Hoare triple {429#true} havoc ~i~0;~i~0 := 0bv32; {455#(= init_~i~0 (_ bv0 32))} is VALID [2018-11-23 11:06:33,086 INFO L273 TraceCheckUtils]: 8: Hoare triple {455#(= init_~i~0 (_ bv0 32))} assume !~bvslt32(~i~0, 2bv32); {430#false} is VALID [2018-11-23 11:06:33,087 INFO L273 TraceCheckUtils]: 9: Hoare triple {430#false} assume true; {430#false} is VALID [2018-11-23 11:06:33,087 INFO L268 TraceCheckUtils]: 10: Hoare quadruple {430#false} {429#true} #92#return; {430#false} is VALID [2018-11-23 11:06:33,088 INFO L256 TraceCheckUtils]: 11: Hoare triple {430#false} call #t~ret7.base, #t~ret7.offset := malloc(4bv32); {430#false} is VALID [2018-11-23 11:06:33,088 INFO L273 TraceCheckUtils]: 12: Hoare triple {430#false} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {430#false} is VALID [2018-11-23 11:06:33,089 INFO L273 TraceCheckUtils]: 13: Hoare triple {430#false} assume true; {430#false} is VALID [2018-11-23 11:06:33,089 INFO L268 TraceCheckUtils]: 14: Hoare quadruple {430#false} {430#false} #94#return; {430#false} is VALID [2018-11-23 11:06:33,090 INFO L273 TraceCheckUtils]: 15: Hoare triple {430#false} ~a~0.base, ~a~0.offset := #t~ret7.base, #t~ret7.offset;havoc #t~ret7.base, #t~ret7.offset; {430#false} is VALID [2018-11-23 11:06:33,090 INFO L256 TraceCheckUtils]: 16: Hoare triple {430#false} call #t~ret8.base, #t~ret8.offset := malloc(4bv32); {430#false} is VALID [2018-11-23 11:06:33,090 INFO L273 TraceCheckUtils]: 17: Hoare triple {430#false} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {430#false} is VALID [2018-11-23 11:06:33,091 INFO L273 TraceCheckUtils]: 18: Hoare triple {430#false} assume true; {430#false} is VALID [2018-11-23 11:06:33,091 INFO L268 TraceCheckUtils]: 19: Hoare quadruple {430#false} {430#false} #96#return; {430#false} is VALID [2018-11-23 11:06:33,091 INFO L273 TraceCheckUtils]: 20: Hoare triple {430#false} ~b~0.base, ~b~0.offset := #t~ret8.base, #t~ret8.offset;havoc #t~ret8.base, #t~ret8.offset; {430#false} is VALID [2018-11-23 11:06:33,092 INFO L273 TraceCheckUtils]: 21: Hoare triple {430#false} assume !((~a~0.base == 0bv32 && ~a~0.offset == 0bv32) || (~b~0.base == 0bv32 && ~b~0.offset == 0bv32)); {430#false} is VALID [2018-11-23 11:06:33,092 INFO L256 TraceCheckUtils]: 22: Hoare triple {430#false} call f(~a~0.base, ~a~0.offset); {430#false} is VALID [2018-11-23 11:06:33,092 INFO L273 TraceCheckUtils]: 23: Hoare triple {430#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {430#false} is VALID [2018-11-23 11:06:33,093 INFO L273 TraceCheckUtils]: 24: Hoare triple {430#false} assume !~bvslt32(~i~1, 2bv32); {430#false} is VALID [2018-11-23 11:06:33,093 INFO L273 TraceCheckUtils]: 25: Hoare triple {430#false} assume true; {430#false} is VALID [2018-11-23 11:06:33,093 INFO L268 TraceCheckUtils]: 26: Hoare quadruple {430#false} {430#false} #98#return; {430#false} is VALID [2018-11-23 11:06:33,094 INFO L256 TraceCheckUtils]: 27: Hoare triple {430#false} call f(~b~0.base, ~b~0.offset); {430#false} is VALID [2018-11-23 11:06:33,094 INFO L273 TraceCheckUtils]: 28: Hoare triple {430#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {430#false} is VALID [2018-11-23 11:06:33,094 INFO L273 TraceCheckUtils]: 29: Hoare triple {430#false} assume !~bvslt32(~i~1, 2bv32); {430#false} is VALID [2018-11-23 11:06:33,094 INFO L273 TraceCheckUtils]: 30: Hoare triple {430#false} assume true; {430#false} is VALID [2018-11-23 11:06:33,095 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {430#false} {430#false} #100#return; {430#false} is VALID [2018-11-23 11:06:33,095 INFO L256 TraceCheckUtils]: 32: Hoare triple {430#false} call g(~a~0.base, ~a~0.offset); {430#false} is VALID [2018-11-23 11:06:33,095 INFO L273 TraceCheckUtils]: 33: Hoare triple {430#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~2;~i~2 := 0bv32; {430#false} is VALID [2018-11-23 11:06:33,095 INFO L273 TraceCheckUtils]: 34: Hoare triple {430#false} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {430#false} is VALID [2018-11-23 11:06:33,096 INFO L273 TraceCheckUtils]: 35: Hoare triple {430#false} assume #t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset;havoc #t~mem4.base, #t~mem4.offset;call #t~mem5 := read~intINTTYPE4(~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {430#false} is VALID [2018-11-23 11:06:33,096 INFO L273 TraceCheckUtils]: 36: Hoare triple {430#false} assume !(1bv32 == #t~mem5); {430#false} is VALID [2018-11-23 11:06:33,096 INFO L256 TraceCheckUtils]: 37: Hoare triple {430#false} call __blast_assert(); {430#false} is VALID [2018-11-23 11:06:33,097 INFO L273 TraceCheckUtils]: 38: Hoare triple {430#false} assume !false; {430#false} is VALID [2018-11-23 11:06:33,099 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2018-11-23 11:06:33,099 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:06:33,102 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:06:33,102 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2018-11-23 11:06:33,104 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 39 [2018-11-23 11:06:33,104 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:06:33,105 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2018-11-23 11:06:33,195 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 34 edges. 34 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:06:33,195 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2018-11-23 11:06:33,195 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2018-11-23 11:06:33,196 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:06:33,196 INFO L87 Difference]: Start difference. First operand 41 states and 48 transitions. Second operand 3 states. [2018-11-23 11:06:33,661 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:33,661 INFO L93 Difference]: Finished difference Result 74 states and 88 transitions. [2018-11-23 11:06:33,662 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2018-11-23 11:06:33,662 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 39 [2018-11-23 11:06:33,662 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:06:33,662 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:06:33,667 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 88 transitions. [2018-11-23 11:06:33,667 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:06:33,671 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 88 transitions. [2018-11-23 11:06:33,671 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 88 transitions. [2018-11-23 11:06:33,893 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 88 edges. 88 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:06:33,896 INFO L225 Difference]: With dead ends: 74 [2018-11-23 11:06:33,897 INFO L226 Difference]: Without dead ends: 43 [2018-11-23 11:06:33,898 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 38 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:06:33,898 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 43 states. [2018-11-23 11:06:33,916 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 43 to 42. [2018-11-23 11:06:33,916 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:06:33,917 INFO L82 GeneralOperation]: Start isEquivalent. First operand 43 states. Second operand 42 states. [2018-11-23 11:06:33,917 INFO L74 IsIncluded]: Start isIncluded. First operand 43 states. Second operand 42 states. [2018-11-23 11:06:33,917 INFO L87 Difference]: Start difference. First operand 43 states. Second operand 42 states. [2018-11-23 11:06:33,921 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:33,922 INFO L93 Difference]: Finished difference Result 43 states and 50 transitions. [2018-11-23 11:06:33,922 INFO L276 IsEmpty]: Start isEmpty. Operand 43 states and 50 transitions. [2018-11-23 11:06:33,923 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:06:33,923 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:06:33,923 INFO L74 IsIncluded]: Start isIncluded. First operand 42 states. Second operand 43 states. [2018-11-23 11:06:33,923 INFO L87 Difference]: Start difference. First operand 42 states. Second operand 43 states. [2018-11-23 11:06:33,928 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:33,928 INFO L93 Difference]: Finished difference Result 43 states and 50 transitions. [2018-11-23 11:06:33,929 INFO L276 IsEmpty]: Start isEmpty. Operand 43 states and 50 transitions. [2018-11-23 11:06:33,930 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:06:33,930 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:06:33,930 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:06:33,930 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:06:33,930 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 42 states. [2018-11-23 11:06:33,933 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 42 states to 42 states and 49 transitions. [2018-11-23 11:06:33,936 INFO L78 Accepts]: Start accepts. Automaton has 42 states and 49 transitions. Word has length 39 [2018-11-23 11:06:33,937 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:06:33,937 INFO L480 AbstractCegarLoop]: Abstraction has 42 states and 49 transitions. [2018-11-23 11:06:33,937 INFO L481 AbstractCegarLoop]: Interpolant automaton has 3 states. [2018-11-23 11:06:33,937 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 49 transitions. [2018-11-23 11:06:33,938 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2018-11-23 11:06:33,939 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:06:33,939 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:06:33,939 INFO L423 AbstractCegarLoop]: === Iteration 3 === [__blast_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:06:33,939 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:06:33,940 INFO L82 PathProgramCache]: Analyzing trace with hash 2096573404, now seen corresponding path program 1 times [2018-11-23 11:06:33,940 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:06:33,940 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:06:33,958 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:06:34,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:06:34,085 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:06:34,086 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:06:34,221 INFO L256 TraceCheckUtils]: 0: Hoare triple {805#true} call ULTIMATE.init(); {805#true} is VALID [2018-11-23 11:06:34,221 INFO L273 TraceCheckUtils]: 1: Hoare triple {805#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];call ~#pp~0.base, ~#pp~0.offset := #Ultimate.alloc(8bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~#pp~0.offset, 4bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(4bv32, ~#pp~0.offset), 4bv32);call ~#pstate~0.base, ~#pstate~0.offset := #Ultimate.alloc(8bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~#pstate~0.offset, 4bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(4bv32, ~#pstate~0.offset), 4bv32);~counter~0 := 1bv32; {805#true} is VALID [2018-11-23 11:06:34,222 INFO L273 TraceCheckUtils]: 2: Hoare triple {805#true} assume true; {805#true} is VALID [2018-11-23 11:06:34,222 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {805#true} {805#true} #106#return; {805#true} is VALID [2018-11-23 11:06:34,222 INFO L256 TraceCheckUtils]: 4: Hoare triple {805#true} call #t~ret9 := main(); {805#true} is VALID [2018-11-23 11:06:34,222 INFO L273 TraceCheckUtils]: 5: Hoare triple {805#true} havoc ~a~0.base, ~a~0.offset;havoc ~b~0.base, ~b~0.offset; {805#true} is VALID [2018-11-23 11:06:34,223 INFO L256 TraceCheckUtils]: 6: Hoare triple {805#true} call init(); {805#true} is VALID [2018-11-23 11:06:34,224 INFO L273 TraceCheckUtils]: 7: Hoare triple {805#true} havoc ~i~0;~i~0 := 0bv32; {831#(= init_~i~0 (_ bv0 32))} is VALID [2018-11-23 11:06:34,228 INFO L273 TraceCheckUtils]: 8: Hoare triple {831#(= init_~i~0 (_ bv0 32))} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {831#(= init_~i~0 (_ bv0 32))} is VALID [2018-11-23 11:06:34,229 INFO L273 TraceCheckUtils]: 9: Hoare triple {831#(= init_~i~0 (_ bv0 32))} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {838#(= (bvadd init_~i~0 (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:06:34,230 INFO L273 TraceCheckUtils]: 10: Hoare triple {838#(= (bvadd init_~i~0 (_ bv4294967295 32)) (_ bv0 32))} assume !~bvslt32(~i~0, 2bv32); {806#false} is VALID [2018-11-23 11:06:34,230 INFO L273 TraceCheckUtils]: 11: Hoare triple {806#false} assume true; {806#false} is VALID [2018-11-23 11:06:34,230 INFO L268 TraceCheckUtils]: 12: Hoare quadruple {806#false} {805#true} #92#return; {806#false} is VALID [2018-11-23 11:06:34,230 INFO L256 TraceCheckUtils]: 13: Hoare triple {806#false} call #t~ret7.base, #t~ret7.offset := malloc(4bv32); {806#false} is VALID [2018-11-23 11:06:34,231 INFO L273 TraceCheckUtils]: 14: Hoare triple {806#false} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {806#false} is VALID [2018-11-23 11:06:34,231 INFO L273 TraceCheckUtils]: 15: Hoare triple {806#false} assume true; {806#false} is VALID [2018-11-23 11:06:34,231 INFO L268 TraceCheckUtils]: 16: Hoare quadruple {806#false} {806#false} #94#return; {806#false} is VALID [2018-11-23 11:06:34,231 INFO L273 TraceCheckUtils]: 17: Hoare triple {806#false} ~a~0.base, ~a~0.offset := #t~ret7.base, #t~ret7.offset;havoc #t~ret7.base, #t~ret7.offset; {806#false} is VALID [2018-11-23 11:06:34,232 INFO L256 TraceCheckUtils]: 18: Hoare triple {806#false} call #t~ret8.base, #t~ret8.offset := malloc(4bv32); {806#false} is VALID [2018-11-23 11:06:34,232 INFO L273 TraceCheckUtils]: 19: Hoare triple {806#false} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {806#false} is VALID [2018-11-23 11:06:34,232 INFO L273 TraceCheckUtils]: 20: Hoare triple {806#false} assume true; {806#false} is VALID [2018-11-23 11:06:34,233 INFO L268 TraceCheckUtils]: 21: Hoare quadruple {806#false} {806#false} #96#return; {806#false} is VALID [2018-11-23 11:06:34,233 INFO L273 TraceCheckUtils]: 22: Hoare triple {806#false} ~b~0.base, ~b~0.offset := #t~ret8.base, #t~ret8.offset;havoc #t~ret8.base, #t~ret8.offset; {806#false} is VALID [2018-11-23 11:06:34,233 INFO L273 TraceCheckUtils]: 23: Hoare triple {806#false} assume !((~a~0.base == 0bv32 && ~a~0.offset == 0bv32) || (~b~0.base == 0bv32 && ~b~0.offset == 0bv32)); {806#false} is VALID [2018-11-23 11:06:34,233 INFO L256 TraceCheckUtils]: 24: Hoare triple {806#false} call f(~a~0.base, ~a~0.offset); {806#false} is VALID [2018-11-23 11:06:34,234 INFO L273 TraceCheckUtils]: 25: Hoare triple {806#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {806#false} is VALID [2018-11-23 11:06:34,234 INFO L273 TraceCheckUtils]: 26: Hoare triple {806#false} assume !~bvslt32(~i~1, 2bv32); {806#false} is VALID [2018-11-23 11:06:34,234 INFO L273 TraceCheckUtils]: 27: Hoare triple {806#false} assume true; {806#false} is VALID [2018-11-23 11:06:34,235 INFO L268 TraceCheckUtils]: 28: Hoare quadruple {806#false} {806#false} #98#return; {806#false} is VALID [2018-11-23 11:06:34,235 INFO L256 TraceCheckUtils]: 29: Hoare triple {806#false} call f(~b~0.base, ~b~0.offset); {806#false} is VALID [2018-11-23 11:06:34,235 INFO L273 TraceCheckUtils]: 30: Hoare triple {806#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {806#false} is VALID [2018-11-23 11:06:34,236 INFO L273 TraceCheckUtils]: 31: Hoare triple {806#false} assume !~bvslt32(~i~1, 2bv32); {806#false} is VALID [2018-11-23 11:06:34,236 INFO L273 TraceCheckUtils]: 32: Hoare triple {806#false} assume true; {806#false} is VALID [2018-11-23 11:06:34,236 INFO L268 TraceCheckUtils]: 33: Hoare quadruple {806#false} {806#false} #100#return; {806#false} is VALID [2018-11-23 11:06:34,236 INFO L256 TraceCheckUtils]: 34: Hoare triple {806#false} call g(~a~0.base, ~a~0.offset); {806#false} is VALID [2018-11-23 11:06:34,237 INFO L273 TraceCheckUtils]: 35: Hoare triple {806#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~2;~i~2 := 0bv32; {806#false} is VALID [2018-11-23 11:06:34,237 INFO L273 TraceCheckUtils]: 36: Hoare triple {806#false} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {806#false} is VALID [2018-11-23 11:06:34,237 INFO L273 TraceCheckUtils]: 37: Hoare triple {806#false} assume #t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset;havoc #t~mem4.base, #t~mem4.offset;call #t~mem5 := read~intINTTYPE4(~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {806#false} is VALID [2018-11-23 11:06:34,238 INFO L273 TraceCheckUtils]: 38: Hoare triple {806#false} assume !(1bv32 == #t~mem5); {806#false} is VALID [2018-11-23 11:06:34,238 INFO L256 TraceCheckUtils]: 39: Hoare triple {806#false} call __blast_assert(); {806#false} is VALID [2018-11-23 11:06:34,238 INFO L273 TraceCheckUtils]: 40: Hoare triple {806#false} assume !false; {806#false} is VALID [2018-11-23 11:06:34,241 INFO L134 CoverageAnalysis]: Checked inductivity of 8 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2018-11-23 11:06:34,241 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:06:34,445 INFO L273 TraceCheckUtils]: 40: Hoare triple {806#false} assume !false; {806#false} is VALID [2018-11-23 11:06:34,445 INFO L256 TraceCheckUtils]: 39: Hoare triple {806#false} call __blast_assert(); {806#false} is VALID [2018-11-23 11:06:34,446 INFO L273 TraceCheckUtils]: 38: Hoare triple {806#false} assume !(1bv32 == #t~mem5); {806#false} is VALID [2018-11-23 11:06:34,446 INFO L273 TraceCheckUtils]: 37: Hoare triple {806#false} assume #t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset;havoc #t~mem4.base, #t~mem4.offset;call #t~mem5 := read~intINTTYPE4(~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {806#false} is VALID [2018-11-23 11:06:34,447 INFO L273 TraceCheckUtils]: 36: Hoare triple {806#false} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {806#false} is VALID [2018-11-23 11:06:34,447 INFO L273 TraceCheckUtils]: 35: Hoare triple {806#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~2;~i~2 := 0bv32; {806#false} is VALID [2018-11-23 11:06:34,447 INFO L256 TraceCheckUtils]: 34: Hoare triple {806#false} call g(~a~0.base, ~a~0.offset); {806#false} is VALID [2018-11-23 11:06:34,448 INFO L268 TraceCheckUtils]: 33: Hoare quadruple {805#true} {806#false} #100#return; {806#false} is VALID [2018-11-23 11:06:34,448 INFO L273 TraceCheckUtils]: 32: Hoare triple {805#true} assume true; {805#true} is VALID [2018-11-23 11:06:34,448 INFO L273 TraceCheckUtils]: 31: Hoare triple {805#true} assume !~bvslt32(~i~1, 2bv32); {805#true} is VALID [2018-11-23 11:06:34,449 INFO L273 TraceCheckUtils]: 30: Hoare triple {805#true} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {805#true} is VALID [2018-11-23 11:06:34,449 INFO L256 TraceCheckUtils]: 29: Hoare triple {806#false} call f(~b~0.base, ~b~0.offset); {805#true} is VALID [2018-11-23 11:06:34,449 INFO L268 TraceCheckUtils]: 28: Hoare quadruple {805#true} {806#false} #98#return; {806#false} is VALID [2018-11-23 11:06:34,450 INFO L273 TraceCheckUtils]: 27: Hoare triple {805#true} assume true; {805#true} is VALID [2018-11-23 11:06:34,450 INFO L273 TraceCheckUtils]: 26: Hoare triple {805#true} assume !~bvslt32(~i~1, 2bv32); {805#true} is VALID [2018-11-23 11:06:34,450 INFO L273 TraceCheckUtils]: 25: Hoare triple {805#true} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {805#true} is VALID [2018-11-23 11:06:34,450 INFO L256 TraceCheckUtils]: 24: Hoare triple {806#false} call f(~a~0.base, ~a~0.offset); {805#true} is VALID [2018-11-23 11:06:34,451 INFO L273 TraceCheckUtils]: 23: Hoare triple {806#false} assume !((~a~0.base == 0bv32 && ~a~0.offset == 0bv32) || (~b~0.base == 0bv32 && ~b~0.offset == 0bv32)); {806#false} is VALID [2018-11-23 11:06:34,451 INFO L273 TraceCheckUtils]: 22: Hoare triple {806#false} ~b~0.base, ~b~0.offset := #t~ret8.base, #t~ret8.offset;havoc #t~ret8.base, #t~ret8.offset; {806#false} is VALID [2018-11-23 11:06:34,451 INFO L268 TraceCheckUtils]: 21: Hoare quadruple {805#true} {806#false} #96#return; {806#false} is VALID [2018-11-23 11:06:34,452 INFO L273 TraceCheckUtils]: 20: Hoare triple {805#true} assume true; {805#true} is VALID [2018-11-23 11:06:34,452 INFO L273 TraceCheckUtils]: 19: Hoare triple {805#true} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {805#true} is VALID [2018-11-23 11:06:34,452 INFO L256 TraceCheckUtils]: 18: Hoare triple {806#false} call #t~ret8.base, #t~ret8.offset := malloc(4bv32); {805#true} is VALID [2018-11-23 11:06:34,452 INFO L273 TraceCheckUtils]: 17: Hoare triple {806#false} ~a~0.base, ~a~0.offset := #t~ret7.base, #t~ret7.offset;havoc #t~ret7.base, #t~ret7.offset; {806#false} is VALID [2018-11-23 11:06:34,453 INFO L268 TraceCheckUtils]: 16: Hoare quadruple {805#true} {806#false} #94#return; {806#false} is VALID [2018-11-23 11:06:34,453 INFO L273 TraceCheckUtils]: 15: Hoare triple {805#true} assume true; {805#true} is VALID [2018-11-23 11:06:34,453 INFO L273 TraceCheckUtils]: 14: Hoare triple {805#true} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {805#true} is VALID [2018-11-23 11:06:34,454 INFO L256 TraceCheckUtils]: 13: Hoare triple {806#false} call #t~ret7.base, #t~ret7.offset := malloc(4bv32); {805#true} is VALID [2018-11-23 11:06:34,454 INFO L268 TraceCheckUtils]: 12: Hoare quadruple {806#false} {805#true} #92#return; {806#false} is VALID [2018-11-23 11:06:34,454 INFO L273 TraceCheckUtils]: 11: Hoare triple {806#false} assume true; {806#false} is VALID [2018-11-23 11:06:34,462 INFO L273 TraceCheckUtils]: 10: Hoare triple {1025#(bvslt init_~i~0 (_ bv2 32))} assume !~bvslt32(~i~0, 2bv32); {806#false} is VALID [2018-11-23 11:06:34,466 INFO L273 TraceCheckUtils]: 9: Hoare triple {1029#(bvslt (bvadd init_~i~0 (_ bv1 32)) (_ bv2 32))} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {1025#(bvslt init_~i~0 (_ bv2 32))} is VALID [2018-11-23 11:06:34,470 INFO L273 TraceCheckUtils]: 8: Hoare triple {1029#(bvslt (bvadd init_~i~0 (_ bv1 32)) (_ bv2 32))} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {1029#(bvslt (bvadd init_~i~0 (_ bv1 32)) (_ bv2 32))} is VALID [2018-11-23 11:06:34,470 INFO L273 TraceCheckUtils]: 7: Hoare triple {805#true} havoc ~i~0;~i~0 := 0bv32; {1029#(bvslt (bvadd init_~i~0 (_ bv1 32)) (_ bv2 32))} is VALID [2018-11-23 11:06:34,471 INFO L256 TraceCheckUtils]: 6: Hoare triple {805#true} call init(); {805#true} is VALID [2018-11-23 11:06:34,471 INFO L273 TraceCheckUtils]: 5: Hoare triple {805#true} havoc ~a~0.base, ~a~0.offset;havoc ~b~0.base, ~b~0.offset; {805#true} is VALID [2018-11-23 11:06:34,471 INFO L256 TraceCheckUtils]: 4: Hoare triple {805#true} call #t~ret9 := main(); {805#true} is VALID [2018-11-23 11:06:34,471 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {805#true} {805#true} #106#return; {805#true} is VALID [2018-11-23 11:06:34,472 INFO L273 TraceCheckUtils]: 2: Hoare triple {805#true} assume true; {805#true} is VALID [2018-11-23 11:06:34,472 INFO L273 TraceCheckUtils]: 1: Hoare triple {805#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];call ~#pp~0.base, ~#pp~0.offset := #Ultimate.alloc(8bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~#pp~0.offset, 4bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(4bv32, ~#pp~0.offset), 4bv32);call ~#pstate~0.base, ~#pstate~0.offset := #Ultimate.alloc(8bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~#pstate~0.offset, 4bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(4bv32, ~#pstate~0.offset), 4bv32);~counter~0 := 1bv32; {805#true} is VALID [2018-11-23 11:06:34,472 INFO L256 TraceCheckUtils]: 0: Hoare triple {805#true} call ULTIMATE.init(); {805#true} is VALID [2018-11-23 11:06:34,475 INFO L134 CoverageAnalysis]: Checked inductivity of 8 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2018-11-23 11:06:34,478 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:06:34,478 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [4, 4] total 6 [2018-11-23 11:06:34,479 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 41 [2018-11-23 11:06:34,482 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:06:34,482 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-23 11:06:34,573 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 53 edges. 53 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:06:34,574 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-23 11:06:34,574 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-23 11:06:34,574 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=12, Invalid=18, Unknown=0, NotChecked=0, Total=30 [2018-11-23 11:06:34,575 INFO L87 Difference]: Start difference. First operand 42 states and 49 transitions. Second operand 6 states. [2018-11-23 11:06:35,326 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:35,326 INFO L93 Difference]: Finished difference Result 76 states and 90 transitions. [2018-11-23 11:06:35,326 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2018-11-23 11:06:35,327 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 41 [2018-11-23 11:06:35,327 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:06:35,327 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:06:35,331 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 90 transitions. [2018-11-23 11:06:35,331 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:06:35,334 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 90 transitions. [2018-11-23 11:06:35,334 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 90 transitions. [2018-11-23 11:06:35,567 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 90 edges. 90 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:06:35,570 INFO L225 Difference]: With dead ends: 76 [2018-11-23 11:06:35,571 INFO L226 Difference]: Without dead ends: 45 [2018-11-23 11:06:35,571 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 81 GetRequests, 77 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=12, Invalid=18, Unknown=0, NotChecked=0, Total=30 [2018-11-23 11:06:35,572 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 45 states. [2018-11-23 11:06:35,663 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 45 to 44. [2018-11-23 11:06:35,663 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:06:35,663 INFO L82 GeneralOperation]: Start isEquivalent. First operand 45 states. Second operand 44 states. [2018-11-23 11:06:35,664 INFO L74 IsIncluded]: Start isIncluded. First operand 45 states. Second operand 44 states. [2018-11-23 11:06:35,664 INFO L87 Difference]: Start difference. First operand 45 states. Second operand 44 states. [2018-11-23 11:06:35,670 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:35,670 INFO L93 Difference]: Finished difference Result 45 states and 52 transitions. [2018-11-23 11:06:35,670 INFO L276 IsEmpty]: Start isEmpty. Operand 45 states and 52 transitions. [2018-11-23 11:06:35,671 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:06:35,671 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:06:35,671 INFO L74 IsIncluded]: Start isIncluded. First operand 44 states. Second operand 45 states. [2018-11-23 11:06:35,671 INFO L87 Difference]: Start difference. First operand 44 states. Second operand 45 states. [2018-11-23 11:06:35,675 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:35,675 INFO L93 Difference]: Finished difference Result 45 states and 52 transitions. [2018-11-23 11:06:35,675 INFO L276 IsEmpty]: Start isEmpty. Operand 45 states and 52 transitions. [2018-11-23 11:06:35,676 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:06:35,677 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:06:35,677 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:06:35,677 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:06:35,677 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 44 states. [2018-11-23 11:06:35,680 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 44 states to 44 states and 51 transitions. [2018-11-23 11:06:35,680 INFO L78 Accepts]: Start accepts. Automaton has 44 states and 51 transitions. Word has length 41 [2018-11-23 11:06:35,680 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:06:35,681 INFO L480 AbstractCegarLoop]: Abstraction has 44 states and 51 transitions. [2018-11-23 11:06:35,681 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-23 11:06:35,681 INFO L276 IsEmpty]: Start isEmpty. Operand 44 states and 51 transitions. [2018-11-23 11:06:35,682 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 44 [2018-11-23 11:06:35,682 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:06:35,683 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:06:35,683 INFO L423 AbstractCegarLoop]: === Iteration 4 === [__blast_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:06:35,683 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:06:35,683 INFO L82 PathProgramCache]: Analyzing trace with hash -1488269542, now seen corresponding path program 2 times [2018-11-23 11:06:35,684 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:06:35,684 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:06:35,701 INFO L101 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2018-11-23 11:06:35,773 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 1 check-sat command(s) [2018-11-23 11:06:35,773 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-11-23 11:06:35,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:06:35,802 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:06:35,878 INFO L256 TraceCheckUtils]: 0: Hoare triple {1323#true} call ULTIMATE.init(); {1323#true} is VALID [2018-11-23 11:06:35,879 INFO L273 TraceCheckUtils]: 1: Hoare triple {1323#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];call ~#pp~0.base, ~#pp~0.offset := #Ultimate.alloc(8bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~#pp~0.offset, 4bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(4bv32, ~#pp~0.offset), 4bv32);call ~#pstate~0.base, ~#pstate~0.offset := #Ultimate.alloc(8bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~#pstate~0.offset, 4bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(4bv32, ~#pstate~0.offset), 4bv32);~counter~0 := 1bv32; {1323#true} is VALID [2018-11-23 11:06:35,879 INFO L273 TraceCheckUtils]: 2: Hoare triple {1323#true} assume true; {1323#true} is VALID [2018-11-23 11:06:35,879 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1323#true} {1323#true} #106#return; {1323#true} is VALID [2018-11-23 11:06:35,880 INFO L256 TraceCheckUtils]: 4: Hoare triple {1323#true} call #t~ret9 := main(); {1323#true} is VALID [2018-11-23 11:06:35,880 INFO L273 TraceCheckUtils]: 5: Hoare triple {1323#true} havoc ~a~0.base, ~a~0.offset;havoc ~b~0.base, ~b~0.offset; {1323#true} is VALID [2018-11-23 11:06:35,880 INFO L256 TraceCheckUtils]: 6: Hoare triple {1323#true} call init(); {1323#true} is VALID [2018-11-23 11:06:35,880 INFO L273 TraceCheckUtils]: 7: Hoare triple {1323#true} havoc ~i~0;~i~0 := 0bv32; {1323#true} is VALID [2018-11-23 11:06:35,880 INFO L273 TraceCheckUtils]: 8: Hoare triple {1323#true} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {1323#true} is VALID [2018-11-23 11:06:35,881 INFO L273 TraceCheckUtils]: 9: Hoare triple {1323#true} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {1323#true} is VALID [2018-11-23 11:06:35,881 INFO L273 TraceCheckUtils]: 10: Hoare triple {1323#true} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {1323#true} is VALID [2018-11-23 11:06:35,881 INFO L273 TraceCheckUtils]: 11: Hoare triple {1323#true} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {1323#true} is VALID [2018-11-23 11:06:35,881 INFO L273 TraceCheckUtils]: 12: Hoare triple {1323#true} assume !~bvslt32(~i~0, 2bv32); {1323#true} is VALID [2018-11-23 11:06:35,882 INFO L273 TraceCheckUtils]: 13: Hoare triple {1323#true} assume true; {1323#true} is VALID [2018-11-23 11:06:35,882 INFO L268 TraceCheckUtils]: 14: Hoare quadruple {1323#true} {1323#true} #92#return; {1323#true} is VALID [2018-11-23 11:06:35,882 INFO L256 TraceCheckUtils]: 15: Hoare triple {1323#true} call #t~ret7.base, #t~ret7.offset := malloc(4bv32); {1323#true} is VALID [2018-11-23 11:06:35,882 INFO L273 TraceCheckUtils]: 16: Hoare triple {1323#true} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {1323#true} is VALID [2018-11-23 11:06:35,883 INFO L273 TraceCheckUtils]: 17: Hoare triple {1323#true} assume true; {1323#true} is VALID [2018-11-23 11:06:35,883 INFO L268 TraceCheckUtils]: 18: Hoare quadruple {1323#true} {1323#true} #94#return; {1323#true} is VALID [2018-11-23 11:06:35,883 INFO L273 TraceCheckUtils]: 19: Hoare triple {1323#true} ~a~0.base, ~a~0.offset := #t~ret7.base, #t~ret7.offset;havoc #t~ret7.base, #t~ret7.offset; {1323#true} is VALID [2018-11-23 11:06:35,884 INFO L256 TraceCheckUtils]: 20: Hoare triple {1323#true} call #t~ret8.base, #t~ret8.offset := malloc(4bv32); {1323#true} is VALID [2018-11-23 11:06:35,884 INFO L273 TraceCheckUtils]: 21: Hoare triple {1323#true} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {1323#true} is VALID [2018-11-23 11:06:35,884 INFO L273 TraceCheckUtils]: 22: Hoare triple {1323#true} assume true; {1323#true} is VALID [2018-11-23 11:06:35,884 INFO L268 TraceCheckUtils]: 23: Hoare quadruple {1323#true} {1323#true} #96#return; {1323#true} is VALID [2018-11-23 11:06:35,885 INFO L273 TraceCheckUtils]: 24: Hoare triple {1323#true} ~b~0.base, ~b~0.offset := #t~ret8.base, #t~ret8.offset;havoc #t~ret8.base, #t~ret8.offset; {1323#true} is VALID [2018-11-23 11:06:35,885 INFO L273 TraceCheckUtils]: 25: Hoare triple {1323#true} assume !((~a~0.base == 0bv32 && ~a~0.offset == 0bv32) || (~b~0.base == 0bv32 && ~b~0.offset == 0bv32)); {1323#true} is VALID [2018-11-23 11:06:35,885 INFO L256 TraceCheckUtils]: 26: Hoare triple {1323#true} call f(~a~0.base, ~a~0.offset); {1323#true} is VALID [2018-11-23 11:06:35,886 INFO L273 TraceCheckUtils]: 27: Hoare triple {1323#true} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {1323#true} is VALID [2018-11-23 11:06:35,886 INFO L273 TraceCheckUtils]: 28: Hoare triple {1323#true} assume !~bvslt32(~i~1, 2bv32); {1323#true} is VALID [2018-11-23 11:06:35,886 INFO L273 TraceCheckUtils]: 29: Hoare triple {1323#true} assume true; {1323#true} is VALID [2018-11-23 11:06:35,886 INFO L268 TraceCheckUtils]: 30: Hoare quadruple {1323#true} {1323#true} #98#return; {1323#true} is VALID [2018-11-23 11:06:35,887 INFO L256 TraceCheckUtils]: 31: Hoare triple {1323#true} call f(~b~0.base, ~b~0.offset); {1323#true} is VALID [2018-11-23 11:06:35,892 INFO L273 TraceCheckUtils]: 32: Hoare triple {1323#true} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {1424#(= f_~i~1 (_ bv0 32))} is VALID [2018-11-23 11:06:35,894 INFO L273 TraceCheckUtils]: 33: Hoare triple {1424#(= f_~i~1 (_ bv0 32))} assume !~bvslt32(~i~1, 2bv32); {1324#false} is VALID [2018-11-23 11:06:35,894 INFO L273 TraceCheckUtils]: 34: Hoare triple {1324#false} assume true; {1324#false} is VALID [2018-11-23 11:06:35,894 INFO L268 TraceCheckUtils]: 35: Hoare quadruple {1324#false} {1323#true} #100#return; {1324#false} is VALID [2018-11-23 11:06:35,894 INFO L256 TraceCheckUtils]: 36: Hoare triple {1324#false} call g(~a~0.base, ~a~0.offset); {1324#false} is VALID [2018-11-23 11:06:35,895 INFO L273 TraceCheckUtils]: 37: Hoare triple {1324#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~2;~i~2 := 0bv32; {1324#false} is VALID [2018-11-23 11:06:35,895 INFO L273 TraceCheckUtils]: 38: Hoare triple {1324#false} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {1324#false} is VALID [2018-11-23 11:06:35,895 INFO L273 TraceCheckUtils]: 39: Hoare triple {1324#false} assume #t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset;havoc #t~mem4.base, #t~mem4.offset;call #t~mem5 := read~intINTTYPE4(~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {1324#false} is VALID [2018-11-23 11:06:35,895 INFO L273 TraceCheckUtils]: 40: Hoare triple {1324#false} assume !(1bv32 == #t~mem5); {1324#false} is VALID [2018-11-23 11:06:35,896 INFO L256 TraceCheckUtils]: 41: Hoare triple {1324#false} call __blast_assert(); {1324#false} is VALID [2018-11-23 11:06:35,896 INFO L273 TraceCheckUtils]: 42: Hoare triple {1324#false} assume !false; {1324#false} is VALID [2018-11-23 11:06:35,899 INFO L134 CoverageAnalysis]: Checked inductivity of 11 backedges. 3 proven. 0 refuted. 0 times theorem prover too weak. 8 trivial. 0 not checked. [2018-11-23 11:06:35,899 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:06:35,902 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:06:35,903 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2018-11-23 11:06:35,903 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 43 [2018-11-23 11:06:35,904 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:06:35,905 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2018-11-23 11:06:36,004 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:06:36,005 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2018-11-23 11:06:36,005 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2018-11-23 11:06:36,005 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:06:36,006 INFO L87 Difference]: Start difference. First operand 44 states and 51 transitions. Second operand 3 states. [2018-11-23 11:06:36,421 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:36,421 INFO L93 Difference]: Finished difference Result 69 states and 85 transitions. [2018-11-23 11:06:36,421 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2018-11-23 11:06:36,422 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 43 [2018-11-23 11:06:36,422 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:06:36,422 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:06:36,425 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 82 transitions. [2018-11-23 11:06:36,425 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:06:36,428 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 82 transitions. [2018-11-23 11:06:36,429 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 82 transitions. [2018-11-23 11:06:36,642 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 82 edges. 82 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:06:36,645 INFO L225 Difference]: With dead ends: 69 [2018-11-23 11:06:36,646 INFO L226 Difference]: Without dead ends: 49 [2018-11-23 11:06:36,646 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 41 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:06:36,647 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 49 states. [2018-11-23 11:06:36,671 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 49 to 45. [2018-11-23 11:06:36,672 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:06:36,672 INFO L82 GeneralOperation]: Start isEquivalent. First operand 49 states. Second operand 45 states. [2018-11-23 11:06:36,672 INFO L74 IsIncluded]: Start isIncluded. First operand 49 states. Second operand 45 states. [2018-11-23 11:06:36,672 INFO L87 Difference]: Start difference. First operand 49 states. Second operand 45 states. [2018-11-23 11:06:36,676 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:36,676 INFO L93 Difference]: Finished difference Result 49 states and 58 transitions. [2018-11-23 11:06:36,676 INFO L276 IsEmpty]: Start isEmpty. Operand 49 states and 58 transitions. [2018-11-23 11:06:36,677 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:06:36,677 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:06:36,677 INFO L74 IsIncluded]: Start isIncluded. First operand 45 states. Second operand 49 states. [2018-11-23 11:06:36,678 INFO L87 Difference]: Start difference. First operand 45 states. Second operand 49 states. [2018-11-23 11:06:36,681 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:36,681 INFO L93 Difference]: Finished difference Result 49 states and 58 transitions. [2018-11-23 11:06:36,682 INFO L276 IsEmpty]: Start isEmpty. Operand 49 states and 58 transitions. [2018-11-23 11:06:36,682 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:06:36,682 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:06:36,683 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:06:36,683 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:06:36,683 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 45 states. [2018-11-23 11:06:36,686 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 45 states to 45 states and 52 transitions. [2018-11-23 11:06:36,686 INFO L78 Accepts]: Start accepts. Automaton has 45 states and 52 transitions. Word has length 43 [2018-11-23 11:06:36,686 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:06:36,687 INFO L480 AbstractCegarLoop]: Abstraction has 45 states and 52 transitions. [2018-11-23 11:06:36,687 INFO L481 AbstractCegarLoop]: Interpolant automaton has 3 states. [2018-11-23 11:06:36,687 INFO L276 IsEmpty]: Start isEmpty. Operand 45 states and 52 transitions. [2018-11-23 11:06:36,688 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 46 [2018-11-23 11:06:36,688 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:06:36,689 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:06:36,689 INFO L423 AbstractCegarLoop]: === Iteration 5 === [__blast_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:06:36,689 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:06:36,689 INFO L82 PathProgramCache]: Analyzing trace with hash 1996976156, now seen corresponding path program 1 times [2018-11-23 11:06:36,690 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:06:36,690 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:06:36,720 INFO L101 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2018-11-23 11:06:36,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:06:36,866 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:06:36,868 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:06:37,052 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:06:37,060 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:06:37,064 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:37,068 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:37,076 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:37,077 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:15, output treesize:11 [2018-11-23 11:06:37,238 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-23 11:06:37,245 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-23 11:06:37,246 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:37,248 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:37,250 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:37,250 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-23 11:06:37,255 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:06:37,255 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, |~#pstate~0.base|]. (let ((.cse0 (select (select |#memory_int| |~#pstate~0.base|) (_ bv0 32)))) (and (= (bvadd .cse0 (_ bv4294967295 32)) (_ bv0 32)) (= .cse0 |g_#t~mem5|))) [2018-11-23 11:06:37,256 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd |g_#t~mem5| (_ bv4294967295 32))) [2018-11-23 11:06:37,270 INFO L256 TraceCheckUtils]: 0: Hoare triple {1721#true} call ULTIMATE.init(); {1721#true} is VALID [2018-11-23 11:06:37,276 INFO L273 TraceCheckUtils]: 1: Hoare triple {1721#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];call ~#pp~0.base, ~#pp~0.offset := #Ultimate.alloc(8bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~#pp~0.offset, 4bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(4bv32, ~#pp~0.offset), 4bv32);call ~#pstate~0.base, ~#pstate~0.offset := #Ultimate.alloc(8bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~#pstate~0.offset, 4bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(4bv32, ~#pstate~0.offset), 4bv32);~counter~0 := 1bv32; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,277 INFO L273 TraceCheckUtils]: 2: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} assume true; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,278 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1729#(= |~#pstate~0.offset| (_ bv0 32))} {1721#true} #106#return; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,280 INFO L256 TraceCheckUtils]: 4: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} call #t~ret9 := main(); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,280 INFO L273 TraceCheckUtils]: 5: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} havoc ~a~0.base, ~a~0.offset;havoc ~b~0.base, ~b~0.offset; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,281 INFO L256 TraceCheckUtils]: 6: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} call init(); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,282 INFO L273 TraceCheckUtils]: 7: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} havoc ~i~0;~i~0 := 0bv32; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,285 INFO L273 TraceCheckUtils]: 8: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,285 INFO L273 TraceCheckUtils]: 9: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,286 INFO L273 TraceCheckUtils]: 10: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,286 INFO L273 TraceCheckUtils]: 11: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,287 INFO L273 TraceCheckUtils]: 12: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} assume !~bvslt32(~i~0, 2bv32); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,287 INFO L273 TraceCheckUtils]: 13: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} assume true; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,288 INFO L268 TraceCheckUtils]: 14: Hoare quadruple {1729#(= |~#pstate~0.offset| (_ bv0 32))} {1729#(= |~#pstate~0.offset| (_ bv0 32))} #92#return; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,289 INFO L256 TraceCheckUtils]: 15: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} call #t~ret7.base, #t~ret7.offset := malloc(4bv32); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,290 INFO L273 TraceCheckUtils]: 16: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,291 INFO L273 TraceCheckUtils]: 17: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} assume true; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,292 INFO L268 TraceCheckUtils]: 18: Hoare quadruple {1729#(= |~#pstate~0.offset| (_ bv0 32))} {1729#(= |~#pstate~0.offset| (_ bv0 32))} #94#return; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,293 INFO L273 TraceCheckUtils]: 19: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} ~a~0.base, ~a~0.offset := #t~ret7.base, #t~ret7.offset;havoc #t~ret7.base, #t~ret7.offset; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,294 INFO L256 TraceCheckUtils]: 20: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} call #t~ret8.base, #t~ret8.offset := malloc(4bv32); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,294 INFO L273 TraceCheckUtils]: 21: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,295 INFO L273 TraceCheckUtils]: 22: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} assume true; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,296 INFO L268 TraceCheckUtils]: 23: Hoare quadruple {1729#(= |~#pstate~0.offset| (_ bv0 32))} {1729#(= |~#pstate~0.offset| (_ bv0 32))} #96#return; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,297 INFO L273 TraceCheckUtils]: 24: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} ~b~0.base, ~b~0.offset := #t~ret8.base, #t~ret8.offset;havoc #t~ret8.base, #t~ret8.offset; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,298 INFO L273 TraceCheckUtils]: 25: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} assume !((~a~0.base == 0bv32 && ~a~0.offset == 0bv32) || (~b~0.base == 0bv32 && ~b~0.offset == 0bv32)); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,299 INFO L256 TraceCheckUtils]: 26: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} call f(~a~0.base, ~a~0.offset); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,300 INFO L273 TraceCheckUtils]: 27: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,301 INFO L273 TraceCheckUtils]: 28: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,302 INFO L273 TraceCheckUtils]: 29: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} assume #t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32;havoc #t~mem2.base, #t~mem2.offset;call write~$Pointer$(~pointer.base, ~pointer.offset, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32);call write~intINTTYPE4(1bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,303 INFO L273 TraceCheckUtils]: 30: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} assume true; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,304 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {1729#(= |~#pstate~0.offset| (_ bv0 32))} {1729#(= |~#pstate~0.offset| (_ bv0 32))} #98#return; {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,305 INFO L256 TraceCheckUtils]: 32: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} call f(~b~0.base, ~b~0.offset); {1729#(= |~#pstate~0.offset| (_ bv0 32))} is VALID [2018-11-23 11:06:37,307 INFO L273 TraceCheckUtils]: 33: Hoare triple {1729#(= |~#pstate~0.offset| (_ bv0 32))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {1826#(and (= |~#pstate~0.offset| (_ bv0 32)) (= f_~i~1 (_ bv0 32)))} is VALID [2018-11-23 11:06:37,308 INFO L273 TraceCheckUtils]: 34: Hoare triple {1826#(and (= |~#pstate~0.offset| (_ bv0 32)) (= f_~i~1 (_ bv0 32)))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {1826#(and (= |~#pstate~0.offset| (_ bv0 32)) (= f_~i~1 (_ bv0 32)))} is VALID [2018-11-23 11:06:37,314 INFO L273 TraceCheckUtils]: 35: Hoare triple {1826#(and (= |~#pstate~0.offset| (_ bv0 32)) (= f_~i~1 (_ bv0 32)))} assume #t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32;havoc #t~mem2.base, #t~mem2.offset;call write~$Pointer$(~pointer.base, ~pointer.offset, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32);call write~intINTTYPE4(1bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {1833#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:06:37,315 INFO L273 TraceCheckUtils]: 36: Hoare triple {1833#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} assume true; {1833#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:06:37,316 INFO L268 TraceCheckUtils]: 37: Hoare quadruple {1833#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} {1729#(= |~#pstate~0.offset| (_ bv0 32))} #100#return; {1833#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:06:37,337 INFO L256 TraceCheckUtils]: 38: Hoare triple {1833#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} call g(~a~0.base, ~a~0.offset); {1833#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:06:37,346 INFO L273 TraceCheckUtils]: 39: Hoare triple {1833#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~2;~i~2 := 0bv32; {1846#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:06:37,360 INFO L273 TraceCheckUtils]: 40: Hoare triple {1846#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {1846#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:06:37,362 INFO L273 TraceCheckUtils]: 41: Hoare triple {1846#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} assume #t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset;havoc #t~mem4.base, #t~mem4.offset;call #t~mem5 := read~intINTTYPE4(~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {1853#(= (_ bv1 32) |g_#t~mem5|)} is VALID [2018-11-23 11:06:37,363 INFO L273 TraceCheckUtils]: 42: Hoare triple {1853#(= (_ bv1 32) |g_#t~mem5|)} assume !(1bv32 == #t~mem5); {1722#false} is VALID [2018-11-23 11:06:37,363 INFO L256 TraceCheckUtils]: 43: Hoare triple {1722#false} call __blast_assert(); {1722#false} is VALID [2018-11-23 11:06:37,363 INFO L273 TraceCheckUtils]: 44: Hoare triple {1722#false} assume !false; {1722#false} is VALID [2018-11-23 11:06:37,369 INFO L134 CoverageAnalysis]: Checked inductivity of 12 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 8 trivial. 0 not checked. [2018-11-23 11:06:37,369 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:06:37,371 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:06:37,371 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2018-11-23 11:06:37,372 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 45 [2018-11-23 11:06:37,372 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:06:37,373 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states. [2018-11-23 11:06:37,473 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:06:37,473 INFO L459 AbstractCegarLoop]: Interpolant automaton has 7 states [2018-11-23 11:06:37,473 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2018-11-23 11:06:37,474 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2018-11-23 11:06:37,474 INFO L87 Difference]: Start difference. First operand 45 states and 52 transitions. Second operand 7 states. [2018-11-23 11:06:40,040 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:40,040 INFO L93 Difference]: Finished difference Result 89 states and 111 transitions. [2018-11-23 11:06:40,040 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2018-11-23 11:06:40,040 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 45 [2018-11-23 11:06:40,041 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:06:40,041 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2018-11-23 11:06:40,044 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 108 transitions. [2018-11-23 11:06:40,045 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2018-11-23 11:06:40,048 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 108 transitions. [2018-11-23 11:06:40,048 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 108 transitions. [2018-11-23 11:06:40,315 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 108 edges. 108 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:06:40,320 INFO L225 Difference]: With dead ends: 89 [2018-11-23 11:06:40,320 INFO L226 Difference]: Without dead ends: 77 [2018-11-23 11:06:40,321 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 48 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 10 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=38, Invalid=72, Unknown=0, NotChecked=0, Total=110 [2018-11-23 11:06:40,322 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 77 states. [2018-11-23 11:06:40,413 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 77 to 68. [2018-11-23 11:06:40,413 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:06:40,414 INFO L82 GeneralOperation]: Start isEquivalent. First operand 77 states. Second operand 68 states. [2018-11-23 11:06:40,414 INFO L74 IsIncluded]: Start isIncluded. First operand 77 states. Second operand 68 states. [2018-11-23 11:06:40,414 INFO L87 Difference]: Start difference. First operand 77 states. Second operand 68 states. [2018-11-23 11:06:40,419 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:40,420 INFO L93 Difference]: Finished difference Result 77 states and 95 transitions. [2018-11-23 11:06:40,420 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 95 transitions. [2018-11-23 11:06:40,420 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:06:40,421 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:06:40,421 INFO L74 IsIncluded]: Start isIncluded. First operand 68 states. Second operand 77 states. [2018-11-23 11:06:40,421 INFO L87 Difference]: Start difference. First operand 68 states. Second operand 77 states. [2018-11-23 11:06:40,425 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:06:40,426 INFO L93 Difference]: Finished difference Result 77 states and 95 transitions. [2018-11-23 11:06:40,426 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 95 transitions. [2018-11-23 11:06:40,427 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:06:40,427 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:06:40,427 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:06:40,427 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:06:40,427 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 68 states. [2018-11-23 11:06:40,431 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 68 states to 68 states and 86 transitions. [2018-11-23 11:06:40,431 INFO L78 Accepts]: Start accepts. Automaton has 68 states and 86 transitions. Word has length 45 [2018-11-23 11:06:40,432 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:06:40,432 INFO L480 AbstractCegarLoop]: Abstraction has 68 states and 86 transitions. [2018-11-23 11:06:40,432 INFO L481 AbstractCegarLoop]: Interpolant automaton has 7 states. [2018-11-23 11:06:40,432 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 86 transitions. [2018-11-23 11:06:40,433 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2018-11-23 11:06:40,433 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:06:40,434 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:06:40,434 INFO L423 AbstractCegarLoop]: === Iteration 6 === [__blast_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:06:40,434 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:06:40,434 INFO L82 PathProgramCache]: Analyzing trace with hash -1525902135, now seen corresponding path program 1 times [2018-11-23 11:06:40,435 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:06:40,435 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:06:40,482 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:06:40,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:06:40,674 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:06:40,677 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:06:40,700 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 14 [2018-11-23 11:06:40,724 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 1 [2018-11-23 11:06:40,730 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:40,735 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:40,748 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:40,749 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:21, output treesize:14 [2018-11-23 11:06:41,266 WARN L180 SmtUtils]: Spent 100.00 ms on a formula simplification that was a NOOP. DAG size: 10 [2018-11-23 11:06:41,572 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 24 [2018-11-23 11:06:41,603 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:06:41,605 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:41,677 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 24 [2018-11-23 11:06:41,686 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 1 [2018-11-23 11:06:41,687 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:41,696 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:41,701 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:41,718 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:41,718 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 1 variables, input treesize:42, output treesize:18 [2018-11-23 11:06:41,842 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 5 [2018-11-23 11:06:41,848 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 1 [2018-11-23 11:06:41,849 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:41,850 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:41,856 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:41,856 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:14, output treesize:7 [2018-11-23 11:06:41,859 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:06:41,859 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.offset_BEFORE_CALL_1|]. (and (= (_ bv0 32) |~#pp~0.offset|) (= (select (select |v_#memory_$Pointer$.offset_BEFORE_CALL_1| |~#pp~0.base|) |~#pp~0.offset|) (_ bv1 32)) (= |#memory_$Pointer$.offset| |old(#memory_$Pointer$.offset)|)) [2018-11-23 11:06:41,859 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= (_ bv0 32) |~#pp~0.offset|) (= |#memory_$Pointer$.offset| |old(#memory_$Pointer$.offset)|)) [2018-11-23 11:06:42,046 INFO L256 TraceCheckUtils]: 0: Hoare triple {2252#true} call ULTIMATE.init(); {2252#true} is VALID [2018-11-23 11:06:42,049 INFO L273 TraceCheckUtils]: 1: Hoare triple {2252#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];call ~#pp~0.base, ~#pp~0.offset := #Ultimate.alloc(8bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~#pp~0.offset, 4bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(4bv32, ~#pp~0.offset), 4bv32);call ~#pstate~0.base, ~#pstate~0.offset := #Ultimate.alloc(8bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~#pstate~0.offset, 4bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(4bv32, ~#pstate~0.offset), 4bv32);~counter~0 := 1bv32; {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,050 INFO L273 TraceCheckUtils]: 2: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,051 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {2252#true} #106#return; {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,052 INFO L256 TraceCheckUtils]: 4: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call #t~ret9 := main(); {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,055 INFO L273 TraceCheckUtils]: 5: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} havoc ~a~0.base, ~a~0.offset;havoc ~b~0.base, ~b~0.offset; {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,057 INFO L256 TraceCheckUtils]: 6: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call init(); {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,061 INFO L273 TraceCheckUtils]: 7: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} havoc ~i~0;~i~0 := 0bv32; {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,063 INFO L273 TraceCheckUtils]: 8: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,065 INFO L273 TraceCheckUtils]: 9: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,066 INFO L273 TraceCheckUtils]: 10: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,068 INFO L273 TraceCheckUtils]: 11: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,068 INFO L273 TraceCheckUtils]: 12: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !~bvslt32(~i~0, 2bv32); {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,069 INFO L273 TraceCheckUtils]: 13: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,070 INFO L268 TraceCheckUtils]: 14: Hoare quadruple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #92#return; {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,071 INFO L256 TraceCheckUtils]: 15: Hoare triple {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call #t~ret7.base, #t~ret7.offset := malloc(4bv32); {2303#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= |old(~counter~0)| ~counter~0) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,072 INFO L273 TraceCheckUtils]: 16: Hoare triple {2303#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= |old(~counter~0)| ~counter~0) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {2307#(and (= |old(~counter~0)| |malloc_#res.offset|) (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,073 INFO L273 TraceCheckUtils]: 17: Hoare triple {2307#(and (= |old(~counter~0)| |malloc_#res.offset|) (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {2307#(and (= |old(~counter~0)| |malloc_#res.offset|) (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,075 INFO L268 TraceCheckUtils]: 18: Hoare quadruple {2307#(and (= |old(~counter~0)| |malloc_#res.offset|) (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {2260#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd ~counter~0 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #94#return; {2314#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) |main_#t~ret7.offset|) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,076 INFO L273 TraceCheckUtils]: 19: Hoare triple {2314#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) |main_#t~ret7.offset|) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~a~0.base, ~a~0.offset := #t~ret7.base, #t~ret7.offset;havoc #t~ret7.base, #t~ret7.offset; {2318#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd main_~a~0.offset (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,077 INFO L256 TraceCheckUtils]: 20: Hoare triple {2318#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd main_~a~0.offset (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call #t~ret8.base, #t~ret8.offset := malloc(4bv32); {2322#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,078 INFO L273 TraceCheckUtils]: 21: Hoare triple {2322#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {2322#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,079 INFO L273 TraceCheckUtils]: 22: Hoare triple {2322#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {2322#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,080 INFO L268 TraceCheckUtils]: 23: Hoare quadruple {2322#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {2318#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd main_~a~0.offset (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #96#return; {2318#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd main_~a~0.offset (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,081 INFO L273 TraceCheckUtils]: 24: Hoare triple {2318#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd main_~a~0.offset (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~b~0.base, ~b~0.offset := #t~ret8.base, #t~ret8.offset;havoc #t~ret8.base, #t~ret8.offset; {2318#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd main_~a~0.offset (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,082 INFO L273 TraceCheckUtils]: 25: Hoare triple {2318#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd main_~a~0.offset (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !((~a~0.base == 0bv32 && ~a~0.offset == 0bv32) || (~b~0.base == 0bv32 && ~b~0.offset == 0bv32)); {2318#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd main_~a~0.offset (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,083 INFO L256 TraceCheckUtils]: 26: Hoare triple {2318#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd main_~a~0.offset (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call f(~a~0.base, ~a~0.offset); {2322#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,084 INFO L273 TraceCheckUtils]: 27: Hoare triple {2322#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {2344#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (= |f_#in~pointer.offset| f_~pointer.offset) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,085 INFO L273 TraceCheckUtils]: 28: Hoare triple {2344#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (= |f_#in~pointer.offset| f_~pointer.offset) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {2344#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (= |f_#in~pointer.offset| f_~pointer.offset) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,088 INFO L273 TraceCheckUtils]: 29: Hoare triple {2344#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (= |f_#in~pointer.offset| f_~pointer.offset) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume #t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32;havoc #t~mem2.base, #t~mem2.offset;call write~$Pointer$(~pointer.base, ~pointer.offset, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32);call write~intINTTYPE4(1bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {2351#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |f_#in~pointer.offset| (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,090 INFO L273 TraceCheckUtils]: 30: Hoare triple {2351#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |f_#in~pointer.offset| (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {2351#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |f_#in~pointer.offset| (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:42,091 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {2351#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |f_#in~pointer.offset| (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {2318#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd main_~a~0.offset (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #98#return; {2358#(and (= (_ bv0 32) |~#pp~0.offset|) (= (_ bv1 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|)))} is VALID [2018-11-23 11:06:42,093 INFO L256 TraceCheckUtils]: 32: Hoare triple {2358#(and (= (_ bv0 32) |~#pp~0.offset|) (= (_ bv1 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|)))} call f(~b~0.base, ~b~0.offset); {2362#(and (= (_ bv0 32) |~#pp~0.offset|) (= |#memory_$Pointer$.offset| |old(#memory_$Pointer$.offset)|))} is VALID [2018-11-23 11:06:42,094 INFO L273 TraceCheckUtils]: 33: Hoare triple {2362#(and (= (_ bv0 32) |~#pp~0.offset|) (= |#memory_$Pointer$.offset| |old(#memory_$Pointer$.offset)|))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {2366#(and (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (= |#memory_$Pointer$.offset| |old(#memory_$Pointer$.offset)|))} is VALID [2018-11-23 11:06:42,096 INFO L273 TraceCheckUtils]: 34: Hoare triple {2366#(and (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (= |#memory_$Pointer$.offset| |old(#memory_$Pointer$.offset)|))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {2370#(and (= (_ bv0 32) |~#pp~0.offset|) (= (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|) |f_#t~mem2.offset|))} is VALID [2018-11-23 11:06:42,097 INFO L273 TraceCheckUtils]: 35: Hoare triple {2370#(and (= (_ bv0 32) |~#pp~0.offset|) (= (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|) |f_#t~mem2.offset|))} assume #t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32;havoc #t~mem2.base, #t~mem2.offset;call write~$Pointer$(~pointer.base, ~pointer.offset, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32);call write~intINTTYPE4(1bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {2374#(and (= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|)) (= (_ bv0 32) |~#pp~0.offset|))} is VALID [2018-11-23 11:06:42,098 INFO L273 TraceCheckUtils]: 36: Hoare triple {2374#(and (= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|)) (= (_ bv0 32) |~#pp~0.offset|))} assume true; {2374#(and (= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|)) (= (_ bv0 32) |~#pp~0.offset|))} is VALID [2018-11-23 11:06:42,100 INFO L268 TraceCheckUtils]: 37: Hoare quadruple {2374#(and (= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|)) (= (_ bv0 32) |~#pp~0.offset|))} {2358#(and (= (_ bv0 32) |~#pp~0.offset|) (= (_ bv1 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|)))} #100#return; {2253#false} is VALID [2018-11-23 11:06:42,100 INFO L256 TraceCheckUtils]: 38: Hoare triple {2253#false} call g(~a~0.base, ~a~0.offset); {2253#false} is VALID [2018-11-23 11:06:42,100 INFO L273 TraceCheckUtils]: 39: Hoare triple {2253#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~2;~i~2 := 0bv32; {2253#false} is VALID [2018-11-23 11:06:42,101 INFO L273 TraceCheckUtils]: 40: Hoare triple {2253#false} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {2253#false} is VALID [2018-11-23 11:06:42,101 INFO L273 TraceCheckUtils]: 41: Hoare triple {2253#false} assume !(#t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset);havoc #t~mem4.base, #t~mem4.offset; {2253#false} is VALID [2018-11-23 11:06:42,101 INFO L273 TraceCheckUtils]: 42: Hoare triple {2253#false} #t~post3 := ~i~2;~i~2 := ~bvadd32(1bv32, #t~post3);havoc #t~post3; {2253#false} is VALID [2018-11-23 11:06:42,101 INFO L273 TraceCheckUtils]: 43: Hoare triple {2253#false} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {2253#false} is VALID [2018-11-23 11:06:42,102 INFO L273 TraceCheckUtils]: 44: Hoare triple {2253#false} assume #t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset;havoc #t~mem4.base, #t~mem4.offset;call #t~mem5 := read~intINTTYPE4(~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {2253#false} is VALID [2018-11-23 11:06:42,102 INFO L273 TraceCheckUtils]: 45: Hoare triple {2253#false} assume !(1bv32 == #t~mem5); {2253#false} is VALID [2018-11-23 11:06:42,102 INFO L256 TraceCheckUtils]: 46: Hoare triple {2253#false} call __blast_assert(); {2253#false} is VALID [2018-11-23 11:06:42,102 INFO L273 TraceCheckUtils]: 47: Hoare triple {2253#false} assume !false; {2253#false} is VALID [2018-11-23 11:06:42,111 INFO L134 CoverageAnalysis]: Checked inductivity of 14 backedges. 0 proven. 8 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2018-11-23 11:06:42,111 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:06:44,096 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:06:44,103 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:06:44,118 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 32 treesize of output 26 [2018-11-23 11:06:44,173 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 9 treesize of output 8 [2018-11-23 11:06:44,175 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:44,224 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 16 [2018-11-23 11:06:44,240 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:06:44,248 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:44,256 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:44,260 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 19 [2018-11-23 11:06:44,267 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 1 [2018-11-23 11:06:44,268 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:44,282 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:44,284 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 16 [2018-11-23 11:06:44,290 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:06:44,295 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:44,304 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:44,342 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 3 xjuncts. [2018-11-23 11:06:44,383 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: and 3 xjuncts. [2018-11-23 11:06:44,384 INFO L202 ElimStorePlain]: Needed 11 recursive calls to eliminate 2 variables, input treesize:41, output treesize:26 [2018-11-23 11:06:46,641 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:06:46,641 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_$Pointer$.offset_47|, |v_#memory_$Pointer$.offset_49|]. (or (not (= (let ((.cse0 (store |v_#memory_$Pointer$.offset_47| |~#pp~0.base| (store (select |v_#memory_$Pointer$.offset_47| |~#pp~0.base|) |~#pp~0.offset| main_~a~0.offset)))) (store .cse0 |~#pstate~0.base| (store (select .cse0 |~#pstate~0.base|) |~#pstate~0.offset| (select (select |v_#memory_$Pointer$.offset_49| |~#pstate~0.base|) |~#pstate~0.offset|)))) |v_#memory_$Pointer$.offset_49|)) (not (= (_ bv0 32) (select (select |v_#memory_$Pointer$.offset_49| |~#pp~0.base|) |~#pp~0.offset|)))) [2018-11-23 11:06:46,641 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ []. (let ((.cse1 (not (= main_~a~0.offset (_ bv0 32)))) (.cse2 (= |~#pstate~0.offset| |~#pp~0.offset|)) (.cse0 (= |~#pstate~0.base| |~#pp~0.base|))) (and (or .cse0 .cse1) (or .cse2 .cse1) (or (not .cse2) (not .cse0)))) [2018-11-23 11:06:46,899 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:06:46,940 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:06:46,953 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:06:46,991 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:06:47,088 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 51 treesize of output 40 [2018-11-23 11:06:47,185 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 12 [2018-11-23 11:06:47,188 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:47,219 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 17 [2018-11-23 11:06:47,240 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 12 [2018-11-23 11:06:47,242 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 2 xjuncts. [2018-11-23 11:06:47,251 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:06:47,274 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:06:47,292 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 51 treesize of output 40 [2018-11-23 11:06:47,397 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 12 [2018-11-23 11:06:47,399 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:47,490 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 24 treesize of output 20 [2018-11-23 11:06:47,513 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 12 [2018-11-23 11:06:47,514 INFO L267 ElimStorePlain]: Start of recursive call 13: End of recursive call: and 2 xjuncts. [2018-11-23 11:06:47,534 INFO L267 ElimStorePlain]: Start of recursive call 12: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:06:47,542 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 24 [2018-11-23 11:06:47,569 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 12 [2018-11-23 11:06:47,572 INFO L267 ElimStorePlain]: Start of recursive call 15: End of recursive call: and 2 xjuncts. [2018-11-23 11:06:47,588 INFO L267 ElimStorePlain]: Start of recursive call 14: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:06:47,596 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 27 [2018-11-23 11:06:47,611 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 1 [2018-11-23 11:06:47,612 INFO L267 ElimStorePlain]: Start of recursive call 17: End of recursive call: and 1 xjuncts. [2018-11-23 11:06:47,630 INFO L267 ElimStorePlain]: Start of recursive call 16: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:06:47,719 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 4 xjuncts. [2018-11-23 11:06:47,825 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: and 5 xjuncts. [2018-11-23 11:06:47,825 INFO L202 ElimStorePlain]: Needed 17 recursive calls to eliminate 2 variables, input treesize:127, output treesize:80 [2018-11-23 11:06:49,961 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:06:49,962 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_$Pointer$.offset|, |v_#memory_$Pointer$.offset_50|]. (let ((.cse0 (not (= (_ bv0 32) (select (select |v_#memory_$Pointer$.offset_50| |~#pp~0.base|) |~#pp~0.offset|)))) (.cse1 (not (= (let ((.cse5 (bvmul (_ bv4 32) f_~i~1))) (let ((.cse3 (store |#memory_$Pointer$.offset| |~#pp~0.base| (store (select |#memory_$Pointer$.offset| |~#pp~0.base|) (bvadd .cse5 |~#pp~0.offset|) f_~pointer.offset)))) (store .cse3 |~#pstate~0.base| (let ((.cse4 (bvadd .cse5 |~#pstate~0.offset|))) (store (select .cse3 |~#pstate~0.base|) .cse4 (select (select |v_#memory_$Pointer$.offset_50| |~#pstate~0.base|) .cse4)))))) |v_#memory_$Pointer$.offset_50|))) (.cse2 (= |f_#in~pointer.offset| (_ bv0 32)))) (and (or .cse0 .cse1 (= |~#pstate~0.offset| |~#pp~0.offset|) .cse2) (or .cse0 .cse1 .cse2 (= |~#pstate~0.base| |~#pp~0.base|)))) [2018-11-23 11:06:49,962 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ []. (let ((.cse6 (bvmul (_ bv4 32) f_~i~1))) (let ((.cse2 (not (= (_ bv0 32) f_~pointer.offset))) (.cse1 (= |~#pstate~0.base| |~#pp~0.base|)) (.cse3 (= (bvadd .cse6 |~#pstate~0.offset|) |~#pp~0.offset|)) (.cse4 (= |~#pstate~0.offset| |~#pp~0.offset|)) (.cse0 (= |f_#in~pointer.offset| (_ bv0 32))) (.cse5 (= |~#pp~0.offset| (bvadd .cse6 |~#pp~0.offset|)))) (and (or .cse0 .cse1 .cse2) (or .cse3 .cse4 .cse0 .cse2) (or .cse0 .cse1 .cse5) (or .cse4 .cse0 (not .cse3)) (or .cse3 .cse4 .cse0 .cse5)))) [2018-11-23 11:06:50,186 WARN L180 SmtUtils]: Spent 148.00 ms on a formula simplification. DAG size of input: 25 DAG size of output: 21 [2018-11-23 11:06:50,664 INFO L273 TraceCheckUtils]: 47: Hoare triple {2253#false} assume !false; {2253#false} is VALID [2018-11-23 11:06:50,665 INFO L256 TraceCheckUtils]: 46: Hoare triple {2253#false} call __blast_assert(); {2253#false} is VALID [2018-11-23 11:06:50,665 INFO L273 TraceCheckUtils]: 45: Hoare triple {2253#false} assume !(1bv32 == #t~mem5); {2253#false} is VALID [2018-11-23 11:06:50,666 INFO L273 TraceCheckUtils]: 44: Hoare triple {2253#false} assume #t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset;havoc #t~mem4.base, #t~mem4.offset;call #t~mem5 := read~intINTTYPE4(~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {2253#false} is VALID [2018-11-23 11:06:50,666 INFO L273 TraceCheckUtils]: 43: Hoare triple {2253#false} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {2253#false} is VALID [2018-11-23 11:06:50,666 INFO L273 TraceCheckUtils]: 42: Hoare triple {2253#false} #t~post3 := ~i~2;~i~2 := ~bvadd32(1bv32, #t~post3);havoc #t~post3; {2253#false} is VALID [2018-11-23 11:06:50,667 INFO L273 TraceCheckUtils]: 41: Hoare triple {2253#false} assume !(#t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset);havoc #t~mem4.base, #t~mem4.offset; {2253#false} is VALID [2018-11-23 11:06:50,667 INFO L273 TraceCheckUtils]: 40: Hoare triple {2253#false} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {2253#false} is VALID [2018-11-23 11:06:50,667 INFO L273 TraceCheckUtils]: 39: Hoare triple {2253#false} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~2;~i~2 := 0bv32; {2253#false} is VALID [2018-11-23 11:06:50,667 INFO L256 TraceCheckUtils]: 38: Hoare triple {2253#false} call g(~a~0.base, ~a~0.offset); {2253#false} is VALID [2018-11-23 11:06:50,669 INFO L268 TraceCheckUtils]: 37: Hoare quadruple {2445#(= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|))} {2441#(not (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|)))} #100#return; {2253#false} is VALID [2018-11-23 11:06:50,670 INFO L273 TraceCheckUtils]: 36: Hoare triple {2445#(= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|))} assume true; {2445#(= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|))} is VALID [2018-11-23 11:06:50,671 INFO L273 TraceCheckUtils]: 35: Hoare triple {2452#(or (= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|)) (not (= (_ bv0 32) |f_#t~mem2.offset|)))} assume #t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32;havoc #t~mem2.base, #t~mem2.offset;call write~$Pointer$(~pointer.base, ~pointer.offset, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32);call write~intINTTYPE4(1bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {2445#(= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|))} is VALID [2018-11-23 11:06:50,672 INFO L273 TraceCheckUtils]: 34: Hoare triple {2456#(or (= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|)) (not (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pp~0.offset|)))))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {2452#(or (= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|)) (not (= (_ bv0 32) |f_#t~mem2.offset|)))} is VALID [2018-11-23 11:06:50,673 INFO L273 TraceCheckUtils]: 33: Hoare triple {2460#(or (= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|)) (not (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|))))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {2456#(or (= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|)) (not (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pp~0.offset|)))))} is VALID [2018-11-23 11:06:50,674 INFO L256 TraceCheckUtils]: 32: Hoare triple {2441#(not (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|)))} call f(~b~0.base, ~b~0.offset); {2460#(or (= (_ bv0 32) (select (select |old(#memory_$Pointer$.offset)| |~#pp~0.base|) |~#pp~0.offset|)) (not (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|))))} is VALID [2018-11-23 11:06:50,676 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {2468#(or (= |f_#in~pointer.offset| (_ bv0 32)) (not (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|))) (and (= |~#pstate~0.offset| |~#pp~0.offset|) (= |~#pstate~0.base| |~#pp~0.base|)))} {2464#(and (not (= main_~a~0.offset (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} #98#return; {2441#(not (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|)))} is VALID [2018-11-23 11:06:50,676 INFO L273 TraceCheckUtils]: 30: Hoare triple {2468#(or (= |f_#in~pointer.offset| (_ bv0 32)) (not (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|))) (and (= |~#pstate~0.offset| |~#pp~0.offset|) (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {2468#(or (= |f_#in~pointer.offset| (_ bv0 32)) (not (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|))) (and (= |~#pstate~0.offset| |~#pp~0.offset|) (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:50,699 INFO L273 TraceCheckUtils]: 29: Hoare triple {2475#(and (or (= |f_#in~pointer.offset| (_ bv0 32)) (= |~#pstate~0.base| |~#pp~0.base|) (not (= (_ bv0 32) f_~pointer.offset))) (or (= |~#pstate~0.offset| |~#pp~0.offset|) (= |f_#in~pointer.offset| (_ bv0 32)) (not (= (_ bv0 32) f_~pointer.offset))) (or (= |~#pstate~0.offset| |~#pp~0.offset|) (= |f_#in~pointer.offset| (_ bv0 32)) (= (_ bv0 32) (bvmul (_ bv4 32) f_~i~1))) (or (= |f_#in~pointer.offset| (_ bv0 32)) (= (_ bv0 32) (bvmul (_ bv4 32) f_~i~1)) (= |~#pstate~0.base| |~#pp~0.base|)))} assume #t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32;havoc #t~mem2.base, #t~mem2.offset;call write~$Pointer$(~pointer.base, ~pointer.offset, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32);call write~intINTTYPE4(1bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {2468#(or (= |f_#in~pointer.offset| (_ bv0 32)) (not (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| |~#pp~0.base|) |~#pp~0.offset|))) (and (= |~#pstate~0.offset| |~#pp~0.offset|) (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:50,700 INFO L273 TraceCheckUtils]: 28: Hoare triple {2475#(and (or (= |f_#in~pointer.offset| (_ bv0 32)) (= |~#pstate~0.base| |~#pp~0.base|) (not (= (_ bv0 32) f_~pointer.offset))) (or (= |~#pstate~0.offset| |~#pp~0.offset|) (= |f_#in~pointer.offset| (_ bv0 32)) (not (= (_ bv0 32) f_~pointer.offset))) (or (= |~#pstate~0.offset| |~#pp~0.offset|) (= |f_#in~pointer.offset| (_ bv0 32)) (= (_ bv0 32) (bvmul (_ bv4 32) f_~i~1))) (or (= |f_#in~pointer.offset| (_ bv0 32)) (= (_ bv0 32) (bvmul (_ bv4 32) f_~i~1)) (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {2475#(and (or (= |f_#in~pointer.offset| (_ bv0 32)) (= |~#pstate~0.base| |~#pp~0.base|) (not (= (_ bv0 32) f_~pointer.offset))) (or (= |~#pstate~0.offset| |~#pp~0.offset|) (= |f_#in~pointer.offset| (_ bv0 32)) (not (= (_ bv0 32) f_~pointer.offset))) (or (= |~#pstate~0.offset| |~#pp~0.offset|) (= |f_#in~pointer.offset| (_ bv0 32)) (= (_ bv0 32) (bvmul (_ bv4 32) f_~i~1))) (or (= |f_#in~pointer.offset| (_ bv0 32)) (= (_ bv0 32) (bvmul (_ bv4 32) f_~i~1)) (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:50,701 INFO L273 TraceCheckUtils]: 27: Hoare triple {2252#true} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {2475#(and (or (= |f_#in~pointer.offset| (_ bv0 32)) (= |~#pstate~0.base| |~#pp~0.base|) (not (= (_ bv0 32) f_~pointer.offset))) (or (= |~#pstate~0.offset| |~#pp~0.offset|) (= |f_#in~pointer.offset| (_ bv0 32)) (not (= (_ bv0 32) f_~pointer.offset))) (or (= |~#pstate~0.offset| |~#pp~0.offset|) (= |f_#in~pointer.offset| (_ bv0 32)) (= (_ bv0 32) (bvmul (_ bv4 32) f_~i~1))) (or (= |f_#in~pointer.offset| (_ bv0 32)) (= (_ bv0 32) (bvmul (_ bv4 32) f_~i~1)) (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:50,701 INFO L256 TraceCheckUtils]: 26: Hoare triple {2464#(and (not (= main_~a~0.offset (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} call f(~a~0.base, ~a~0.offset); {2252#true} is VALID [2018-11-23 11:06:50,702 INFO L273 TraceCheckUtils]: 25: Hoare triple {2464#(and (not (= main_~a~0.offset (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} assume !((~a~0.base == 0bv32 && ~a~0.offset == 0bv32) || (~b~0.base == 0bv32 && ~b~0.offset == 0bv32)); {2464#(and (not (= main_~a~0.offset (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} is VALID [2018-11-23 11:06:50,702 INFO L273 TraceCheckUtils]: 24: Hoare triple {2464#(and (not (= main_~a~0.offset (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} ~b~0.base, ~b~0.offset := #t~ret8.base, #t~ret8.offset;havoc #t~ret8.base, #t~ret8.offset; {2464#(and (not (= main_~a~0.offset (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} is VALID [2018-11-23 11:06:50,704 INFO L268 TraceCheckUtils]: 23: Hoare quadruple {2252#true} {2464#(and (not (= main_~a~0.offset (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} #96#return; {2464#(and (not (= main_~a~0.offset (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} is VALID [2018-11-23 11:06:50,704 INFO L273 TraceCheckUtils]: 22: Hoare triple {2252#true} assume true; {2252#true} is VALID [2018-11-23 11:06:50,704 INFO L273 TraceCheckUtils]: 21: Hoare triple {2252#true} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {2252#true} is VALID [2018-11-23 11:06:50,705 INFO L256 TraceCheckUtils]: 20: Hoare triple {2464#(and (not (= main_~a~0.offset (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} call #t~ret8.base, #t~ret8.offset := malloc(4bv32); {2252#true} is VALID [2018-11-23 11:06:50,705 INFO L273 TraceCheckUtils]: 19: Hoare triple {2503#(and (not (= |main_#t~ret7.offset| (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} ~a~0.base, ~a~0.offset := #t~ret7.base, #t~ret7.offset;havoc #t~ret7.base, #t~ret7.offset; {2464#(and (not (= main_~a~0.offset (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} is VALID [2018-11-23 11:06:50,708 INFO L268 TraceCheckUtils]: 18: Hoare quadruple {2511#(or (= |old(~counter~0)| (_ bv0 32)) (not (= |malloc_#res.offset| (_ bv0 32))) (and (= |~#pstate~0.offset| |~#pp~0.offset|) (= |~#pstate~0.base| |~#pp~0.base|)))} {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} #94#return; {2503#(and (not (= |main_#t~ret7.offset| (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} is VALID [2018-11-23 11:06:50,708 INFO L273 TraceCheckUtils]: 17: Hoare triple {2511#(or (= |old(~counter~0)| (_ bv0 32)) (not (= |malloc_#res.offset| (_ bv0 32))) (and (= |~#pstate~0.offset| |~#pp~0.offset|) (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {2511#(or (= |old(~counter~0)| (_ bv0 32)) (not (= |malloc_#res.offset| (_ bv0 32))) (and (= |~#pstate~0.offset| |~#pp~0.offset|) (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:50,709 INFO L273 TraceCheckUtils]: 16: Hoare triple {2518#(or (= |old(~counter~0)| (_ bv0 32)) (not (= ~counter~0 (_ bv0 32))) (and (= |~#pstate~0.offset| |~#pp~0.offset|) (= |~#pstate~0.base| |~#pp~0.base|)))} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {2511#(or (= |old(~counter~0)| (_ bv0 32)) (not (= |malloc_#res.offset| (_ bv0 32))) (and (= |~#pstate~0.offset| |~#pp~0.offset|) (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:50,710 INFO L256 TraceCheckUtils]: 15: Hoare triple {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} call #t~ret7.base, #t~ret7.offset := malloc(4bv32); {2518#(or (= |old(~counter~0)| (_ bv0 32)) (not (= ~counter~0 (_ bv0 32))) (and (= |~#pstate~0.offset| |~#pp~0.offset|) (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:06:50,711 INFO L268 TraceCheckUtils]: 14: Hoare quadruple {2252#true} {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} #92#return; {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} is VALID [2018-11-23 11:06:50,712 INFO L273 TraceCheckUtils]: 13: Hoare triple {2252#true} assume true; {2252#true} is VALID [2018-11-23 11:06:50,712 INFO L273 TraceCheckUtils]: 12: Hoare triple {2252#true} assume !~bvslt32(~i~0, 2bv32); {2252#true} is VALID [2018-11-23 11:06:50,712 INFO L273 TraceCheckUtils]: 11: Hoare triple {2252#true} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {2252#true} is VALID [2018-11-23 11:06:50,712 INFO L273 TraceCheckUtils]: 10: Hoare triple {2252#true} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {2252#true} is VALID [2018-11-23 11:06:50,712 INFO L273 TraceCheckUtils]: 9: Hoare triple {2252#true} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {2252#true} is VALID [2018-11-23 11:06:50,713 INFO L273 TraceCheckUtils]: 8: Hoare triple {2252#true} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {2252#true} is VALID [2018-11-23 11:06:50,713 INFO L273 TraceCheckUtils]: 7: Hoare triple {2252#true} havoc ~i~0;~i~0 := 0bv32; {2252#true} is VALID [2018-11-23 11:06:50,713 INFO L256 TraceCheckUtils]: 6: Hoare triple {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} call init(); {2252#true} is VALID [2018-11-23 11:06:50,714 INFO L273 TraceCheckUtils]: 5: Hoare triple {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} havoc ~a~0.base, ~a~0.offset;havoc ~b~0.base, ~b~0.offset; {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} is VALID [2018-11-23 11:06:50,715 INFO L256 TraceCheckUtils]: 4: Hoare triple {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} call #t~ret9 := main(); {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} is VALID [2018-11-23 11:06:50,715 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} {2252#true} #106#return; {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} is VALID [2018-11-23 11:06:50,716 INFO L273 TraceCheckUtils]: 2: Hoare triple {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} assume true; {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} is VALID [2018-11-23 11:06:50,718 INFO L273 TraceCheckUtils]: 1: Hoare triple {2252#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];call ~#pp~0.base, ~#pp~0.offset := #Ultimate.alloc(8bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~#pp~0.offset, 4bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(4bv32, ~#pp~0.offset), 4bv32);call ~#pstate~0.base, ~#pstate~0.offset := #Ultimate.alloc(8bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~#pstate~0.offset, 4bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(4bv32, ~#pstate~0.offset), 4bv32);~counter~0 := 1bv32; {2507#(and (not (= ~counter~0 (_ bv0 32))) (or (not (= |~#pstate~0.offset| |~#pp~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))))} is VALID [2018-11-23 11:06:50,718 INFO L256 TraceCheckUtils]: 0: Hoare triple {2252#true} call ULTIMATE.init(); {2252#true} is VALID [2018-11-23 11:06:50,723 INFO L134 CoverageAnalysis]: Checked inductivity of 14 backedges. 1 proven. 7 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2018-11-23 11:06:50,726 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:06:50,726 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [15, 14] total 27 [2018-11-23 11:06:50,726 INFO L78 Accepts]: Start accepts. Automaton has 27 states. Word has length 48 [2018-11-23 11:06:50,728 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:06:50,728 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 27 states. [2018-11-23 11:06:51,283 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 80 edges. 80 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:06:51,283 INFO L459 AbstractCegarLoop]: Interpolant automaton has 27 states [2018-11-23 11:06:51,283 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 27 interpolants. [2018-11-23 11:06:51,284 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=84, Invalid=618, Unknown=0, NotChecked=0, Total=702 [2018-11-23 11:06:51,284 INFO L87 Difference]: Start difference. First operand 68 states and 86 transitions. Second operand 27 states. [2018-11-23 11:07:05,336 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:07:05,337 INFO L93 Difference]: Finished difference Result 139 states and 171 transitions. [2018-11-23 11:07:05,337 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 24 states. [2018-11-23 11:07:05,337 INFO L78 Accepts]: Start accepts. Automaton has 27 states. Word has length 48 [2018-11-23 11:07:05,337 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:07:05,338 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 27 states. [2018-11-23 11:07:05,342 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 24 states to 24 states and 129 transitions. [2018-11-23 11:07:05,342 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 27 states. [2018-11-23 11:07:05,346 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 24 states to 24 states and 129 transitions. [2018-11-23 11:07:05,346 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 24 states and 129 transitions. [2018-11-23 11:07:05,652 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 129 edges. 129 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:07:05,657 INFO L225 Difference]: With dead ends: 139 [2018-11-23 11:07:05,658 INFO L226 Difference]: Without dead ends: 112 [2018-11-23 11:07:05,659 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 117 GetRequests, 73 SyntacticMatches, 0 SemanticMatches, 44 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 290 ImplicationChecksByTransitivity, 2.9s TimeCoverageRelationStatistics Valid=306, Invalid=1764, Unknown=0, NotChecked=0, Total=2070 [2018-11-23 11:07:05,660 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 112 states. [2018-11-23 11:07:05,877 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 112 to 101. [2018-11-23 11:07:05,877 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:07:05,877 INFO L82 GeneralOperation]: Start isEquivalent. First operand 112 states. Second operand 101 states. [2018-11-23 11:07:05,877 INFO L74 IsIncluded]: Start isIncluded. First operand 112 states. Second operand 101 states. [2018-11-23 11:07:05,878 INFO L87 Difference]: Start difference. First operand 112 states. Second operand 101 states. [2018-11-23 11:07:05,883 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:07:05,883 INFO L93 Difference]: Finished difference Result 112 states and 138 transitions. [2018-11-23 11:07:05,883 INFO L276 IsEmpty]: Start isEmpty. Operand 112 states and 138 transitions. [2018-11-23 11:07:05,884 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:07:05,884 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:07:05,884 INFO L74 IsIncluded]: Start isIncluded. First operand 101 states. Second operand 112 states. [2018-11-23 11:07:05,884 INFO L87 Difference]: Start difference. First operand 101 states. Second operand 112 states. [2018-11-23 11:07:05,890 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:07:05,890 INFO L93 Difference]: Finished difference Result 112 states and 138 transitions. [2018-11-23 11:07:05,890 INFO L276 IsEmpty]: Start isEmpty. Operand 112 states and 138 transitions. [2018-11-23 11:07:05,891 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:07:05,891 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:07:05,891 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:07:05,891 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:07:05,891 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 101 states. [2018-11-23 11:07:05,896 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 101 states to 101 states and 126 transitions. [2018-11-23 11:07:05,896 INFO L78 Accepts]: Start accepts. Automaton has 101 states and 126 transitions. Word has length 48 [2018-11-23 11:07:05,896 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:07:05,896 INFO L480 AbstractCegarLoop]: Abstraction has 101 states and 126 transitions. [2018-11-23 11:07:05,897 INFO L481 AbstractCegarLoop]: Interpolant automaton has 27 states. [2018-11-23 11:07:05,897 INFO L276 IsEmpty]: Start isEmpty. Operand 101 states and 126 transitions. [2018-11-23 11:07:05,897 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2018-11-23 11:07:05,898 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:07:05,898 INFO L402 BasicCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:07:05,898 INFO L423 AbstractCegarLoop]: === Iteration 7 === [__blast_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:07:05,898 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:07:05,898 INFO L82 PathProgramCache]: Analyzing trace with hash -1813832073, now seen corresponding path program 1 times [2018-11-23 11:07:05,899 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:07:05,899 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:07:05,923 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:07:06,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:07:06,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:07:06,097 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:07:06,121 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 14 [2018-11-23 11:07:06,152 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 1 [2018-11-23 11:07:06,154 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:06,157 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:06,167 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:06,168 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:18, output treesize:11 [2018-11-23 11:07:06,288 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:07:06,295 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:07:06,296 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:06,300 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:06,313 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:06,314 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:22, output treesize:18 [2018-11-23 11:07:06,368 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 5 [2018-11-23 11:07:06,373 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 1 [2018-11-23 11:07:06,375 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:06,376 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:06,390 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:06,391 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:21, output treesize:14 [2018-11-23 11:07:06,398 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:07:06,399 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_BEFORE_CALL_2|]. (and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (= (_ bv1 32) (select (select |v_#memory_int_BEFORE_CALL_2| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))) [2018-11-23 11:07:06,399 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|))) [2018-11-23 11:07:06,556 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:06,568 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:06,610 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:06,610 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:43, output treesize:44 [2018-11-23 11:07:20,693 WARN L180 SmtUtils]: Spent 2.04 s on a formula simplification that was a NOOP. DAG size: 25 [2018-11-23 11:07:20,786 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 33 [2018-11-23 11:07:20,809 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:07:20,810 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:20,861 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 27 [2018-11-23 11:07:20,887 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:07:20,888 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 23 [2018-11-23 11:07:20,890 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:20,914 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:20,927 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:20,951 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:20,951 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 3 variables, input treesize:44, output treesize:20 [2018-11-23 11:07:20,973 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:07:20,973 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_old(#memory_int)_AFTER_CALL_31|, |~#pp~0.base|, v_DerPreprocessor_8]. (and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |v_old(#memory_int)_AFTER_CALL_31| |~#pstate~0.base|) |~#pstate~0.offset|)) (= (let ((.cse0 (store |v_old(#memory_int)_AFTER_CALL_31| |~#pp~0.base| (store (select |v_old(#memory_int)_AFTER_CALL_31| |~#pp~0.base|) (_ bv4 32) v_DerPreprocessor_8)))) (store .cse0 |~#pstate~0.base| (store (select .cse0 |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32)) (_ bv1 32)))) |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|))) [2018-11-23 11:07:20,974 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| |~#pstate~0.base|))) (and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select .cse0 |~#pstate~0.offset|)) (= (select .cse0 (bvadd |~#pstate~0.offset| (_ bv4 32))) (_ bv1 32)))) [2018-11-23 11:07:21,068 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 20 [2018-11-23 11:07:21,078 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 5 [2018-11-23 11:07:21,079 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:21,082 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:21,084 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:21,084 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:26, output treesize:5 [2018-11-23 11:07:21,088 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:07:21,088 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, |~#pstate~0.base|]. (let ((.cse1 (select |#memory_int| |~#pstate~0.base|))) (let ((.cse0 (select .cse1 (_ bv0 32)))) (and (= (bvadd .cse0 (_ bv4294967295 32)) (_ bv0 32)) (= (bvadd (select .cse1 (_ bv4 32)) (_ bv4294967295 32)) (_ bv0 32)) (= .cse0 |g_#t~mem5|)))) [2018-11-23 11:07:21,088 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd |g_#t~mem5| (_ bv4294967295 32))) [2018-11-23 11:07:21,129 INFO L256 TraceCheckUtils]: 0: Hoare triple {3171#true} call ULTIMATE.init(); {3171#true} is VALID [2018-11-23 11:07:21,130 INFO L273 TraceCheckUtils]: 1: Hoare triple {3171#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];call ~#pp~0.base, ~#pp~0.offset := #Ultimate.alloc(8bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~#pp~0.offset, 4bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(4bv32, ~#pp~0.offset), 4bv32);call ~#pstate~0.base, ~#pstate~0.offset := #Ultimate.alloc(8bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~#pstate~0.offset, 4bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(4bv32, ~#pstate~0.offset), 4bv32);~counter~0 := 1bv32; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,130 INFO L273 TraceCheckUtils]: 2: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,131 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3171#true} #106#return; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,131 INFO L256 TraceCheckUtils]: 4: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call #t~ret9 := main(); {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,132 INFO L273 TraceCheckUtils]: 5: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} havoc ~a~0.base, ~a~0.offset;havoc ~b~0.base, ~b~0.offset; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,132 INFO L256 TraceCheckUtils]: 6: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call init(); {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,133 INFO L273 TraceCheckUtils]: 7: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} havoc ~i~0;~i~0 := 0bv32; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,134 INFO L273 TraceCheckUtils]: 8: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,152 INFO L273 TraceCheckUtils]: 9: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,168 INFO L273 TraceCheckUtils]: 10: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,177 INFO L273 TraceCheckUtils]: 11: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,186 INFO L273 TraceCheckUtils]: 12: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !~bvslt32(~i~0, 2bv32); {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,187 INFO L273 TraceCheckUtils]: 13: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,187 INFO L268 TraceCheckUtils]: 14: Hoare quadruple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #92#return; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,188 INFO L256 TraceCheckUtils]: 15: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call #t~ret7.base, #t~ret7.offset := malloc(4bv32); {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,188 INFO L273 TraceCheckUtils]: 16: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,189 INFO L273 TraceCheckUtils]: 17: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,190 INFO L268 TraceCheckUtils]: 18: Hoare quadruple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #94#return; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,190 INFO L273 TraceCheckUtils]: 19: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~a~0.base, ~a~0.offset := #t~ret7.base, #t~ret7.offset;havoc #t~ret7.base, #t~ret7.offset; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,191 INFO L256 TraceCheckUtils]: 20: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call #t~ret8.base, #t~ret8.offset := malloc(4bv32); {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,192 INFO L273 TraceCheckUtils]: 21: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,192 INFO L273 TraceCheckUtils]: 22: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,193 INFO L268 TraceCheckUtils]: 23: Hoare quadruple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #96#return; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,194 INFO L273 TraceCheckUtils]: 24: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~b~0.base, ~b~0.offset := #t~ret8.base, #t~ret8.offset;havoc #t~ret8.base, #t~ret8.offset; {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,195 INFO L273 TraceCheckUtils]: 25: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !((~a~0.base == 0bv32 && ~a~0.offset == 0bv32) || (~b~0.base == 0bv32 && ~b~0.offset == 0bv32)); {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,196 INFO L256 TraceCheckUtils]: 26: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call f(~a~0.base, ~a~0.offset); {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,197 INFO L273 TraceCheckUtils]: 27: Hoare triple {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {3258#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,198 INFO L273 TraceCheckUtils]: 28: Hoare triple {3258#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {3258#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,201 INFO L273 TraceCheckUtils]: 29: Hoare triple {3258#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume #t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32;havoc #t~mem2.base, #t~mem2.offset;call write~$Pointer$(~pointer.base, ~pointer.offset, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32);call write~intINTTYPE4(1bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {3265#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,202 INFO L273 TraceCheckUtils]: 30: Hoare triple {3265#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3265#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,203 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {3265#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3179#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #98#return; {3265#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,205 INFO L256 TraceCheckUtils]: 32: Hoare triple {3265#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call f(~b~0.base, ~b~0.offset); {3275#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,206 INFO L273 TraceCheckUtils]: 33: Hoare triple {3275#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {3279#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,207 INFO L273 TraceCheckUtils]: 34: Hoare triple {3279#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {3279#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,208 INFO L273 TraceCheckUtils]: 35: Hoare triple {3279#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !(#t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32);havoc #t~mem2.base, #t~mem2.offset; {3279#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,209 INFO L273 TraceCheckUtils]: 36: Hoare triple {3279#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #t~post1 := ~i~1;~i~1 := ~bvadd32(1bv32, #t~post1);havoc #t~post1; {3289#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd f_~i~1 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,210 INFO L273 TraceCheckUtils]: 37: Hoare triple {3289#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd f_~i~1 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {3289#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd f_~i~1 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,214 INFO L273 TraceCheckUtils]: 38: Hoare triple {3289#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv0 32) |~#pp~0.offset|) (= (bvadd f_~i~1 (_ bv4294967295 32)) (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume #t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32;havoc #t~mem2.base, #t~mem2.offset;call write~$Pointer$(~pointer.base, ~pointer.offset, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32);call write~intINTTYPE4(1bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {3296#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (exists ((v_DerPreprocessor_8 (_ BitVec 32))) (= (store (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd |~#pp~0.offset| (_ bv4 32)) v_DerPreprocessor_8)) |~#pstate~0.base| (store (select (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd |~#pp~0.offset| (_ bv4 32)) v_DerPreprocessor_8)) |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32)) (_ bv1 32))) |#memory_int|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,215 INFO L273 TraceCheckUtils]: 39: Hoare triple {3296#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (exists ((v_DerPreprocessor_8 (_ BitVec 32))) (= (store (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd |~#pp~0.offset| (_ bv4 32)) v_DerPreprocessor_8)) |~#pstate~0.base| (store (select (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd |~#pp~0.offset| (_ bv4 32)) v_DerPreprocessor_8)) |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32)) (_ bv1 32))) |#memory_int|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3296#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (exists ((v_DerPreprocessor_8 (_ BitVec 32))) (= (store (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd |~#pp~0.offset| (_ bv4 32)) v_DerPreprocessor_8)) |~#pstate~0.base| (store (select (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd |~#pp~0.offset| (_ bv4 32)) v_DerPreprocessor_8)) |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32)) (_ bv1 32))) |#memory_int|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:21,224 INFO L268 TraceCheckUtils]: 40: Hoare quadruple {3296#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (exists ((v_DerPreprocessor_8 (_ BitVec 32))) (= (store (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd |~#pp~0.offset| (_ bv4 32)) v_DerPreprocessor_8)) |~#pstate~0.base| (store (select (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd |~#pp~0.offset| (_ bv4 32)) v_DerPreprocessor_8)) |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32)) (_ bv1 32))) |#memory_int|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3265#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv0 32) |~#pp~0.offset|) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #100#return; {3303#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (bvadd (select (select |#memory_int| |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32))) (_ bv4294967295 32)) (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:07:21,225 INFO L256 TraceCheckUtils]: 41: Hoare triple {3303#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (bvadd (select (select |#memory_int| |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32))) (_ bv4294967295 32)) (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} call g(~a~0.base, ~a~0.offset); {3303#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (bvadd (select (select |#memory_int| |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32))) (_ bv4294967295 32)) (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:07:21,227 INFO L273 TraceCheckUtils]: 42: Hoare triple {3303#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (bvadd (select (select |#memory_int| |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32))) (_ bv4294967295 32)) (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~2;~i~2 := 0bv32; {3310#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (bvadd (select (select |#memory_int| |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32))) (_ bv4294967295 32)) (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:07:21,228 INFO L273 TraceCheckUtils]: 43: Hoare triple {3310#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (bvadd (select (select |#memory_int| |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32))) (_ bv4294967295 32)) (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {3310#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (bvadd (select (select |#memory_int| |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32))) (_ bv4294967295 32)) (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:07:21,228 INFO L273 TraceCheckUtils]: 44: Hoare triple {3310#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (bvadd (select (select |#memory_int| |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32))) (_ bv4294967295 32)) (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} assume #t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset;havoc #t~mem4.base, #t~mem4.offset;call #t~mem5 := read~intINTTYPE4(~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {3317#(= (_ bv1 32) |g_#t~mem5|)} is VALID [2018-11-23 11:07:21,229 INFO L273 TraceCheckUtils]: 45: Hoare triple {3317#(= (_ bv1 32) |g_#t~mem5|)} assume !(1bv32 == #t~mem5); {3172#false} is VALID [2018-11-23 11:07:21,229 INFO L256 TraceCheckUtils]: 46: Hoare triple {3172#false} call __blast_assert(); {3172#false} is VALID [2018-11-23 11:07:21,230 INFO L273 TraceCheckUtils]: 47: Hoare triple {3172#false} assume !false; {3172#false} is VALID [2018-11-23 11:07:21,237 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 3 proven. 6 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2018-11-23 11:07:21,238 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:07:21,618 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:21,626 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:21,632 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:21,632 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:35, output treesize:22 [2018-11-23 11:07:21,644 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:07:21,644 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_60|]. (or (not (= (store |#memory_int| |~#pp~0.base| (let ((.cse0 (bvadd |~#pp~0.offset| (_ bv4 32)))) (store (select |#memory_int| |~#pp~0.base|) .cse0 (select (select |v_#memory_int_60| |~#pp~0.base|) .cse0)))) |v_#memory_int_60|)) (= (bvadd (select (store (select |v_#memory_int_60| |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32)) (_ bv1 32)) |~#pstate~0.offset|) (_ bv4294967295 32)) (_ bv0 32))) [2018-11-23 11:07:21,644 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_10]. (= (_ bv1 32) (select (store (select (store |#memory_int| |~#pp~0.base| (store (select |#memory_int| |~#pp~0.base|) (bvadd |~#pp~0.offset| (_ bv4 32)) v_DerPreprocessor_10)) |~#pstate~0.base|) (bvadd |~#pstate~0.offset| (_ bv4 32)) (_ bv1 32)) |~#pstate~0.offset|)) [2018-11-23 11:07:21,709 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-11-23 11:07:21,709 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FPBP No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 9 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 9 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-11-23 11:07:21,718 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:07:21,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:07:21,798 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:07:21,800 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:07:21,819 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 14 [2018-11-23 11:07:21,849 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 1 [2018-11-23 11:07:21,850 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:21,853 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:21,861 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:21,861 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:15, output treesize:8 [2018-11-23 11:07:21,982 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:07:21,988 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:07:21,990 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:21,994 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:22,009 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:22,010 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:19, output treesize:15 [2018-11-23 11:07:22,078 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 5 [2018-11-23 11:07:22,085 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 1 [2018-11-23 11:07:22,085 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:22,087 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:22,098 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:22,098 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:18, output treesize:11 [2018-11-23 11:07:22,102 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:07:22,102 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_BEFORE_CALL_7|]. (and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (= (_ bv1 32) (select (select |v_#memory_int_BEFORE_CALL_7| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|))) [2018-11-23 11:07:22,103 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|))) [2018-11-23 11:07:22,237 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:22,257 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:22,315 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:22,315 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:46, output treesize:47 [2018-11-23 11:07:24,322 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:07:24,323 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_65|, f_~i~1]. (let ((.cse0 (bvmul (_ bv4 32) f_~i~1))) (and (= |~#pstate~0.offset| (_ bv0 32)) (= (store |v_#memory_int_65| |~#pstate~0.base| (store (select |v_#memory_int_65| |~#pstate~0.base|) (bvadd .cse0 |~#pstate~0.offset|) (_ bv1 32))) |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)) (= (store |old(#memory_int)| |~#pp~0.base| (let ((.cse1 (bvadd .cse0 |~#pp~0.offset|))) (store (select |old(#memory_int)| |~#pp~0.base|) .cse1 (select (select |v_#memory_int_65| |~#pp~0.base|) .cse1)))) |v_#memory_int_65|))) [2018-11-23 11:07:24,323 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [f_~i~1, v_DerPreprocessor_12]. (and (= |~#pstate~0.offset| (_ bv0 32)) (= (let ((.cse1 (bvmul (_ bv4 32) f_~i~1))) (let ((.cse0 (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd .cse1 |~#pp~0.offset|) v_DerPreprocessor_12)))) (store .cse0 |~#pstate~0.base| (store (select .cse0 |~#pstate~0.base|) (bvadd .cse1 |~#pstate~0.offset|) (_ bv1 32))))) |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|))) [2018-11-23 11:07:50,554 WARN L180 SmtUtils]: Spent 2.05 s on a formula simplification that was a NOOP. DAG size: 26 [2018-11-23 11:07:50,630 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 47 treesize of output 39 [2018-11-23 11:07:50,647 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 11 [2018-11-23 11:07:50,651 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:50,705 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 34 treesize of output 33 [2018-11-23 11:07:50,721 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 18 treesize of output 19 [2018-11-23 11:07:50,724 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:50,746 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:50,772 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:50,806 INFO L267 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 1 dim-2 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:50,806 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 5 variables, input treesize:54, output treesize:22 [2018-11-23 11:07:50,869 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:07:50,869 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_BEFORE_CALL_8|, |~#pp~0.base|, f_~i~1, |~#pp~0.offset|, v_DerPreprocessor_12]. (and (= |~#pstate~0.offset| (_ bv0 32)) (= |#memory_int| (let ((.cse1 (bvmul (_ bv4 32) f_~i~1))) (let ((.cse0 (store |v_#memory_int_BEFORE_CALL_8| |~#pp~0.base| (store (select |v_#memory_int_BEFORE_CALL_8| |~#pp~0.base|) (bvadd .cse1 |~#pp~0.offset|) v_DerPreprocessor_12)))) (store .cse0 |~#pstate~0.base| (store (select .cse0 |~#pstate~0.base|) (bvadd .cse1 |~#pstate~0.offset|) (_ bv1 32)))))) (= (select (select |v_#memory_int_BEFORE_CALL_8| |~#pstate~0.base|) |~#pstate~0.offset|) (_ bv1 32)) (not (= |~#pstate~0.base| |~#pp~0.base|))) [2018-11-23 11:07:50,870 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [f_~i~1]. (let ((.cse0 (select |#memory_int| |~#pstate~0.base|))) (and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select .cse0 (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pstate~0.offset|))) (= (_ bv1 32) (select .cse0 |~#pstate~0.offset|)))) [2018-11-23 11:07:51,084 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-23 11:07:51,149 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-23 11:07:51,172 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:07:51,210 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:51,227 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:07:51,228 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-23 11:07:51,230 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:07:51,230 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, |~#pstate~0.base|]. (let ((.cse0 (select (select |#memory_int| |~#pstate~0.base|) (_ bv0 32)))) (and (= (bvadd .cse0 (_ bv4294967295 32)) (_ bv0 32)) (= .cse0 |g_#t~mem5|))) [2018-11-23 11:07:51,230 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd |g_#t~mem5| (_ bv4294967295 32))) [2018-11-23 11:07:51,231 INFO L256 TraceCheckUtils]: 0: Hoare triple {3171#true} call ULTIMATE.init(); {3171#true} is VALID [2018-11-23 11:07:51,232 INFO L273 TraceCheckUtils]: 1: Hoare triple {3171#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];call ~#pp~0.base, ~#pp~0.offset := #Ultimate.alloc(8bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~#pp~0.offset, 4bv32);call write~init~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(4bv32, ~#pp~0.offset), 4bv32);call ~#pstate~0.base, ~#pstate~0.offset := #Ultimate.alloc(8bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~#pstate~0.offset, 4bv32);call write~init~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(4bv32, ~#pstate~0.offset), 4bv32);~counter~0 := 1bv32; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,233 INFO L273 TraceCheckUtils]: 2: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,233 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3171#true} #106#return; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,234 INFO L256 TraceCheckUtils]: 4: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call #t~ret9 := main(); {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,234 INFO L273 TraceCheckUtils]: 5: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} havoc ~a~0.base, ~a~0.offset;havoc ~b~0.base, ~b~0.offset; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,235 INFO L256 TraceCheckUtils]: 6: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call init(); {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,235 INFO L273 TraceCheckUtils]: 7: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} havoc ~i~0;~i~0 := 0bv32; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,236 INFO L273 TraceCheckUtils]: 8: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,236 INFO L273 TraceCheckUtils]: 9: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,238 INFO L273 TraceCheckUtils]: 10: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~0, 2bv32);call write~$Pointer$(0bv32, 0bv32, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32);call write~intINTTYPE4(0bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~0)), 4bv32); {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,238 INFO L273 TraceCheckUtils]: 11: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #t~post0 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post0);havoc #t~post0; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,239 INFO L273 TraceCheckUtils]: 12: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !~bvslt32(~i~0, 2bv32); {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,240 INFO L273 TraceCheckUtils]: 13: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,241 INFO L268 TraceCheckUtils]: 14: Hoare quadruple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #92#return; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,241 INFO L256 TraceCheckUtils]: 15: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call #t~ret7.base, #t~ret7.offset := malloc(4bv32); {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,242 INFO L273 TraceCheckUtils]: 16: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,243 INFO L273 TraceCheckUtils]: 17: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,244 INFO L268 TraceCheckUtils]: 18: Hoare quadruple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #94#return; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,245 INFO L273 TraceCheckUtils]: 19: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~a~0.base, ~a~0.offset := #t~ret7.base, #t~ret7.offset;havoc #t~ret7.base, #t~ret7.offset; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,246 INFO L256 TraceCheckUtils]: 20: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call #t~ret8.base, #t~ret8.offset := malloc(4bv32); {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,246 INFO L273 TraceCheckUtils]: 21: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~size := #in~size;#t~post6 := ~counter~0;~counter~0 := ~bvadd32(1bv32, #t~post6);#res.base, #res.offset := 0bv32, #t~post6;havoc #t~post6; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,247 INFO L273 TraceCheckUtils]: 22: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,248 INFO L268 TraceCheckUtils]: 23: Hoare quadruple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #96#return; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,249 INFO L273 TraceCheckUtils]: 24: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~b~0.base, ~b~0.offset := #t~ret8.base, #t~ret8.offset;havoc #t~ret8.base, #t~ret8.offset; {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,249 INFO L273 TraceCheckUtils]: 25: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !((~a~0.base == 0bv32 && ~a~0.offset == 0bv32) || (~b~0.base == 0bv32 && ~b~0.offset == 0bv32)); {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,250 INFO L256 TraceCheckUtils]: 26: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call f(~a~0.base, ~a~0.offset); {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,251 INFO L273 TraceCheckUtils]: 27: Hoare triple {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {3436#(and (= |~#pstate~0.offset| (_ bv0 32)) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,252 INFO L273 TraceCheckUtils]: 28: Hoare triple {3436#(and (= |~#pstate~0.offset| (_ bv0 32)) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {3436#(and (= |~#pstate~0.offset| (_ bv0 32)) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,255 INFO L273 TraceCheckUtils]: 29: Hoare triple {3436#(and (= |~#pstate~0.offset| (_ bv0 32)) (= f_~i~1 (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume #t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32;havoc #t~mem2.base, #t~mem2.offset;call write~$Pointer$(~pointer.base, ~pointer.offset, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32);call write~intINTTYPE4(1bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {3443#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,256 INFO L273 TraceCheckUtils]: 30: Hoare triple {3443#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3443#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,257 INFO L268 TraceCheckUtils]: 31: Hoare quadruple {3443#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3357#(and (= |~#pstate~0.offset| (_ bv0 32)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #98#return; {3443#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,258 INFO L256 TraceCheckUtils]: 32: Hoare triple {3443#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} call f(~b~0.base, ~b~0.offset); {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,259 INFO L273 TraceCheckUtils]: 33: Hoare triple {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~1;~i~1 := 0bv32; {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,259 INFO L273 TraceCheckUtils]: 34: Hoare triple {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,260 INFO L273 TraceCheckUtils]: 35: Hoare triple {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !(#t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32);havoc #t~mem2.base, #t~mem2.offset; {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,261 INFO L273 TraceCheckUtils]: 36: Hoare triple {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #t~post1 := ~i~1;~i~1 := ~bvadd32(1bv32, #t~post1);havoc #t~post1; {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,262 INFO L273 TraceCheckUtils]: 37: Hoare triple {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume !!~bvslt32(~i~1, 2bv32);call #t~mem2.base, #t~mem2.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,266 INFO L273 TraceCheckUtils]: 38: Hoare triple {3453#(and (= |~#pstate~0.offset| (_ bv0 32)) (= |old(#memory_int)| |#memory_int|) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume #t~mem2.base == 0bv32 && #t~mem2.offset == 0bv32;havoc #t~mem2.base, #t~mem2.offset;call write~$Pointer$(~pointer.base, ~pointer.offset, ~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32);call write~intINTTYPE4(1bv32, ~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~1)), 4bv32); {3472#(and (= |~#pstate~0.offset| (_ bv0 32)) (exists ((f_~i~1 (_ BitVec 32)) (v_DerPreprocessor_12 (_ BitVec 32))) (= (store (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pp~0.offset|) v_DerPreprocessor_12)) |~#pstate~0.base| (store (select (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pp~0.offset|) v_DerPreprocessor_12)) |~#pstate~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pstate~0.offset|) (_ bv1 32))) |#memory_int|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,267 INFO L273 TraceCheckUtils]: 39: Hoare triple {3472#(and (= |~#pstate~0.offset| (_ bv0 32)) (exists ((f_~i~1 (_ BitVec 32)) (v_DerPreprocessor_12 (_ BitVec 32))) (= (store (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pp~0.offset|) v_DerPreprocessor_12)) |~#pstate~0.base| (store (select (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pp~0.offset|) v_DerPreprocessor_12)) |~#pstate~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pstate~0.offset|) (_ bv1 32))) |#memory_int|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} assume true; {3472#(and (= |~#pstate~0.offset| (_ bv0 32)) (exists ((f_~i~1 (_ BitVec 32)) (v_DerPreprocessor_12 (_ BitVec 32))) (= (store (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pp~0.offset|) v_DerPreprocessor_12)) |~#pstate~0.base| (store (select (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pp~0.offset|) v_DerPreprocessor_12)) |~#pstate~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pstate~0.offset|) (_ bv1 32))) |#memory_int|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} is VALID [2018-11-23 11:07:51,271 INFO L268 TraceCheckUtils]: 40: Hoare quadruple {3472#(and (= |~#pstate~0.offset| (_ bv0 32)) (exists ((f_~i~1 (_ BitVec 32)) (v_DerPreprocessor_12 (_ BitVec 32))) (= (store (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pp~0.offset|) v_DerPreprocessor_12)) |~#pstate~0.base| (store (select (store |old(#memory_int)| |~#pp~0.base| (store (select |old(#memory_int)| |~#pp~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pp~0.offset|) v_DerPreprocessor_12)) |~#pstate~0.base|) (bvadd (bvmul (_ bv4 32) f_~i~1) |~#pstate~0.offset|) (_ bv1 32))) |#memory_int|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} {3443#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)) (not (= |~#pstate~0.base| |~#pp~0.base|)))} #100#return; {3479#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:07:51,272 INFO L256 TraceCheckUtils]: 41: Hoare triple {3479#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} call g(~a~0.base, ~a~0.offset); {3479#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:07:51,273 INFO L273 TraceCheckUtils]: 42: Hoare triple {3479#(and (= |~#pstate~0.offset| (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} ~pointer.base, ~pointer.offset := #in~pointer.base, #in~pointer.offset;havoc ~i~2;~i~2 := 0bv32; {3486#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:07:51,273 INFO L273 TraceCheckUtils]: 43: Hoare triple {3486#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} assume !!~bvslt32(~i~2, 2bv32);call #t~mem4.base, #t~mem4.offset := read~$Pointer$(~#pp~0.base, ~bvadd32(~#pp~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {3486#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} is VALID [2018-11-23 11:07:51,274 INFO L273 TraceCheckUtils]: 44: Hoare triple {3486#(and (= |~#pstate~0.offset| (_ bv0 32)) (= g_~i~2 (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| |~#pstate~0.base|) |~#pstate~0.offset|)))} assume #t~mem4.base == ~pointer.base && #t~mem4.offset == ~pointer.offset;havoc #t~mem4.base, #t~mem4.offset;call #t~mem5 := read~intINTTYPE4(~#pstate~0.base, ~bvadd32(~#pstate~0.offset, ~bvmul32(4bv32, ~i~2)), 4bv32); {3317#(= (_ bv1 32) |g_#t~mem5|)} is VALID [2018-11-23 11:07:51,274 INFO L273 TraceCheckUtils]: 45: Hoare triple {3317#(= (_ bv1 32) |g_#t~mem5|)} assume !(1bv32 == #t~mem5); {3172#false} is VALID [2018-11-23 11:07:51,275 INFO L256 TraceCheckUtils]: 46: Hoare triple {3172#false} call __blast_assert(); {3172#false} is VALID [2018-11-23 11:07:51,275 INFO L273 TraceCheckUtils]: 47: Hoare triple {3172#false} assume !false; {3172#false} is VALID [2018-11-23 11:07:51,280 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 1 proven. 6 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2018-11-23 11:07:51,280 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:07:53,557 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:53,575 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:53,582 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 3 dim-0 vars, and 1 xjuncts. [2018-11-23 11:07:53,583 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:39, output treesize:28 [2018-11-23 11:07:53,599 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:07:53,599 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_74|, |~#pp~0.offset|, v_f_~i~1_30]. (let ((.cse1 (bvmul (_ bv4 32) v_f_~i~1_30))) (or (not (= (store |#memory_int| |~#pp~0.base| (let ((.cse0 (bvadd |~#pp~0.offset| .cse1))) (store (select |#memory_int| |~#pp~0.base|) .cse0 (select (select |v_#memory_int_74| |~#pp~0.base|) .cse0)))) |v_#memory_int_74|)) (= (_ bv1 32) (select (store (select |v_#memory_int_74| |~#pstate~0.base|) (bvadd |~#pstate~0.offset| .cse1) (_ bv1 32)) |~#pstate~0.offset|)))) [2018-11-23 11:07:53,599 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [|~#pp~0.offset|, v_f_~i~1_30, v_DerPreprocessor_14]. (= (bvadd (select (let ((.cse0 (bvmul (_ bv4 32) v_f_~i~1_30))) (store (select (store |#memory_int| |~#pp~0.base| (store (select |#memory_int| |~#pp~0.base|) (bvadd |~#pp~0.offset| .cse0) v_DerPreprocessor_14)) |~#pstate~0.base|) (bvadd |~#pstate~0.offset| .cse0) (_ bv1 32))) |~#pstate~0.offset|) (_ bv4294967295 32)) (_ bv0 32)) [2018-11-23 11:07:55,917 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:07:55,917 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 10] total 19 [2018-11-23 11:07:55,918 INFO L78 Accepts]: Start accepts. Automaton has 19 states. Word has length 48 [2018-11-23 11:07:55,918 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:07:55,918 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 19 states. [2018-11-23 11:07:58,140 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 83 edges. 82 inductive. 0 not inductive. 1 times theorem prover too weak to decide inductivity. [2018-11-23 11:07:58,140 INFO L459 AbstractCegarLoop]: Interpolant automaton has 19 states [2018-11-23 11:07:58,141 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 19 interpolants. [2018-11-23 11:07:58,141 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=90, Invalid=398, Unknown=18, NotChecked=0, Total=506 [2018-11-23 11:07:58,141 INFO L87 Difference]: Start difference. First operand 101 states and 126 transitions. Second operand 19 states.