java -ea -Xmx8000000000 -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc ../../../trunk/examples/toolchains/AutomizerCInline_WitnessPrinter.xml -s ../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf -i ../../../trunk/examples/svcomp/list-ext-properties/list-ext_flag_false-unreach-call_false-valid-deref.i -------------------------------------------------------------------------------- This is Ultimate 0.1.23-61f4311 [2018-11-23 11:09:59,310 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-11-23 11:09:59,312 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-11-23 11:09:59,332 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-11-23 11:09:59,332 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-11-23 11:09:59,333 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-11-23 11:09:59,335 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-11-23 11:09:59,338 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-11-23 11:09:59,340 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-11-23 11:09:59,341 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-11-23 11:09:59,342 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-11-23 11:09:59,343 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-11-23 11:09:59,344 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2018-11-23 11:09:59,345 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-11-23 11:09:59,346 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2018-11-23 11:09:59,347 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-11-23 11:09:59,348 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-11-23 11:09:59,350 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-11-23 11:09:59,352 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-11-23 11:09:59,354 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-11-23 11:09:59,355 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-11-23 11:09:59,356 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-11-23 11:09:59,359 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-11-23 11:09:59,359 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-11-23 11:09:59,360 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2018-11-23 11:09:59,363 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-11-23 11:09:59,364 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-11-23 11:09:59,365 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2018-11-23 11:09:59,369 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-11-23 11:09:59,373 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-11-23 11:09:59,373 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-11-23 11:09:59,374 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-11-23 11:09:59,374 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2018-11-23 11:09:59,374 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2018-11-23 11:09:59,375 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-11-23 11:09:59,379 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-11-23 11:09:59,379 INFO L98 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf [2018-11-23 11:09:59,411 INFO L110 SettingsManager]: Loading preferences was successful [2018-11-23 11:09:59,411 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-11-23 11:09:59,413 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-11-23 11:09:59,413 INFO L133 SettingsManager]: * ... calls to implemented procedures=ONLY_FOR_CONCURRENT_PROGRAMS [2018-11-23 11:09:59,413 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2018-11-23 11:09:59,414 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2018-11-23 11:09:59,415 INFO L133 SettingsManager]: * Use SBE=true [2018-11-23 11:09:59,415 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-11-23 11:09:59,415 INFO L133 SettingsManager]: * sizeof long=4 [2018-11-23 11:09:59,415 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-11-23 11:09:59,415 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-11-23 11:09:59,416 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2018-11-23 11:09:59,416 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-11-23 11:09:59,416 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2018-11-23 11:09:59,416 INFO L133 SettingsManager]: * Use bitvectors instead of ints=true [2018-11-23 11:09:59,416 INFO L133 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2018-11-23 11:09:59,418 INFO L133 SettingsManager]: * sizeof long double=12 [2018-11-23 11:09:59,418 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2018-11-23 11:09:59,418 INFO L133 SettingsManager]: * Use constant arrays=true [2018-11-23 11:09:59,418 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2018-11-23 11:09:59,419 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-11-23 11:09:59,419 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-11-23 11:09:59,419 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-11-23 11:09:59,419 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-11-23 11:09:59,419 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:09:59,420 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-11-23 11:09:59,420 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-11-23 11:09:59,420 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-11-23 11:09:59,421 INFO L133 SettingsManager]: * Trace refinement strategy=WOLF [2018-11-23 11:09:59,421 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-11-23 11:09:59,421 INFO L133 SettingsManager]: * Command for external solver=cvc4nyu --tear-down-incremental --rewrite-divk --print-success --lang smt [2018-11-23 11:09:59,421 INFO L133 SettingsManager]: * Logic for external solver=AUFBV [2018-11-23 11:09:59,421 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2018-11-23 11:09:59,491 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-11-23 11:09:59,508 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2018-11-23 11:09:59,513 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2018-11-23 11:09:59,514 INFO L271 PluginConnector]: Initializing CDTParser... [2018-11-23 11:09:59,515 INFO L276 PluginConnector]: CDTParser initialized [2018-11-23 11:09:59,516 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/list-ext-properties/list-ext_flag_false-unreach-call_false-valid-deref.i [2018-11-23 11:09:59,586 INFO L221 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/91f2ec9d4/885faf2621f54defb08de9ab34162cbf/FLAG65855d5dc [2018-11-23 11:10:00,182 INFO L307 CDTParser]: Found 1 translation units. [2018-11-23 11:10:00,183 INFO L161 CDTParser]: Scanning /storage/repos/ultimate/trunk/examples/svcomp/list-ext-properties/list-ext_flag_false-unreach-call_false-valid-deref.i [2018-11-23 11:10:00,196 INFO L355 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/91f2ec9d4/885faf2621f54defb08de9ab34162cbf/FLAG65855d5dc [2018-11-23 11:10:00,449 INFO L363 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/91f2ec9d4/885faf2621f54defb08de9ab34162cbf [2018-11-23 11:10:00,460 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-11-23 11:10:00,462 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2018-11-23 11:10:00,463 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-11-23 11:10:00,463 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-11-23 11:10:00,467 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-11-23 11:10:00,468 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:10:00" (1/1) ... [2018-11-23 11:10:00,471 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@78b6fda1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:00, skipping insertion in model container [2018-11-23 11:10:00,471 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:10:00" (1/1) ... [2018-11-23 11:10:00,479 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2018-11-23 11:10:00,539 INFO L176 MainTranslator]: Built tables and reachable declarations [2018-11-23 11:10:01,012 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:10:01,033 INFO L191 MainTranslator]: Completed pre-run [2018-11-23 11:10:01,129 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:10:01,294 INFO L195 MainTranslator]: Completed translation [2018-11-23 11:10:01,295 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01 WrapperNode [2018-11-23 11:10:01,295 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-11-23 11:10:01,296 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2018-11-23 11:10:01,296 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2018-11-23 11:10:01,296 INFO L276 PluginConnector]: Boogie Procedure Inliner initialized [2018-11-23 11:10:01,306 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01" (1/1) ... [2018-11-23 11:10:01,336 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01" (1/1) ... [2018-11-23 11:10:01,350 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2018-11-23 11:10:01,350 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-11-23 11:10:01,350 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-11-23 11:10:01,351 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-11-23 11:10:01,363 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01" (1/1) ... [2018-11-23 11:10:01,363 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01" (1/1) ... [2018-11-23 11:10:01,375 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01" (1/1) ... [2018-11-23 11:10:01,375 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01" (1/1) ... [2018-11-23 11:10:01,416 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01" (1/1) ... [2018-11-23 11:10:01,428 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01" (1/1) ... [2018-11-23 11:10:01,430 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01" (1/1) ... [2018-11-23 11:10:01,434 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-11-23 11:10:01,435 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-11-23 11:10:01,435 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-11-23 11:10:01,435 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-11-23 11:10:01,436 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:10:01,503 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-11-23 11:10:01,504 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE4 [2018-11-23 11:10:01,504 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2018-11-23 11:10:01,504 INFO L138 BoogieDeclarations]: Found implementation of procedure exit [2018-11-23 11:10:01,504 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-11-23 11:10:01,504 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-11-23 11:10:01,504 INFO L130 BoogieDeclarations]: Found specification of procedure main [2018-11-23 11:10:01,505 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2018-11-23 11:10:01,505 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2018-11-23 11:10:01,505 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2018-11-23 11:10:01,505 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2018-11-23 11:10:01,505 INFO L130 BoogieDeclarations]: Found specification of procedure write~intINTTYPE4 [2018-11-23 11:10:01,506 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-11-23 11:10:01,506 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-11-23 11:10:02,485 INFO L275 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-11-23 11:10:02,486 INFO L280 CfgBuilder]: Removed 3 assue(true) statements. [2018-11-23 11:10:02,487 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:10:02 BoogieIcfgContainer [2018-11-23 11:10:02,487 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-11-23 11:10:02,488 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2018-11-23 11:10:02,488 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2018-11-23 11:10:02,491 INFO L276 PluginConnector]: TraceAbstraction initialized [2018-11-23 11:10:02,492 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 23.11 11:10:00" (1/3) ... [2018-11-23 11:10:02,493 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@28efbf3f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:10:02, skipping insertion in model container [2018-11-23 11:10:02,493 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:01" (2/3) ... [2018-11-23 11:10:02,494 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@28efbf3f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:10:02, skipping insertion in model container [2018-11-23 11:10:02,494 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:10:02" (3/3) ... [2018-11-23 11:10:02,496 INFO L112 eAbstractionObserver]: Analyzing ICFG list-ext_flag_false-unreach-call_false-valid-deref.i [2018-11-23 11:10:02,507 INFO L156 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2018-11-23 11:10:02,515 INFO L168 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2018-11-23 11:10:02,534 INFO L257 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2018-11-23 11:10:02,566 INFO L133 ementStrategyFactory]: Using default assertion order modulation [2018-11-23 11:10:02,567 INFO L382 AbstractCegarLoop]: Interprodecural is true [2018-11-23 11:10:02,567 INFO L383 AbstractCegarLoop]: Hoare is true [2018-11-23 11:10:02,567 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2018-11-23 11:10:02,567 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2018-11-23 11:10:02,568 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2018-11-23 11:10:02,568 INFO L387 AbstractCegarLoop]: Difference is false [2018-11-23 11:10:02,568 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2018-11-23 11:10:02,568 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2018-11-23 11:10:02,586 INFO L276 IsEmpty]: Start isEmpty. Operand 35 states. [2018-11-23 11:10:02,593 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 15 [2018-11-23 11:10:02,593 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:02,594 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:02,597 INFO L423 AbstractCegarLoop]: === Iteration 1 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:02,603 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:02,603 INFO L82 PathProgramCache]: Analyzing trace with hash -1392986161, now seen corresponding path program 1 times [2018-11-23 11:10:02,608 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:02,609 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:02,637 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:02,690 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:02,707 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:02,712 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:02,759 INFO L256 TraceCheckUtils]: 0: Hoare triple {38#true} call ULTIMATE.init(); {38#true} is VALID [2018-11-23 11:10:02,763 INFO L273 TraceCheckUtils]: 1: Hoare triple {38#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {38#true} is VALID [2018-11-23 11:10:02,763 INFO L273 TraceCheckUtils]: 2: Hoare triple {38#true} assume true; {38#true} is VALID [2018-11-23 11:10:02,764 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {38#true} {38#true} #101#return; {38#true} is VALID [2018-11-23 11:10:02,764 INFO L256 TraceCheckUtils]: 4: Hoare triple {38#true} call #t~ret16 := main(); {38#true} is VALID [2018-11-23 11:10:02,764 INFO L273 TraceCheckUtils]: 5: Hoare triple {38#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {38#true} is VALID [2018-11-23 11:10:02,765 INFO L273 TraceCheckUtils]: 6: Hoare triple {38#true} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {38#true} is VALID [2018-11-23 11:10:02,765 INFO L273 TraceCheckUtils]: 7: Hoare triple {38#true} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {38#true} is VALID [2018-11-23 11:10:02,765 INFO L273 TraceCheckUtils]: 8: Hoare triple {38#true} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {38#true} is VALID [2018-11-23 11:10:02,766 INFO L273 TraceCheckUtils]: 9: Hoare triple {38#true} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {38#true} is VALID [2018-11-23 11:10:02,767 INFO L273 TraceCheckUtils]: 10: Hoare triple {38#true} assume !true; {39#false} is VALID [2018-11-23 11:10:02,767 INFO L273 TraceCheckUtils]: 11: Hoare triple {39#false} call #t~mem13 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {39#false} is VALID [2018-11-23 11:10:02,767 INFO L273 TraceCheckUtils]: 12: Hoare triple {39#false} assume 3bv32 != #t~mem13 || ~bvsgt32(~i~0, 20bv32);havoc #t~mem13; {39#false} is VALID [2018-11-23 11:10:02,768 INFO L273 TraceCheckUtils]: 13: Hoare triple {39#false} assume !false; {39#false} is VALID [2018-11-23 11:10:02,772 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:02,773 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:10:02,777 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:10:02,778 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2018-11-23 11:10:02,782 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 14 [2018-11-23 11:10:02,785 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:02,788 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states. [2018-11-23 11:10:02,882 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 14 edges. 14 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:02,883 INFO L459 AbstractCegarLoop]: Interpolant automaton has 2 states [2018-11-23 11:10:02,891 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2018-11-23 11:10:02,891 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:10:02,893 INFO L87 Difference]: Start difference. First operand 35 states. Second operand 2 states. [2018-11-23 11:10:03,125 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:03,126 INFO L93 Difference]: Finished difference Result 53 states and 72 transitions. [2018-11-23 11:10:03,126 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2018-11-23 11:10:03,126 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 14 [2018-11-23 11:10:03,127 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:03,129 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:10:03,147 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 72 transitions. [2018-11-23 11:10:03,147 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:10:03,152 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 72 transitions. [2018-11-23 11:10:03,153 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 72 transitions. [2018-11-23 11:10:03,583 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 72 edges. 72 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:03,595 INFO L225 Difference]: With dead ends: 53 [2018-11-23 11:10:03,598 INFO L226 Difference]: Without dead ends: 24 [2018-11-23 11:10:03,601 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:10:03,619 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 24 states. [2018-11-23 11:10:03,637 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 24 to 24. [2018-11-23 11:10:03,637 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:03,638 INFO L82 GeneralOperation]: Start isEquivalent. First operand 24 states. Second operand 24 states. [2018-11-23 11:10:03,638 INFO L74 IsIncluded]: Start isIncluded. First operand 24 states. Second operand 24 states. [2018-11-23 11:10:03,639 INFO L87 Difference]: Start difference. First operand 24 states. Second operand 24 states. [2018-11-23 11:10:03,643 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:03,643 INFO L93 Difference]: Finished difference Result 24 states and 29 transitions. [2018-11-23 11:10:03,644 INFO L276 IsEmpty]: Start isEmpty. Operand 24 states and 29 transitions. [2018-11-23 11:10:03,646 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:03,646 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:03,646 INFO L74 IsIncluded]: Start isIncluded. First operand 24 states. Second operand 24 states. [2018-11-23 11:10:03,646 INFO L87 Difference]: Start difference. First operand 24 states. Second operand 24 states. [2018-11-23 11:10:03,652 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:03,653 INFO L93 Difference]: Finished difference Result 24 states and 29 transitions. [2018-11-23 11:10:03,653 INFO L276 IsEmpty]: Start isEmpty. Operand 24 states and 29 transitions. [2018-11-23 11:10:03,654 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:03,654 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:03,654 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:03,654 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:03,654 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 24 states. [2018-11-23 11:10:03,657 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 24 states to 24 states and 29 transitions. [2018-11-23 11:10:03,659 INFO L78 Accepts]: Start accepts. Automaton has 24 states and 29 transitions. Word has length 14 [2018-11-23 11:10:03,660 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:03,660 INFO L480 AbstractCegarLoop]: Abstraction has 24 states and 29 transitions. [2018-11-23 11:10:03,660 INFO L481 AbstractCegarLoop]: Interpolant automaton has 2 states. [2018-11-23 11:10:03,660 INFO L276 IsEmpty]: Start isEmpty. Operand 24 states and 29 transitions. [2018-11-23 11:10:03,661 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 16 [2018-11-23 11:10:03,661 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:03,661 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:03,662 INFO L423 AbstractCegarLoop]: === Iteration 2 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:03,662 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:03,662 INFO L82 PathProgramCache]: Analyzing trace with hash -255751041, now seen corresponding path program 1 times [2018-11-23 11:10:03,663 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:03,663 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:03,699 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:03,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:03,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:03,775 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:04,411 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-23 11:10:04,423 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-23 11:10:04,439 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:04,442 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:04,451 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:04,452 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:20, output treesize:9 [2018-11-23 11:10:04,457 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:04,458 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (= (bvadd .cse0 (_ bv4294967293 32)) (_ bv0 32)) (= .cse0 |main_#t~mem13|) (= main_~i~0 (_ bv0 32)))) [2018-11-23 11:10:04,458 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= (bvadd |main_#t~mem13| (_ bv4294967293 32)) (_ bv0 32)) (= main_~i~0 (_ bv0 32))) [2018-11-23 11:10:04,513 INFO L256 TraceCheckUtils]: 0: Hoare triple {228#true} call ULTIMATE.init(); {228#true} is VALID [2018-11-23 11:10:04,513 INFO L273 TraceCheckUtils]: 1: Hoare triple {228#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {228#true} is VALID [2018-11-23 11:10:04,514 INFO L273 TraceCheckUtils]: 2: Hoare triple {228#true} assume true; {228#true} is VALID [2018-11-23 11:10:04,514 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {228#true} {228#true} #101#return; {228#true} is VALID [2018-11-23 11:10:04,514 INFO L256 TraceCheckUtils]: 4: Hoare triple {228#true} call #t~ret16 := main(); {228#true} is VALID [2018-11-23 11:10:04,515 INFO L273 TraceCheckUtils]: 5: Hoare triple {228#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {228#true} is VALID [2018-11-23 11:10:04,515 INFO L273 TraceCheckUtils]: 6: Hoare triple {228#true} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {228#true} is VALID [2018-11-23 11:10:04,521 INFO L273 TraceCheckUtils]: 7: Hoare triple {228#true} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {254#(= main_~i~0 (_ bv0 32))} is VALID [2018-11-23 11:10:04,522 INFO L273 TraceCheckUtils]: 8: Hoare triple {254#(= main_~i~0 (_ bv0 32))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {254#(= main_~i~0 (_ bv0 32))} is VALID [2018-11-23 11:10:04,523 INFO L273 TraceCheckUtils]: 9: Hoare triple {254#(= main_~i~0 (_ bv0 32))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {254#(= main_~i~0 (_ bv0 32))} is VALID [2018-11-23 11:10:04,524 INFO L273 TraceCheckUtils]: 10: Hoare triple {254#(= main_~i~0 (_ bv0 32))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {264#(and (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem7|) (= main_~i~0 (_ bv0 32)))} is VALID [2018-11-23 11:10:04,524 INFO L273 TraceCheckUtils]: 11: Hoare triple {264#(and (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem7|) (= main_~i~0 (_ bv0 32)))} assume !(3bv32 != #t~mem7);havoc #t~mem7; {268#(and (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967293 32)) (_ bv0 32)) (= main_~i~0 (_ bv0 32)))} is VALID [2018-11-23 11:10:04,525 INFO L273 TraceCheckUtils]: 12: Hoare triple {268#(and (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967293 32)) (_ bv0 32)) (= main_~i~0 (_ bv0 32)))} call #t~mem13 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {272#(and (= (bvadd |main_#t~mem13| (_ bv4294967293 32)) (_ bv0 32)) (= main_~i~0 (_ bv0 32)))} is VALID [2018-11-23 11:10:04,526 INFO L273 TraceCheckUtils]: 13: Hoare triple {272#(and (= (bvadd |main_#t~mem13| (_ bv4294967293 32)) (_ bv0 32)) (= main_~i~0 (_ bv0 32)))} assume 3bv32 != #t~mem13 || ~bvsgt32(~i~0, 20bv32);havoc #t~mem13; {229#false} is VALID [2018-11-23 11:10:04,527 INFO L273 TraceCheckUtils]: 14: Hoare triple {229#false} assume !false; {229#false} is VALID [2018-11-23 11:10:04,530 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:04,530 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:10:04,533 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:10:04,533 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-23 11:10:04,535 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 15 [2018-11-23 11:10:04,535 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:04,535 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-23 11:10:04,648 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 15 edges. 15 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:04,648 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-23 11:10:04,649 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-23 11:10:04,649 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=12, Invalid=18, Unknown=0, NotChecked=0, Total=30 [2018-11-23 11:10:04,649 INFO L87 Difference]: Start difference. First operand 24 states and 29 transitions. Second operand 6 states. [2018-11-23 11:10:05,413 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:05,413 INFO L93 Difference]: Finished difference Result 38 states and 46 transitions. [2018-11-23 11:10:05,414 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2018-11-23 11:10:05,414 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 15 [2018-11-23 11:10:05,414 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:05,414 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:10:05,417 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 46 transitions. [2018-11-23 11:10:05,417 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:10:05,420 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 46 transitions. [2018-11-23 11:10:05,420 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 46 transitions. [2018-11-23 11:10:05,571 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 46 edges. 46 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:05,574 INFO L225 Difference]: With dead ends: 38 [2018-11-23 11:10:05,575 INFO L226 Difference]: Without dead ends: 34 [2018-11-23 11:10:05,576 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2018-11-23 11:10:05,576 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 34 states. [2018-11-23 11:10:05,616 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 34 to 28. [2018-11-23 11:10:05,616 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:05,616 INFO L82 GeneralOperation]: Start isEquivalent. First operand 34 states. Second operand 28 states. [2018-11-23 11:10:05,616 INFO L74 IsIncluded]: Start isIncluded. First operand 34 states. Second operand 28 states. [2018-11-23 11:10:05,617 INFO L87 Difference]: Start difference. First operand 34 states. Second operand 28 states. [2018-11-23 11:10:05,619 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:05,620 INFO L93 Difference]: Finished difference Result 34 states and 42 transitions. [2018-11-23 11:10:05,620 INFO L276 IsEmpty]: Start isEmpty. Operand 34 states and 42 transitions. [2018-11-23 11:10:05,620 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:05,621 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:05,621 INFO L74 IsIncluded]: Start isIncluded. First operand 28 states. Second operand 34 states. [2018-11-23 11:10:05,621 INFO L87 Difference]: Start difference. First operand 28 states. Second operand 34 states. [2018-11-23 11:10:05,624 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:05,624 INFO L93 Difference]: Finished difference Result 34 states and 42 transitions. [2018-11-23 11:10:05,625 INFO L276 IsEmpty]: Start isEmpty. Operand 34 states and 42 transitions. [2018-11-23 11:10:05,625 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:05,626 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:05,626 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:05,626 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:05,626 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 28 states. [2018-11-23 11:10:05,628 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 28 states to 28 states and 34 transitions. [2018-11-23 11:10:05,628 INFO L78 Accepts]: Start accepts. Automaton has 28 states and 34 transitions. Word has length 15 [2018-11-23 11:10:05,629 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:05,629 INFO L480 AbstractCegarLoop]: Abstraction has 28 states and 34 transitions. [2018-11-23 11:10:05,629 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-23 11:10:05,629 INFO L276 IsEmpty]: Start isEmpty. Operand 28 states and 34 transitions. [2018-11-23 11:10:05,630 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 16 [2018-11-23 11:10:05,630 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:05,630 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:05,630 INFO L423 AbstractCegarLoop]: === Iteration 3 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:05,631 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:05,631 INFO L82 PathProgramCache]: Analyzing trace with hash -255702371, now seen corresponding path program 1 times [2018-11-23 11:10:05,631 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:05,632 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:05,650 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:05,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:05,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:05,699 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:05,786 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:10:05,798 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:05,802 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:05,804 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:05,812 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:05,813 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:15, output treesize:11 [2018-11-23 11:10:05,886 INFO L256 TraceCheckUtils]: 0: Hoare triple {434#true} call ULTIMATE.init(); {434#true} is VALID [2018-11-23 11:10:05,887 INFO L273 TraceCheckUtils]: 1: Hoare triple {434#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {434#true} is VALID [2018-11-23 11:10:05,888 INFO L273 TraceCheckUtils]: 2: Hoare triple {434#true} assume true; {434#true} is VALID [2018-11-23 11:10:05,888 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {434#true} {434#true} #101#return; {434#true} is VALID [2018-11-23 11:10:05,888 INFO L256 TraceCheckUtils]: 4: Hoare triple {434#true} call #t~ret16 := main(); {434#true} is VALID [2018-11-23 11:10:05,890 INFO L273 TraceCheckUtils]: 5: Hoare triple {434#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {454#(= main_~a~0.offset (_ bv0 32))} is VALID [2018-11-23 11:10:05,891 INFO L273 TraceCheckUtils]: 6: Hoare triple {454#(= main_~a~0.offset (_ bv0 32))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {454#(= main_~a~0.offset (_ bv0 32))} is VALID [2018-11-23 11:10:05,892 INFO L273 TraceCheckUtils]: 7: Hoare triple {454#(= main_~a~0.offset (_ bv0 32))} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {461#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:05,892 INFO L273 TraceCheckUtils]: 8: Hoare triple {461#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {461#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:05,894 INFO L273 TraceCheckUtils]: 9: Hoare triple {461#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {468#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:05,895 INFO L273 TraceCheckUtils]: 10: Hoare triple {468#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {472#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem7|))} is VALID [2018-11-23 11:10:05,896 INFO L273 TraceCheckUtils]: 11: Hoare triple {472#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem7|))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {435#false} is VALID [2018-11-23 11:10:05,897 INFO L273 TraceCheckUtils]: 12: Hoare triple {435#false} assume !(0bv32 != #t~mem8);havoc #t~mem8;call #t~mem10 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {435#false} is VALID [2018-11-23 11:10:05,897 INFO L273 TraceCheckUtils]: 13: Hoare triple {435#false} assume 2bv32 != #t~mem10;havoc #t~mem10; {435#false} is VALID [2018-11-23 11:10:05,898 INFO L273 TraceCheckUtils]: 14: Hoare triple {435#false} assume !false; {435#false} is VALID [2018-11-23 11:10:05,899 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:05,899 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:10:05,903 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:10:05,903 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-23 11:10:05,904 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 15 [2018-11-23 11:10:05,904 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:05,904 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-23 11:10:05,935 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 15 edges. 15 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:05,936 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-23 11:10:05,936 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-23 11:10:05,936 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2018-11-23 11:10:05,937 INFO L87 Difference]: Start difference. First operand 28 states and 34 transitions. Second operand 6 states. [2018-11-23 11:10:06,680 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:06,682 INFO L93 Difference]: Finished difference Result 52 states and 65 transitions. [2018-11-23 11:10:06,682 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2018-11-23 11:10:06,682 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 15 [2018-11-23 11:10:06,682 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:06,683 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:10:06,686 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 65 transitions. [2018-11-23 11:10:06,687 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:10:06,689 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 65 transitions. [2018-11-23 11:10:06,689 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 65 transitions. [2018-11-23 11:10:06,803 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 65 edges. 65 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:06,806 INFO L225 Difference]: With dead ends: 52 [2018-11-23 11:10:06,806 INFO L226 Difference]: Without dead ends: 39 [2018-11-23 11:10:06,807 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 9 SyntacticMatches, 1 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=23, Invalid=33, Unknown=0, NotChecked=0, Total=56 [2018-11-23 11:10:06,807 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 39 states. [2018-11-23 11:10:06,829 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 39 to 25. [2018-11-23 11:10:06,829 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:06,829 INFO L82 GeneralOperation]: Start isEquivalent. First operand 39 states. Second operand 25 states. [2018-11-23 11:10:06,829 INFO L74 IsIncluded]: Start isIncluded. First operand 39 states. Second operand 25 states. [2018-11-23 11:10:06,830 INFO L87 Difference]: Start difference. First operand 39 states. Second operand 25 states. [2018-11-23 11:10:06,832 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:06,833 INFO L93 Difference]: Finished difference Result 39 states and 48 transitions. [2018-11-23 11:10:06,833 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 48 transitions. [2018-11-23 11:10:06,834 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:06,834 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:06,834 INFO L74 IsIncluded]: Start isIncluded. First operand 25 states. Second operand 39 states. [2018-11-23 11:10:06,834 INFO L87 Difference]: Start difference. First operand 25 states. Second operand 39 states. [2018-11-23 11:10:06,837 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:06,837 INFO L93 Difference]: Finished difference Result 39 states and 48 transitions. [2018-11-23 11:10:06,837 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 48 transitions. [2018-11-23 11:10:06,838 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:06,838 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:06,838 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:06,839 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:06,839 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 25 states. [2018-11-23 11:10:06,840 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 25 states to 25 states and 30 transitions. [2018-11-23 11:10:06,841 INFO L78 Accepts]: Start accepts. Automaton has 25 states and 30 transitions. Word has length 15 [2018-11-23 11:10:06,841 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:06,841 INFO L480 AbstractCegarLoop]: Abstraction has 25 states and 30 transitions. [2018-11-23 11:10:06,841 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-23 11:10:06,841 INFO L276 IsEmpty]: Start isEmpty. Operand 25 states and 30 transitions. [2018-11-23 11:10:06,842 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2018-11-23 11:10:06,842 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:06,842 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:06,843 INFO L423 AbstractCegarLoop]: === Iteration 4 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:06,843 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:06,843 INFO L82 PathProgramCache]: Analyzing trace with hash -806241618, now seen corresponding path program 1 times [2018-11-23 11:10:06,844 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:06,844 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:06,875 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:06,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:06,940 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:06,942 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:07,084 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-23 11:10:07,093 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-23 11:10:07,095 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:07,098 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:07,105 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:07,106 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:22, output treesize:11 [2018-11-23 11:10:07,111 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:07,112 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (= (bvadd .cse0 (_ bv4294967293 32)) (_ bv0 32)) (= .cse0 |main_#t~mem13|) (= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32)))) [2018-11-23 11:10:07,112 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= (bvadd |main_#t~mem13| (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))) [2018-11-23 11:10:07,135 INFO L256 TraceCheckUtils]: 0: Hoare triple {664#true} call ULTIMATE.init(); {664#true} is VALID [2018-11-23 11:10:07,135 INFO L273 TraceCheckUtils]: 1: Hoare triple {664#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {664#true} is VALID [2018-11-23 11:10:07,135 INFO L273 TraceCheckUtils]: 2: Hoare triple {664#true} assume true; {664#true} is VALID [2018-11-23 11:10:07,136 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {664#true} {664#true} #101#return; {664#true} is VALID [2018-11-23 11:10:07,136 INFO L256 TraceCheckUtils]: 4: Hoare triple {664#true} call #t~ret16 := main(); {664#true} is VALID [2018-11-23 11:10:07,136 INFO L273 TraceCheckUtils]: 5: Hoare triple {664#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {664#true} is VALID [2018-11-23 11:10:07,136 INFO L273 TraceCheckUtils]: 6: Hoare triple {664#true} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {664#true} is VALID [2018-11-23 11:10:07,140 INFO L273 TraceCheckUtils]: 7: Hoare triple {664#true} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {690#(= main_~i~0 (_ bv0 32))} is VALID [2018-11-23 11:10:07,141 INFO L273 TraceCheckUtils]: 8: Hoare triple {690#(= main_~i~0 (_ bv0 32))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:07,142 INFO L273 TraceCheckUtils]: 9: Hoare triple {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} assume !(0bv32 != #t~mem4);havoc #t~mem4;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32); {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:07,142 INFO L273 TraceCheckUtils]: 10: Hoare triple {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:07,143 INFO L273 TraceCheckUtils]: 11: Hoare triple {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:07,144 INFO L273 TraceCheckUtils]: 12: Hoare triple {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:07,145 INFO L273 TraceCheckUtils]: 13: Hoare triple {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:07,146 INFO L273 TraceCheckUtils]: 14: Hoare triple {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:07,147 INFO L273 TraceCheckUtils]: 15: Hoare triple {694#(= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {716#(and (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem7|) (= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:07,148 INFO L273 TraceCheckUtils]: 16: Hoare triple {716#(and (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem7|) (= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32)))} assume !(3bv32 != #t~mem7);havoc #t~mem7; {720#(and (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:07,149 INFO L273 TraceCheckUtils]: 17: Hoare triple {720#(and (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32)))} call #t~mem13 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {724#(and (= (bvadd |main_#t~mem13| (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:07,153 INFO L273 TraceCheckUtils]: 18: Hoare triple {724#(and (= (bvadd |main_#t~mem13| (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd main_~i~0 (_ bv4294967295 32)) (_ bv0 32)))} assume 3bv32 != #t~mem13 || ~bvsgt32(~i~0, 20bv32);havoc #t~mem13; {665#false} is VALID [2018-11-23 11:10:07,154 INFO L273 TraceCheckUtils]: 19: Hoare triple {665#false} assume !false; {665#false} is VALID [2018-11-23 11:10:07,155 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:07,156 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:10:07,336 INFO L273 TraceCheckUtils]: 19: Hoare triple {665#false} assume !false; {665#false} is VALID [2018-11-23 11:10:07,336 INFO L273 TraceCheckUtils]: 18: Hoare triple {734#(and (not (bvsgt main_~i~0 (_ bv20 32))) (= (bvadd |main_#t~mem13| (_ bv4294967293 32)) (_ bv0 32)))} assume 3bv32 != #t~mem13 || ~bvsgt32(~i~0, 20bv32);havoc #t~mem13; {665#false} is VALID [2018-11-23 11:10:07,337 INFO L273 TraceCheckUtils]: 17: Hoare triple {738#(and (not (bvsgt main_~i~0 (_ bv20 32))) (= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem13 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {734#(and (not (bvsgt main_~i~0 (_ bv20 32))) (= (bvadd |main_#t~mem13| (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:07,338 INFO L273 TraceCheckUtils]: 16: Hoare triple {742#(or (and (not (bvsgt main_~i~0 (_ bv20 32))) (= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (not (= (_ bv3 32) |main_#t~mem7|)))} assume !(3bv32 != #t~mem7);havoc #t~mem7; {738#(and (not (bvsgt main_~i~0 (_ bv20 32))) (= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2018-11-23 11:10:07,342 INFO L273 TraceCheckUtils]: 15: Hoare triple {746#(not (bvsgt main_~i~0 (_ bv20 32)))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {742#(or (and (not (bvsgt main_~i~0 (_ bv20 32))) (= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (not (= (_ bv3 32) |main_#t~mem7|)))} is VALID [2018-11-23 11:10:07,343 INFO L273 TraceCheckUtils]: 14: Hoare triple {746#(not (bvsgt main_~i~0 (_ bv20 32)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {746#(not (bvsgt main_~i~0 (_ bv20 32)))} is VALID [2018-11-23 11:10:07,344 INFO L273 TraceCheckUtils]: 13: Hoare triple {746#(not (bvsgt main_~i~0 (_ bv20 32)))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {746#(not (bvsgt main_~i~0 (_ bv20 32)))} is VALID [2018-11-23 11:10:07,344 INFO L273 TraceCheckUtils]: 12: Hoare triple {746#(not (bvsgt main_~i~0 (_ bv20 32)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {746#(not (bvsgt main_~i~0 (_ bv20 32)))} is VALID [2018-11-23 11:10:07,345 INFO L273 TraceCheckUtils]: 11: Hoare triple {746#(not (bvsgt main_~i~0 (_ bv20 32)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {746#(not (bvsgt main_~i~0 (_ bv20 32)))} is VALID [2018-11-23 11:10:07,345 INFO L273 TraceCheckUtils]: 10: Hoare triple {746#(not (bvsgt main_~i~0 (_ bv20 32)))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {746#(not (bvsgt main_~i~0 (_ bv20 32)))} is VALID [2018-11-23 11:10:07,346 INFO L273 TraceCheckUtils]: 9: Hoare triple {746#(not (bvsgt main_~i~0 (_ bv20 32)))} assume !(0bv32 != #t~mem4);havoc #t~mem4;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32); {746#(not (bvsgt main_~i~0 (_ bv20 32)))} is VALID [2018-11-23 11:10:07,347 INFO L273 TraceCheckUtils]: 8: Hoare triple {768#(not (bvsgt (bvadd main_~i~0 (_ bv1 32)) (_ bv20 32)))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {746#(not (bvsgt main_~i~0 (_ bv20 32)))} is VALID [2018-11-23 11:10:07,370 INFO L273 TraceCheckUtils]: 7: Hoare triple {664#true} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {768#(not (bvsgt (bvadd main_~i~0 (_ bv1 32)) (_ bv20 32)))} is VALID [2018-11-23 11:10:07,370 INFO L273 TraceCheckUtils]: 6: Hoare triple {664#true} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {664#true} is VALID [2018-11-23 11:10:07,371 INFO L273 TraceCheckUtils]: 5: Hoare triple {664#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {664#true} is VALID [2018-11-23 11:10:07,371 INFO L256 TraceCheckUtils]: 4: Hoare triple {664#true} call #t~ret16 := main(); {664#true} is VALID [2018-11-23 11:10:07,371 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {664#true} {664#true} #101#return; {664#true} is VALID [2018-11-23 11:10:07,372 INFO L273 TraceCheckUtils]: 2: Hoare triple {664#true} assume true; {664#true} is VALID [2018-11-23 11:10:07,372 INFO L273 TraceCheckUtils]: 1: Hoare triple {664#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {664#true} is VALID [2018-11-23 11:10:07,372 INFO L256 TraceCheckUtils]: 0: Hoare triple {664#true} call ULTIMATE.init(); {664#true} is VALID [2018-11-23 11:10:07,374 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:07,378 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:10:07,379 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 7] total 12 [2018-11-23 11:10:07,379 INFO L78 Accepts]: Start accepts. Automaton has 12 states. Word has length 20 [2018-11-23 11:10:07,380 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:07,380 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states. [2018-11-23 11:10:07,484 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 32 edges. 32 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:07,484 INFO L459 AbstractCegarLoop]: Interpolant automaton has 12 states [2018-11-23 11:10:07,485 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2018-11-23 11:10:07,485 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=41, Invalid=91, Unknown=0, NotChecked=0, Total=132 [2018-11-23 11:10:07,486 INFO L87 Difference]: Start difference. First operand 25 states and 30 transitions. Second operand 12 states. [2018-11-23 11:10:08,973 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:08,973 INFO L93 Difference]: Finished difference Result 69 states and 86 transitions. [2018-11-23 11:10:08,973 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2018-11-23 11:10:08,973 INFO L78 Accepts]: Start accepts. Automaton has 12 states. Word has length 20 [2018-11-23 11:10:08,974 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:08,974 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 12 states. [2018-11-23 11:10:08,977 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 86 transitions. [2018-11-23 11:10:08,977 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 12 states. [2018-11-23 11:10:08,980 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 86 transitions. [2018-11-23 11:10:08,980 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states and 86 transitions. [2018-11-23 11:10:09,215 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 86 edges. 86 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:09,217 INFO L225 Difference]: With dead ends: 69 [2018-11-23 11:10:09,218 INFO L226 Difference]: Without dead ends: 61 [2018-11-23 11:10:09,218 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 64 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=111, Invalid=231, Unknown=0, NotChecked=0, Total=342 [2018-11-23 11:10:09,219 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 61 states. [2018-11-23 11:10:09,288 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 61 to 51. [2018-11-23 11:10:09,288 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:09,288 INFO L82 GeneralOperation]: Start isEquivalent. First operand 61 states. Second operand 51 states. [2018-11-23 11:10:09,289 INFO L74 IsIncluded]: Start isIncluded. First operand 61 states. Second operand 51 states. [2018-11-23 11:10:09,289 INFO L87 Difference]: Start difference. First operand 61 states. Second operand 51 states. [2018-11-23 11:10:09,295 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:09,295 INFO L93 Difference]: Finished difference Result 61 states and 76 transitions. [2018-11-23 11:10:09,296 INFO L276 IsEmpty]: Start isEmpty. Operand 61 states and 76 transitions. [2018-11-23 11:10:09,296 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:09,297 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:09,297 INFO L74 IsIncluded]: Start isIncluded. First operand 51 states. Second operand 61 states. [2018-11-23 11:10:09,298 INFO L87 Difference]: Start difference. First operand 51 states. Second operand 61 states. [2018-11-23 11:10:09,304 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:09,304 INFO L93 Difference]: Finished difference Result 61 states and 76 transitions. [2018-11-23 11:10:09,305 INFO L276 IsEmpty]: Start isEmpty. Operand 61 states and 76 transitions. [2018-11-23 11:10:09,306 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:09,306 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:09,306 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:09,306 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:09,306 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 51 states. [2018-11-23 11:10:09,309 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 51 states to 51 states and 66 transitions. [2018-11-23 11:10:09,309 INFO L78 Accepts]: Start accepts. Automaton has 51 states and 66 transitions. Word has length 20 [2018-11-23 11:10:09,310 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:09,310 INFO L480 AbstractCegarLoop]: Abstraction has 51 states and 66 transitions. [2018-11-23 11:10:09,310 INFO L481 AbstractCegarLoop]: Interpolant automaton has 12 states. [2018-11-23 11:10:09,310 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 66 transitions. [2018-11-23 11:10:09,311 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2018-11-23 11:10:09,311 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:09,311 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:09,311 INFO L423 AbstractCegarLoop]: === Iteration 5 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:09,312 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:09,312 INFO L82 PathProgramCache]: Analyzing trace with hash -806192948, now seen corresponding path program 1 times [2018-11-23 11:10:09,312 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:09,313 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:09,335 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:09,392 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:09,411 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:09,413 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:09,460 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:10:09,462 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:09,471 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:09,472 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:10:09,475 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:09,476 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_19|]. (and (= main_~a~0.offset (_ bv0 32)) (= |#valid| (store |v_#valid_19| main_~a~0.base (_ bv1 1)))) [2018-11-23 11:10:09,476 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:10:09,615 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:10:09,623 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:09,626 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:09,629 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:09,653 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:09,653 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:28, output treesize:24 [2018-11-23 11:10:09,922 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:09,924 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:09,925 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:10:09,928 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:09,946 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:09,946 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:29, output treesize:21 [2018-11-23 11:10:10,025 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 22 [2018-11-23 11:10:10,033 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:10,037 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 14 [2018-11-23 11:10:10,040 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,046 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,057 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,058 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:34, output treesize:15 [2018-11-23 11:10:10,140 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 20 [2018-11-23 11:10:10,161 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:10,163 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,175 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,225 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:10,225 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:26, output treesize:22 [2018-11-23 11:10:10,235 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:10,236 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_25|, v_main_~p~0.base_27, v_main_~p~0.offset_27]. (and (= main_~p~0.offset (_ bv0 32)) (not (= v_main_~p~0.base_27 main_~p~0.base)) (= (store |v_#memory_int_25| v_main_~p~0.base_27 (store (select |v_#memory_int_25| v_main_~p~0.base_27) v_main_~p~0.offset_27 (_ bv3 32))) |#memory_int|) (= (select (select |v_#memory_int_25| main_~p~0.base) (_ bv0 32)) (_ bv2 32))) [2018-11-23 11:10:10,236 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_27, v_main_~p~0.offset_27]. (and (not (= v_main_~p~0.base_27 main_~p~0.base)) (= main_~p~0.offset (_ bv0 32)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_27) v_main_~p~0.offset_27)) (= (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv2 32))) [2018-11-23 11:10:10,597 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 24 treesize of output 22 [2018-11-23 11:10:10,616 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-23 11:10:10,618 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,631 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 1 [2018-11-23 11:10:10,632 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,635 INFO L267 ElimStorePlain]: Start of recursive call 2: 2 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,643 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,643 INFO L202 ElimStorePlain]: Needed 4 recursive calls to eliminate 4 variables, input treesize:28, output treesize:5 [2018-11-23 11:10:10,648 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:10,648 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, v_main_~p~0.base_27, v_main_~p~0.offset_27, main_~p~0.base]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) (_ bv0 32)))) (and (not (= v_main_~p~0.base_27 main_~p~0.base)) (= (bvadd .cse0 (_ bv4294967294 32)) (_ bv0 32)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_27) v_main_~p~0.offset_27)) (= |main_#t~mem10| .cse0))) [2018-11-23 11:10:10,648 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd |main_#t~mem10| (_ bv4294967294 32))) [2018-11-23 11:10:10,664 INFO L256 TraceCheckUtils]: 0: Hoare triple {1081#true} call ULTIMATE.init(); {1081#true} is VALID [2018-11-23 11:10:10,664 INFO L273 TraceCheckUtils]: 1: Hoare triple {1081#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1081#true} is VALID [2018-11-23 11:10:10,664 INFO L273 TraceCheckUtils]: 2: Hoare triple {1081#true} assume true; {1081#true} is VALID [2018-11-23 11:10:10,665 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1081#true} {1081#true} #101#return; {1081#true} is VALID [2018-11-23 11:10:10,665 INFO L256 TraceCheckUtils]: 4: Hoare triple {1081#true} call #t~ret16 := main(); {1081#true} is VALID [2018-11-23 11:10:10,667 INFO L273 TraceCheckUtils]: 5: Hoare triple {1081#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {1101#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:10,667 INFO L273 TraceCheckUtils]: 6: Hoare triple {1101#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {1101#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:10,668 INFO L273 TraceCheckUtils]: 7: Hoare triple {1101#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {1108#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:10,670 INFO L273 TraceCheckUtils]: 8: Hoare triple {1108#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {1108#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:10,672 INFO L273 TraceCheckUtils]: 9: Hoare triple {1108#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~mem4);havoc #t~mem4;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32); {1115#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:10,674 INFO L273 TraceCheckUtils]: 10: Hoare triple {1115#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {1119#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:10,675 INFO L273 TraceCheckUtils]: 11: Hoare triple {1119#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {1119#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:10,677 INFO L273 TraceCheckUtils]: 12: Hoare triple {1119#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {1126#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:10,678 INFO L273 TraceCheckUtils]: 13: Hoare triple {1126#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {1126#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:10,681 INFO L273 TraceCheckUtils]: 14: Hoare triple {1126#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1133#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (exists ((v_main_~p~0.base_27 (_ BitVec 32)) (v_main_~p~0.offset_27 (_ BitVec 32))) (and (not (= v_main_~p~0.base_27 main_~p~0.base)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_27) v_main_~p~0.offset_27)))))} is VALID [2018-11-23 11:10:10,682 INFO L273 TraceCheckUtils]: 15: Hoare triple {1133#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (exists ((v_main_~p~0.base_27 (_ BitVec 32)) (v_main_~p~0.offset_27 (_ BitVec 32))) (and (not (= v_main_~p~0.base_27 main_~p~0.base)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_27) v_main_~p~0.offset_27)))))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1133#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (exists ((v_main_~p~0.base_27 (_ BitVec 32)) (v_main_~p~0.offset_27 (_ BitVec 32))) (and (not (= v_main_~p~0.base_27 main_~p~0.base)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_27) v_main_~p~0.offset_27)))))} is VALID [2018-11-23 11:10:10,684 INFO L273 TraceCheckUtils]: 16: Hoare triple {1133#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (exists ((v_main_~p~0.base_27 (_ BitVec 32)) (v_main_~p~0.offset_27 (_ BitVec 32))) (and (not (= v_main_~p~0.base_27 main_~p~0.base)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_27) v_main_~p~0.offset_27)))))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {1133#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (exists ((v_main_~p~0.base_27 (_ BitVec 32)) (v_main_~p~0.offset_27 (_ BitVec 32))) (and (not (= v_main_~p~0.base_27 main_~p~0.base)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_27) v_main_~p~0.offset_27)))))} is VALID [2018-11-23 11:10:10,687 INFO L273 TraceCheckUtils]: 17: Hoare triple {1133#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (exists ((v_main_~p~0.base_27 (_ BitVec 32)) (v_main_~p~0.offset_27 (_ BitVec 32))) (and (not (= v_main_~p~0.base_27 main_~p~0.base)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_27) v_main_~p~0.offset_27)))))} assume !(0bv32 != #t~mem8);havoc #t~mem8;call #t~mem10 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1143#(= (_ bv2 32) |main_#t~mem10|)} is VALID [2018-11-23 11:10:10,688 INFO L273 TraceCheckUtils]: 18: Hoare triple {1143#(= (_ bv2 32) |main_#t~mem10|)} assume 2bv32 != #t~mem10;havoc #t~mem10; {1082#false} is VALID [2018-11-23 11:10:10,688 INFO L273 TraceCheckUtils]: 19: Hoare triple {1082#false} assume !false; {1082#false} is VALID [2018-11-23 11:10:10,692 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:10,692 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:10:10,981 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:10,988 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:11,040 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:11,047 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:11,073 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 1 dim-0 vars, and 2 xjuncts. [2018-11-23 11:10:11,073 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:38, output treesize:22 [2018-11-23 11:10:11,086 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:11,086 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_27|, v_subst_1]. (or (= (_ bv0 32) (bvadd (select (select (store |v_#memory_int_27| main_~t~0.base (store (select |v_#memory_int_27| main_~t~0.base) v_subst_1 (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32))) (not (= |v_#memory_int_27| (store |#memory_int| main_~p~0.base (let ((.cse0 (bvadd main_~p~0.offset (_ bv8 32)))) (store (select |#memory_int| main_~p~0.base) .cse0 (select (select |v_#memory_int_27| main_~p~0.base) .cse0))))))) [2018-11-23 11:10:11,086 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_2]. (and (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset)) (not (= main_~t~0.base main_~a~0.base))) [2018-11-23 11:10:15,297 WARN L180 SmtUtils]: Spent 2.03 s on a formula simplification that was a NOOP. DAG size: 28 [2018-11-23 11:10:15,399 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 15 [2018-11-23 11:10:15,405 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 3 [2018-11-23 11:10:15,409 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,416 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,442 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 29 treesize of output 33 [2018-11-23 11:10:15,457 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 26 [2018-11-23 11:10:15,462 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,551 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:15,552 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 31 [2018-11-23 11:10:15,742 WARN L180 SmtUtils]: Spent 107.00 ms on a formula simplification. DAG size of input: 29 DAG size of output: 26 [2018-11-23 11:10:15,748 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 9 [2018-11-23 11:10:15,750 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,805 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:15,863 INFO L267 ElimStorePlain]: Start of recursive call 4: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:15,870 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 24 [2018-11-23 11:10:15,875 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 17 [2018-11-23 11:10:15,911 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 7 [2018-11-23 11:10:15,913 INFO L267 ElimStorePlain]: Start of recursive call 10: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,920 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 6 [2018-11-23 11:10:15,922 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,948 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:15,981 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:16,036 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 3 dim-0 vars, and 4 xjuncts. [2018-11-23 11:10:16,036 INFO L202 ElimStorePlain]: Needed 11 recursive calls to eliminate 3 variables, input treesize:34, output treesize:42 [2018-11-23 11:10:16,047 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:16,048 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_int|, v_DerPreprocessor_2, v_main_~t~0.base_8]. (and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_8))) (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv2 32)) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset)))) [2018-11-23 11:10:16,048 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_main_~t~0.base_8, v_prenex_2, v_prenex_3]. (let ((.cse0 (= main_~a~0.offset main_~p~0.offset))) (and (or (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_8))) .cse0) (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (not (= (_ bv0 1) (select |#valid| v_prenex_2))) .cse0 (= (bvadd main_~p~0.offset (_ bv8 32)) main_~a~0.offset)) (or (= main_~p~0.base main_~a~0.base) (not (= (_ bv0 1) (select |#valid| v_prenex_3)))))) [2018-11-23 11:10:16,205 INFO L273 TraceCheckUtils]: 19: Hoare triple {1082#false} assume !false; {1082#false} is VALID [2018-11-23 11:10:16,206 INFO L273 TraceCheckUtils]: 18: Hoare triple {1143#(= (_ bv2 32) |main_#t~mem10|)} assume 2bv32 != #t~mem10;havoc #t~mem10; {1082#false} is VALID [2018-11-23 11:10:16,212 INFO L273 TraceCheckUtils]: 17: Hoare triple {1156#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967294 32)) (_ bv0 32))} assume !(0bv32 != #t~mem8);havoc #t~mem8;call #t~mem10 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1143#(= (_ bv2 32) |main_#t~mem10|)} is VALID [2018-11-23 11:10:16,213 INFO L273 TraceCheckUtils]: 16: Hoare triple {1156#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967294 32)) (_ bv0 32))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {1156#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967294 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:16,213 INFO L273 TraceCheckUtils]: 15: Hoare triple {1156#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967294 32)) (_ bv0 32))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1156#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967294 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:16,216 INFO L273 TraceCheckUtils]: 14: Hoare triple {1166#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1156#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967294 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:16,217 INFO L273 TraceCheckUtils]: 13: Hoare triple {1166#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32)))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {1166#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:16,221 INFO L273 TraceCheckUtils]: 12: Hoare triple {1173#(and (not (= main_~t~0.base main_~a~0.base)) (forall ((v_DerPreprocessor_2 (_ BitVec 32))) (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset))))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {1166#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:16,222 INFO L273 TraceCheckUtils]: 11: Hoare triple {1173#(and (not (= main_~t~0.base main_~a~0.base)) (forall ((v_DerPreprocessor_2 (_ BitVec 32))) (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset))))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {1173#(and (not (= main_~t~0.base main_~a~0.base)) (forall ((v_DerPreprocessor_2 (_ BitVec 32))) (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset))))} is VALID [2018-11-23 11:10:16,241 INFO L273 TraceCheckUtils]: 10: Hoare triple {1180#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_main_~t~0.base_8 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_8)))) (forall ((v_DerPreprocessor_2 (_ BitVec 32))) (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset)))))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {1173#(and (not (= main_~t~0.base main_~a~0.base)) (forall ((v_DerPreprocessor_2 (_ BitVec 32))) (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset))))} is VALID [2018-11-23 11:10:16,258 INFO L273 TraceCheckUtils]: 9: Hoare triple {1184#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~a~0.offset main_~p~0.offset) (forall ((v_main_~t~0.base_8 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_8))))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_3 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_3))))))} assume !(0bv32 != #t~mem4);havoc #t~mem4;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32); {1180#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_main_~t~0.base_8 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_8)))) (forall ((v_DerPreprocessor_2 (_ BitVec 32))) (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset)))))} is VALID [2018-11-23 11:10:16,275 INFO L273 TraceCheckUtils]: 8: Hoare triple {1184#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~a~0.offset main_~p~0.offset) (forall ((v_main_~t~0.base_8 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_8))))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_3 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_3))))))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {1184#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~a~0.offset main_~p~0.offset) (forall ((v_main_~t~0.base_8 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_8))))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_3 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_3))))))} is VALID [2018-11-23 11:10:16,282 INFO L273 TraceCheckUtils]: 7: Hoare triple {1191#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {1184#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~a~0.offset main_~p~0.offset) (forall ((v_main_~t~0.base_8 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_8))))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_3 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_3))))))} is VALID [2018-11-23 11:10:16,283 INFO L273 TraceCheckUtils]: 6: Hoare triple {1191#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {1191#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:16,284 INFO L273 TraceCheckUtils]: 5: Hoare triple {1081#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {1191#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:16,284 INFO L256 TraceCheckUtils]: 4: Hoare triple {1081#true} call #t~ret16 := main(); {1081#true} is VALID [2018-11-23 11:10:16,284 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1081#true} {1081#true} #101#return; {1081#true} is VALID [2018-11-23 11:10:16,284 INFO L273 TraceCheckUtils]: 2: Hoare triple {1081#true} assume true; {1081#true} is VALID [2018-11-23 11:10:16,284 INFO L273 TraceCheckUtils]: 1: Hoare triple {1081#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1081#true} is VALID [2018-11-23 11:10:16,285 INFO L256 TraceCheckUtils]: 0: Hoare triple {1081#true} call ULTIMATE.init(); {1081#true} is VALID [2018-11-23 11:10:16,288 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:16,292 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:10:16,292 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 15 [2018-11-23 11:10:16,293 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 20 [2018-11-23 11:10:16,293 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:16,293 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states. [2018-11-23 11:10:16,384 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 33 edges. 33 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:16,385 INFO L459 AbstractCegarLoop]: Interpolant automaton has 15 states [2018-11-23 11:10:16,385 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2018-11-23 11:10:16,385 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=43, Invalid=166, Unknown=1, NotChecked=0, Total=210 [2018-11-23 11:10:16,386 INFO L87 Difference]: Start difference. First operand 51 states and 66 transitions. Second operand 15 states. [2018-11-23 11:10:17,883 WARN L180 SmtUtils]: Spent 139.00 ms on a formula simplification. DAG size of input: 45 DAG size of output: 28 [2018-11-23 11:10:19,425 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:19,425 INFO L93 Difference]: Finished difference Result 116 states and 148 transitions. [2018-11-23 11:10:19,425 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2018-11-23 11:10:19,427 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 20 [2018-11-23 11:10:19,427 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:19,427 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2018-11-23 11:10:19,429 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 73 transitions. [2018-11-23 11:10:19,429 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2018-11-23 11:10:19,431 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 73 transitions. [2018-11-23 11:10:19,432 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 73 transitions. [2018-11-23 11:10:19,629 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 73 edges. 73 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:19,633 INFO L225 Difference]: With dead ends: 116 [2018-11-23 11:10:19,633 INFO L226 Difference]: Without dead ends: 114 [2018-11-23 11:10:19,634 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 45 GetRequests, 25 SyntacticMatches, 1 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 52 ImplicationChecksByTransitivity, 5.3s TimeCoverageRelationStatistics Valid=110, Invalid=309, Unknown=1, NotChecked=0, Total=420 [2018-11-23 11:10:19,634 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 114 states. [2018-11-23 11:10:19,797 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 114 to 80. [2018-11-23 11:10:19,798 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:19,798 INFO L82 GeneralOperation]: Start isEquivalent. First operand 114 states. Second operand 80 states. [2018-11-23 11:10:19,798 INFO L74 IsIncluded]: Start isIncluded. First operand 114 states. Second operand 80 states. [2018-11-23 11:10:19,798 INFO L87 Difference]: Start difference. First operand 114 states. Second operand 80 states. [2018-11-23 11:10:19,803 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:19,803 INFO L93 Difference]: Finished difference Result 114 states and 144 transitions. [2018-11-23 11:10:19,803 INFO L276 IsEmpty]: Start isEmpty. Operand 114 states and 144 transitions. [2018-11-23 11:10:19,804 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:19,804 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:19,805 INFO L74 IsIncluded]: Start isIncluded. First operand 80 states. Second operand 114 states. [2018-11-23 11:10:19,805 INFO L87 Difference]: Start difference. First operand 80 states. Second operand 114 states. [2018-11-23 11:10:19,809 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:19,810 INFO L93 Difference]: Finished difference Result 114 states and 144 transitions. [2018-11-23 11:10:19,810 INFO L276 IsEmpty]: Start isEmpty. Operand 114 states and 144 transitions. [2018-11-23 11:10:19,811 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:19,811 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:19,811 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:19,811 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:19,811 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 80 states. [2018-11-23 11:10:19,815 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 80 states to 80 states and 103 transitions. [2018-11-23 11:10:19,819 INFO L78 Accepts]: Start accepts. Automaton has 80 states and 103 transitions. Word has length 20 [2018-11-23 11:10:19,819 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:19,819 INFO L480 AbstractCegarLoop]: Abstraction has 80 states and 103 transitions. [2018-11-23 11:10:19,819 INFO L481 AbstractCegarLoop]: Interpolant automaton has 15 states. [2018-11-23 11:10:19,819 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 103 transitions. [2018-11-23 11:10:19,820 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2018-11-23 11:10:19,820 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:19,821 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:19,821 INFO L423 AbstractCegarLoop]: === Iteration 6 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:19,821 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:19,821 INFO L82 PathProgramCache]: Analyzing trace with hash -806199892, now seen corresponding path program 1 times [2018-11-23 11:10:19,821 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:19,821 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:19,838 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:19,890 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:19,910 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:19,911 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:19,933 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:10:19,935 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:19,941 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:19,942 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:10:19,945 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:19,946 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_26|]. (and (= main_~a~0.offset (_ bv0 32)) (= |#valid| (store |v_#valid_26| main_~a~0.base (_ bv1 1)))) [2018-11-23 11:10:19,946 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:10:20,045 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 16 [2018-11-23 11:10:20,051 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:20,052 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:20,053 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 33 [2018-11-23 11:10:20,055 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,066 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,087 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,088 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:37, output treesize:33 [2018-11-23 11:10:20,177 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:20,178 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:20,179 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:10:20,189 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,211 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,211 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:38, output treesize:30 [2018-11-23 11:10:20,217 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:20,217 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_27|]. (let ((.cse0 (select |#memory_int| main_~a~0.base))) (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select .cse0 (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)) (= (_ bv0 1) (select |v_#valid_27| main_~t~0.base)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv2 32) (select .cse0 main_~a~0.offset)) (= (_ bv0 1) (bvadd (select |v_#valid_27| main_~a~0.base) (_ bv1 1))))) [2018-11-23 11:10:20,217 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| main_~a~0.base))) (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select .cse0 (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select .cse0 main_~a~0.offset)))) [2018-11-23 11:10:20,370 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 36 treesize of output 29 [2018-11-23 11:10:20,377 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:20,379 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:20,381 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:20,382 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:20,386 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 4 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 51 [2018-11-23 11:10:20,389 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,401 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,417 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,418 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:43, output treesize:24 [2018-11-23 11:10:20,497 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 27 [2018-11-23 11:10:20,503 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:20,504 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,622 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,640 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:20,640 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:33, output treesize:29 [2018-11-23 11:10:20,648 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:20,648 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_32|, v_main_~p~0.base_33, v_main_~p~0.offset_33]. (let ((.cse0 (select |v_#memory_int_32| main_~p~0.base))) (and (= (select .cse0 (_ bv4 32)) (_ bv0 32)) (= main_~p~0.offset (_ bv0 32)) (= (store |v_#memory_int_32| v_main_~p~0.base_33 (store (select |v_#memory_int_32| v_main_~p~0.base_33) v_main_~p~0.offset_33 (_ bv3 32))) |#memory_int|) (= (_ bv2 32) (select .cse0 (_ bv0 32))) (not (= v_main_~p~0.base_33 main_~p~0.base)))) [2018-11-23 11:10:20,648 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_33, v_main_~p~0.offset_33]. (let ((.cse0 (select |#memory_int| main_~p~0.base))) (and (= main_~p~0.offset (_ bv0 32)) (= (select .cse0 (_ bv4 32)) (_ bv0 32)) (= (select .cse0 (_ bv0 32)) (_ bv2 32)) (not (= v_main_~p~0.base_33 main_~p~0.base)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_33) v_main_~p~0.offset_33)))) [2018-11-23 11:10:20,726 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 27 [2018-11-23 11:10:20,737 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:20,739 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 18 treesize of output 8 [2018-11-23 11:10:20,740 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,755 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 1 [2018-11-23 11:10:20,755 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,757 INFO L267 ElimStorePlain]: Start of recursive call 2: 2 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,774 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:20,774 INFO L202 ElimStorePlain]: Needed 4 recursive calls to eliminate 4 variables, input treesize:35, output treesize:3 [2018-11-23 11:10:20,778 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:20,778 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, v_main_~p~0.base_33, v_main_~p~0.offset_33]. (let ((.cse0 (select |#memory_int| main_~p~0.base))) (let ((.cse1 (select .cse0 (_ bv4 32)))) (and (= (bvadd (select .cse0 (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (= .cse1 (_ bv0 32)) (= .cse1 |main_#t~mem8|) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_33) v_main_~p~0.offset_33)) (not (= v_main_~p~0.base_33 main_~p~0.base))))) [2018-11-23 11:10:20,778 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) |main_#t~mem8|) [2018-11-23 11:10:20,794 INFO L256 TraceCheckUtils]: 0: Hoare triple {1694#true} call ULTIMATE.init(); {1694#true} is VALID [2018-11-23 11:10:20,795 INFO L273 TraceCheckUtils]: 1: Hoare triple {1694#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1694#true} is VALID [2018-11-23 11:10:20,795 INFO L273 TraceCheckUtils]: 2: Hoare triple {1694#true} assume true; {1694#true} is VALID [2018-11-23 11:10:20,796 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1694#true} {1694#true} #101#return; {1694#true} is VALID [2018-11-23 11:10:20,796 INFO L256 TraceCheckUtils]: 4: Hoare triple {1694#true} call #t~ret16 := main(); {1694#true} is VALID [2018-11-23 11:10:20,797 INFO L273 TraceCheckUtils]: 5: Hoare triple {1694#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {1714#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:20,798 INFO L273 TraceCheckUtils]: 6: Hoare triple {1714#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {1714#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:20,799 INFO L273 TraceCheckUtils]: 7: Hoare triple {1714#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {1721#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:20,799 INFO L273 TraceCheckUtils]: 8: Hoare triple {1721#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {1725#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) |main_#t~mem4|) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:20,802 INFO L273 TraceCheckUtils]: 9: Hoare triple {1725#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) |main_#t~mem4|) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~mem4);havoc #t~mem4;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32); {1729#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:20,803 INFO L273 TraceCheckUtils]: 10: Hoare triple {1729#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {1733#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:20,804 INFO L273 TraceCheckUtils]: 11: Hoare triple {1733#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {1733#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:20,806 INFO L273 TraceCheckUtils]: 12: Hoare triple {1733#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {1740#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= (_ bv0 32) (select (select |#memory_int| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} is VALID [2018-11-23 11:10:20,807 INFO L273 TraceCheckUtils]: 13: Hoare triple {1740#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= (_ bv0 32) (select (select |#memory_int| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {1740#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= (_ bv0 32) (select (select |#memory_int| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} is VALID [2018-11-23 11:10:20,810 INFO L273 TraceCheckUtils]: 14: Hoare triple {1740#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= (_ bv0 32) (select (select |#memory_int| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1747#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) (_ bv4 32)) (_ bv0 32)) (exists ((v_main_~p~0.offset_33 (_ BitVec 32)) (v_main_~p~0.base_33 (_ BitVec 32))) (and (not (= v_main_~p~0.base_33 main_~p~0.base)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_33) v_main_~p~0.offset_33)))))} is VALID [2018-11-23 11:10:20,811 INFO L273 TraceCheckUtils]: 15: Hoare triple {1747#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) (_ bv4 32)) (_ bv0 32)) (exists ((v_main_~p~0.offset_33 (_ BitVec 32)) (v_main_~p~0.base_33 (_ BitVec 32))) (and (not (= v_main_~p~0.base_33 main_~p~0.base)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_33) v_main_~p~0.offset_33)))))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1747#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) (_ bv4 32)) (_ bv0 32)) (exists ((v_main_~p~0.offset_33 (_ BitVec 32)) (v_main_~p~0.base_33 (_ BitVec 32))) (and (not (= v_main_~p~0.base_33 main_~p~0.base)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_33) v_main_~p~0.offset_33)))))} is VALID [2018-11-23 11:10:20,812 INFO L273 TraceCheckUtils]: 16: Hoare triple {1747#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) (_ bv4 32)) (_ bv0 32)) (exists ((v_main_~p~0.offset_33 (_ BitVec 32)) (v_main_~p~0.base_33 (_ BitVec 32))) (and (not (= v_main_~p~0.base_33 main_~p~0.base)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_33) v_main_~p~0.offset_33)))))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {1754#(= (_ bv0 32) |main_#t~mem8|)} is VALID [2018-11-23 11:10:20,814 INFO L273 TraceCheckUtils]: 17: Hoare triple {1754#(= (_ bv0 32) |main_#t~mem8|)} assume 0bv32 != #t~mem8;havoc #t~mem8;call #t~mem9 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1695#false} is VALID [2018-11-23 11:10:20,814 INFO L273 TraceCheckUtils]: 18: Hoare triple {1695#false} assume 1bv32 != #t~mem9;havoc #t~mem9; {1695#false} is VALID [2018-11-23 11:10:20,814 INFO L273 TraceCheckUtils]: 19: Hoare triple {1695#false} assume !false; {1695#false} is VALID [2018-11-23 11:10:20,816 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:20,816 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:10:21,059 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:21,066 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:21,075 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:21,086 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:21,117 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 1 dim-0 vars, and 2 xjuncts. [2018-11-23 11:10:21,118 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:38, output treesize:24 [2018-11-23 11:10:21,132 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:21,132 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_34|, v_subst_2]. (or (not (= (store |#memory_int| main_~p~0.base (let ((.cse0 (bvadd main_~p~0.offset (_ bv8 32)))) (store (select |#memory_int| main_~p~0.base) .cse0 (select (select |v_#memory_int_34| main_~p~0.base) .cse0)))) |v_#memory_int_34|)) (= (_ bv0 32) (select (select (store |v_#memory_int_34| main_~t~0.base (store (select |v_#memory_int_34| main_~t~0.base) v_subst_2 (_ bv3 32))) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) [2018-11-23 11:10:21,133 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_6]. (and (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_6)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (not (= main_~t~0.base main_~a~0.base))) [2018-11-23 11:10:27,498 WARN L180 SmtUtils]: Spent 2.03 s on a formula simplification that was a NOOP. DAG size: 30 [2018-11-23 11:10:29,636 WARN L180 SmtUtils]: Spent 2.04 s on a formula simplification that was a NOOP. DAG size: 36 [2018-11-23 11:10:29,816 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 25 [2018-11-23 11:10:29,825 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 3 [2018-11-23 11:10:29,830 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:29,852 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:10:29,854 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:29,862 INFO L267 ElimStorePlain]: Start of recursive call 2: 2 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:29,872 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 34 [2018-11-23 11:10:29,882 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:29,883 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:29,884 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 24 treesize of output 39 [2018-11-23 11:10:30,185 WARN L180 SmtUtils]: Spent 130.00 ms on a formula simplification. DAG size of input: 26 DAG size of output: 23 [2018-11-23 11:10:30,192 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:30,192 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:30,193 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 12 [2018-11-23 11:10:30,196 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:30,203 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:30,206 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:30,220 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 4 disjoint index pairs (out of 3 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 22 treesize of output 26 [2018-11-23 11:10:30,230 INFO L267 ElimStorePlain]: Start of recursive call 8: End of recursive call: and 2 xjuncts. [2018-11-23 11:10:30,267 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:30,304 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:30,334 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 43 treesize of output 45 [2018-11-23 11:10:30,345 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 40 treesize of output 36 [2018-11-23 11:10:30,348 INFO L267 ElimStorePlain]: Start of recursive call 10: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:30,421 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:30,424 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:30,450 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 4 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 37 treesize of output 70 [2018-11-23 11:10:31,022 WARN L180 SmtUtils]: Spent 505.00 ms on a formula simplification. DAG size of input: 52 DAG size of output: 42 [2018-11-23 11:10:31,031 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:31,034 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:31,036 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 18 [2018-11-23 11:10:31,038 INFO L267 ElimStorePlain]: Start of recursive call 12: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,115 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:31,118 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:31,131 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 4 disjoint index pairs (out of 3 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 33 treesize of output 35 [2018-11-23 11:10:31,165 INFO L267 ElimStorePlain]: Start of recursive call 13: End of recursive call: and 2 xjuncts. [2018-11-23 11:10:31,198 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:31,201 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:31,214 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 5 disjoint index pairs (out of 3 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 35 treesize of output 37 [2018-11-23 11:10:31,219 INFO L267 ElimStorePlain]: Start of recursive call 14: End of recursive call: and 2 xjuncts. [2018-11-23 11:10:31,284 INFO L267 ElimStorePlain]: Start of recursive call 11: 2 dim-1 vars, End of recursive call: and 3 xjuncts. [2018-11-23 11:10:31,398 INFO L267 ElimStorePlain]: Start of recursive call 9: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:31,488 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 15 [2018-11-23 11:10:31,492 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:10:31,493 INFO L267 ElimStorePlain]: Start of recursive call 16: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,496 INFO L267 ElimStorePlain]: Start of recursive call 15: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,541 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: 3 dim-0 vars, and 4 xjuncts. [2018-11-23 11:10:31,541 INFO L202 ElimStorePlain]: Needed 16 recursive calls to eliminate 4 variables, input treesize:57, output treesize:50 [2018-11-23 11:10:31,551 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:31,551 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_36|, v_DerPreprocessor_6, v_main_~t~0.base_10, v_prenex_4]. (let ((.cse1 (bvadd main_~p~0.offset (_ bv4 32)))) (and (let ((.cse0 (select |v_#memory_int_36| main_~p~0.base))) (or (not (= (_ bv0 32) (select .cse0 .cse1))) (= (select (select (store |v_#memory_int_36| main_~p~0.base (store (store .cse0 main_~p~0.offset (_ bv2 32)) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_6)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32)) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))) (or (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (not (= (_ bv0 32) (select (select v_prenex_4 main_~p~0.base) .cse1)))))) [2018-11-23 11:10:31,551 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_prenex_8, v_prenex_7, v_main_~t~0.base_10]. (let ((.cse1 (bvadd main_~p~0.offset (_ bv4 32)))) (let ((.cse0 (= .cse1 (bvadd main_~a~0.offset (_ bv4 32))))) (and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or .cse0 (= .cse1 main_~a~0.offset) (not (= (_ bv0 1) (select |#valid| v_prenex_8)))) (or (= main_~p~0.base main_~a~0.base) (not (= (_ bv0 1) (select |#valid| v_prenex_7)))) (or .cse0 (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))))) [2018-11-23 11:10:31,717 INFO L273 TraceCheckUtils]: 19: Hoare triple {1695#false} assume !false; {1695#false} is VALID [2018-11-23 11:10:31,717 INFO L273 TraceCheckUtils]: 18: Hoare triple {1695#false} assume 1bv32 != #t~mem9;havoc #t~mem9; {1695#false} is VALID [2018-11-23 11:10:31,717 INFO L273 TraceCheckUtils]: 17: Hoare triple {1754#(= (_ bv0 32) |main_#t~mem8|)} assume 0bv32 != #t~mem8;havoc #t~mem8;call #t~mem9 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1695#false} is VALID [2018-11-23 11:10:31,718 INFO L273 TraceCheckUtils]: 16: Hoare triple {1773#(= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {1754#(= (_ bv0 32) |main_#t~mem8|)} is VALID [2018-11-23 11:10:31,718 INFO L273 TraceCheckUtils]: 15: Hoare triple {1773#(= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1773#(= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))} is VALID [2018-11-23 11:10:31,723 INFO L273 TraceCheckUtils]: 14: Hoare triple {1780#(forall ((main_~p~0.offset (_ BitVec 32))) (= (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1773#(= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))} is VALID [2018-11-23 11:10:31,723 INFO L273 TraceCheckUtils]: 13: Hoare triple {1780#(forall ((main_~p~0.offset (_ BitVec 32))) (= (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32)))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {1780#(forall ((main_~p~0.offset (_ BitVec 32))) (= (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32)))} is VALID [2018-11-23 11:10:31,727 INFO L273 TraceCheckUtils]: 12: Hoare triple {1787#(and (forall ((v_DerPreprocessor_6 (_ BitVec 32))) (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_6)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (not (= main_~t~0.base main_~a~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {1780#(forall ((main_~p~0.offset (_ BitVec 32))) (= (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32)))} is VALID [2018-11-23 11:10:31,728 INFO L273 TraceCheckUtils]: 11: Hoare triple {1787#(and (forall ((v_DerPreprocessor_6 (_ BitVec 32))) (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_6)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (not (= main_~t~0.base main_~a~0.base)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {1787#(and (forall ((v_DerPreprocessor_6 (_ BitVec 32))) (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_6)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:31,731 INFO L273 TraceCheckUtils]: 10: Hoare triple {1794#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_DerPreprocessor_6 (_ BitVec 32))) (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_6)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (forall ((v_main_~t~0.base_10 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {1787#(and (forall ((v_DerPreprocessor_6 (_ BitVec 32))) (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_6)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:31,735 INFO L273 TraceCheckUtils]: 9: Hoare triple {1798#(and (or (forall ((v_DerPreprocessor_6 (_ BitVec 32))) (= (select (select (store |#memory_int| main_~p~0.base (store (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv2 32)) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_6)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32))) (not (= (_ bv0 32) |main_#t~mem4|)) (forall ((v_main_~t~0.base_10 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))) (or (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (not (= (_ bv0 32) |main_#t~mem4|))))} assume !(0bv32 != #t~mem4);havoc #t~mem4;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32); {1794#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_DerPreprocessor_6 (_ BitVec 32))) (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_6)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (forall ((v_main_~t~0.base_10 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))))} is VALID [2018-11-23 11:10:31,750 INFO L273 TraceCheckUtils]: 8: Hoare triple {1802#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((v_main_~t~0.base_10 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_7 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_7))))))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {1798#(and (or (forall ((v_DerPreprocessor_6 (_ BitVec 32))) (= (select (select (store |#memory_int| main_~p~0.base (store (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv2 32)) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_6)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32))) (not (= (_ bv0 32) |main_#t~mem4|)) (forall ((v_main_~t~0.base_10 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))) (or (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (not (= (_ bv0 32) |main_#t~mem4|))))} is VALID [2018-11-23 11:10:31,751 INFO L273 TraceCheckUtils]: 7: Hoare triple {1806#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {1802#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((v_main_~t~0.base_10 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_7 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_7))))))} is VALID [2018-11-23 11:10:31,751 INFO L273 TraceCheckUtils]: 6: Hoare triple {1806#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {1806#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:31,752 INFO L273 TraceCheckUtils]: 5: Hoare triple {1694#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {1806#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:31,752 INFO L256 TraceCheckUtils]: 4: Hoare triple {1694#true} call #t~ret16 := main(); {1694#true} is VALID [2018-11-23 11:10:31,752 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1694#true} {1694#true} #101#return; {1694#true} is VALID [2018-11-23 11:10:31,753 INFO L273 TraceCheckUtils]: 2: Hoare triple {1694#true} assume true; {1694#true} is VALID [2018-11-23 11:10:31,753 INFO L273 TraceCheckUtils]: 1: Hoare triple {1694#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1694#true} is VALID [2018-11-23 11:10:31,753 INFO L256 TraceCheckUtils]: 0: Hoare triple {1694#true} call ULTIMATE.init(); {1694#true} is VALID [2018-11-23 11:10:31,754 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:31,756 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:10:31,756 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 10] total 17 [2018-11-23 11:10:31,756 INFO L78 Accepts]: Start accepts. Automaton has 17 states. Word has length 20 [2018-11-23 11:10:31,756 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:31,756 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 17 states. [2018-11-23 11:10:31,832 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 32 edges. 32 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:31,832 INFO L459 AbstractCegarLoop]: Interpolant automaton has 17 states [2018-11-23 11:10:31,833 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 17 interpolants. [2018-11-23 11:10:31,833 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=53, Invalid=218, Unknown=1, NotChecked=0, Total=272 [2018-11-23 11:10:31,833 INFO L87 Difference]: Start difference. First operand 80 states and 103 transitions. Second operand 17 states. [2018-11-23 11:10:35,032 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:35,032 INFO L93 Difference]: Finished difference Result 117 states and 152 transitions. [2018-11-23 11:10:35,032 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2018-11-23 11:10:35,032 INFO L78 Accepts]: Start accepts. Automaton has 17 states. Word has length 20 [2018-11-23 11:10:35,033 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:35,033 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 17 states. [2018-11-23 11:10:35,035 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 75 transitions. [2018-11-23 11:10:35,035 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 17 states. [2018-11-23 11:10:35,037 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 75 transitions. [2018-11-23 11:10:35,037 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 75 transitions. [2018-11-23 11:10:35,182 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 75 edges. 75 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:35,185 INFO L225 Difference]: With dead ends: 117 [2018-11-23 11:10:35,185 INFO L226 Difference]: Without dead ends: 97 [2018-11-23 11:10:35,186 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 43 GetRequests, 24 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 59 ImplicationChecksByTransitivity, 9.1s TimeCoverageRelationStatistics Valid=104, Invalid=315, Unknown=1, NotChecked=0, Total=420 [2018-11-23 11:10:35,187 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 97 states. [2018-11-23 11:10:35,311 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 97 to 80. [2018-11-23 11:10:35,311 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:35,311 INFO L82 GeneralOperation]: Start isEquivalent. First operand 97 states. Second operand 80 states. [2018-11-23 11:10:35,312 INFO L74 IsIncluded]: Start isIncluded. First operand 97 states. Second operand 80 states. [2018-11-23 11:10:35,312 INFO L87 Difference]: Start difference. First operand 97 states. Second operand 80 states. [2018-11-23 11:10:35,317 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:35,317 INFO L93 Difference]: Finished difference Result 97 states and 122 transitions. [2018-11-23 11:10:35,317 INFO L276 IsEmpty]: Start isEmpty. Operand 97 states and 122 transitions. [2018-11-23 11:10:35,318 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:35,318 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:35,318 INFO L74 IsIncluded]: Start isIncluded. First operand 80 states. Second operand 97 states. [2018-11-23 11:10:35,318 INFO L87 Difference]: Start difference. First operand 80 states. Second operand 97 states. [2018-11-23 11:10:35,322 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:35,322 INFO L93 Difference]: Finished difference Result 97 states and 122 transitions. [2018-11-23 11:10:35,322 INFO L276 IsEmpty]: Start isEmpty. Operand 97 states and 122 transitions. [2018-11-23 11:10:35,323 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:35,323 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:35,323 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:35,323 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:35,324 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 80 states. [2018-11-23 11:10:35,326 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 80 states to 80 states and 100 transitions. [2018-11-23 11:10:35,327 INFO L78 Accepts]: Start accepts. Automaton has 80 states and 100 transitions. Word has length 20 [2018-11-23 11:10:35,327 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:35,327 INFO L480 AbstractCegarLoop]: Abstraction has 80 states and 100 transitions. [2018-11-23 11:10:35,327 INFO L481 AbstractCegarLoop]: Interpolant automaton has 17 states. [2018-11-23 11:10:35,327 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 100 transitions. [2018-11-23 11:10:35,328 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2018-11-23 11:10:35,328 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:35,328 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:35,328 INFO L423 AbstractCegarLoop]: === Iteration 7 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:35,329 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:35,329 INFO L82 PathProgramCache]: Analyzing trace with hash -1507257526, now seen corresponding path program 1 times [2018-11-23 11:10:35,329 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:35,329 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:35,355 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:35,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:35,451 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:35,454 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:35,470 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:10:35,472 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:35,480 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:35,480 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:10:35,484 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:35,485 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_33|]. (and (= main_~a~0.offset (_ bv0 32)) (= |#valid| (store |v_#valid_33| main_~a~0.base (_ bv1 1)))) [2018-11-23 11:10:35,485 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:10:35,849 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:10:35,856 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:10:35,857 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:35,882 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:35,926 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:35,926 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:39, output treesize:26 [2018-11-23 11:10:35,936 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:35,937 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_37|, |v_main_#t~nondet3_6|]. (let ((.cse0 (bvadd main_~p~0.offset (_ bv4 32)))) (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) .cse0) |main_#t~mem4|) (= (store |v_#memory_int_37| main_~p~0.base (store (select |v_#memory_int_37| main_~p~0.base) .cse0 |v_main_#t~nondet3_6|)) |#memory_int|) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))) [2018-11-23 11:10:35,937 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) |main_#t~mem4|) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset)) [2018-11-23 11:10:35,993 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 17 [2018-11-23 11:10:36,001 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:36,008 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 24 [2018-11-23 11:10:36,010 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:36,021 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:36,061 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:36,061 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:38, output treesize:34 [2018-11-23 11:10:36,382 WARN L180 SmtUtils]: Spent 125.00 ms on a formula simplification that was a NOOP. DAG size: 25 [2018-11-23 11:10:36,408 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:36,409 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:36,410 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:10:36,412 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:36,458 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:36,458 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:39, output treesize:31 [2018-11-23 11:10:36,474 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:36,475 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_34|]. (let ((.cse0 (select |#memory_int| main_~a~0.base))) (and (= (_ bv0 1) (bvadd (select |v_#valid_34| main_~a~0.base) (_ bv1 1))) (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (not (= (select .cse0 (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))) (= (_ bv0 1) (select |v_#valid_34| main_~t~0.base)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv1 32) (select .cse0 main_~a~0.offset)))) [2018-11-23 11:10:36,475 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#memory_int| main_~a~0.base))) (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (not (= (select .cse0 (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select .cse0 main_~a~0.offset)))) [2018-11-23 11:10:36,559 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 30 [2018-11-23 11:10:36,605 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:36,629 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:36,652 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:36,682 INFO L303 Elim1Store]: Index analysis took 116 ms [2018-11-23 11:10:36,683 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 4 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 38 [2018-11-23 11:10:36,685 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:36,716 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:36,731 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:36,731 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:44, output treesize:25 [2018-11-23 11:10:36,869 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 28 [2018-11-23 11:10:36,875 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:36,878 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:36,890 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:36,911 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:36,911 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:34, output treesize:30 [2018-11-23 11:10:36,922 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:36,923 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_40|, v_main_~p~0.base_39, v_main_~p~0.offset_39]. (let ((.cse0 (select |v_#memory_int_40| main_~p~0.base))) (and (not (= (select .cse0 (_ bv4 32)) (_ bv0 32))) (= main_~p~0.offset (_ bv0 32)) (= (store |v_#memory_int_40| v_main_~p~0.base_39 (store (select |v_#memory_int_40| v_main_~p~0.base_39) v_main_~p~0.offset_39 (_ bv3 32))) |#memory_int|) (not (= v_main_~p~0.base_39 main_~p~0.base)) (= (select .cse0 (_ bv0 32)) (_ bv1 32)))) [2018-11-23 11:10:36,923 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_39, v_main_~p~0.offset_39]. (let ((.cse0 (select |#memory_int| main_~p~0.base))) (and (= main_~p~0.offset (_ bv0 32)) (not (= v_main_~p~0.base_39 main_~p~0.base)) (= (select (select |#memory_int| v_main_~p~0.base_39) v_main_~p~0.offset_39) (_ bv3 32)) (not (= (select .cse0 (_ bv4 32)) (_ bv0 32))) (= (select .cse0 (_ bv0 32)) (_ bv1 32)))) [2018-11-23 11:10:36,993 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 34 treesize of output 30 [2018-11-23 11:10:37,004 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 1 [2018-11-23 11:10:37,005 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:37,025 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 4 [2018-11-23 11:10:37,026 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:37,029 INFO L267 ElimStorePlain]: Start of recursive call 2: 2 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:37,037 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:37,037 INFO L202 ElimStorePlain]: Needed 4 recursive calls to eliminate 4 variables, input treesize:38, output treesize:4 [2018-11-23 11:10:37,042 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:37,042 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, v_main_~p~0.base_39, v_main_~p~0.offset_39]. (let ((.cse1 (select |#memory_int| main_~p~0.base))) (let ((.cse0 (select .cse1 (_ bv4 32)))) (and (not (= v_main_~p~0.base_39 main_~p~0.base)) (not (= .cse0 (_ bv0 32))) (= .cse0 |main_#t~mem8|) (= (bvadd (select .cse1 (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_39) v_main_~p~0.offset_39) (_ bv4294967293 32)) (_ bv0 32))))) [2018-11-23 11:10:37,042 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (not (= (_ bv0 32) |main_#t~mem8|)) [2018-11-23 11:10:37,059 INFO L256 TraceCheckUtils]: 0: Hoare triple {2274#true} call ULTIMATE.init(); {2274#true} is VALID [2018-11-23 11:10:37,059 INFO L273 TraceCheckUtils]: 1: Hoare triple {2274#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2274#true} is VALID [2018-11-23 11:10:37,059 INFO L273 TraceCheckUtils]: 2: Hoare triple {2274#true} assume true; {2274#true} is VALID [2018-11-23 11:10:37,059 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2274#true} {2274#true} #101#return; {2274#true} is VALID [2018-11-23 11:10:37,060 INFO L256 TraceCheckUtils]: 4: Hoare triple {2274#true} call #t~ret16 := main(); {2274#true} is VALID [2018-11-23 11:10:37,061 INFO L273 TraceCheckUtils]: 5: Hoare triple {2274#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {2294#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:37,061 INFO L273 TraceCheckUtils]: 6: Hoare triple {2294#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {2294#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:37,062 INFO L273 TraceCheckUtils]: 7: Hoare triple {2294#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {2301#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:37,063 INFO L273 TraceCheckUtils]: 8: Hoare triple {2301#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {2305#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) |main_#t~mem4|) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:37,065 INFO L273 TraceCheckUtils]: 9: Hoare triple {2305#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) |main_#t~mem4|) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume 0bv32 != #t~mem4;havoc #t~mem4;call write~intINTTYPE4(1bv32, ~p~0.base, ~p~0.offset, 4bv32); {2309#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:37,067 INFO L273 TraceCheckUtils]: 10: Hoare triple {2309#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {2313#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:37,068 INFO L273 TraceCheckUtils]: 11: Hoare triple {2313#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {2313#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:37,072 INFO L273 TraceCheckUtils]: 12: Hoare triple {2313#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_int| main_~a~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32))) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {2320#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (not (= (_ bv0 32) (select (select |#memory_int| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:37,073 INFO L273 TraceCheckUtils]: 13: Hoare triple {2320#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (not (= (_ bv0 32) (select (select |#memory_int| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {2320#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (not (= (_ bv0 32) (select (select |#memory_int| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:37,075 INFO L273 TraceCheckUtils]: 14: Hoare triple {2320#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (not (= (_ bv0 32) (select (select |#memory_int| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2327#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_int| main_~p~0.base) (_ bv4 32)) (_ bv0 32))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)) (exists ((v_main_~p~0.base_39 (_ BitVec 32)) (v_main_~p~0.offset_39 (_ BitVec 32))) (and (not (= v_main_~p~0.base_39 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_39) v_main_~p~0.offset_39) (_ bv4294967293 32)) (_ bv0 32)))))} is VALID [2018-11-23 11:10:37,075 INFO L273 TraceCheckUtils]: 15: Hoare triple {2327#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_int| main_~p~0.base) (_ bv4 32)) (_ bv0 32))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)) (exists ((v_main_~p~0.base_39 (_ BitVec 32)) (v_main_~p~0.offset_39 (_ BitVec 32))) (and (not (= v_main_~p~0.base_39 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_39) v_main_~p~0.offset_39) (_ bv4294967293 32)) (_ bv0 32)))))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2327#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_int| main_~p~0.base) (_ bv4 32)) (_ bv0 32))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)) (exists ((v_main_~p~0.base_39 (_ BitVec 32)) (v_main_~p~0.offset_39 (_ BitVec 32))) (and (not (= v_main_~p~0.base_39 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_39) v_main_~p~0.offset_39) (_ bv4294967293 32)) (_ bv0 32)))))} is VALID [2018-11-23 11:10:37,076 INFO L273 TraceCheckUtils]: 16: Hoare triple {2327#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_int| main_~p~0.base) (_ bv4 32)) (_ bv0 32))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)) (exists ((v_main_~p~0.base_39 (_ BitVec 32)) (v_main_~p~0.offset_39 (_ BitVec 32))) (and (not (= v_main_~p~0.base_39 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_39) v_main_~p~0.offset_39) (_ bv4294967293 32)) (_ bv0 32)))))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {2334#(not (= (_ bv0 32) |main_#t~mem8|))} is VALID [2018-11-23 11:10:37,077 INFO L273 TraceCheckUtils]: 17: Hoare triple {2334#(not (= (_ bv0 32) |main_#t~mem8|))} assume !(0bv32 != #t~mem8);havoc #t~mem8;call #t~mem10 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2275#false} is VALID [2018-11-23 11:10:37,077 INFO L273 TraceCheckUtils]: 18: Hoare triple {2275#false} assume 2bv32 != #t~mem10;havoc #t~mem10; {2275#false} is VALID [2018-11-23 11:10:37,077 INFO L273 TraceCheckUtils]: 19: Hoare triple {2275#false} assume !false; {2275#false} is VALID [2018-11-23 11:10:37,078 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:37,079 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:10:37,389 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:37,411 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:37,422 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:37,444 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:37,513 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 2 xjuncts. [2018-11-23 11:10:37,514 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:39, output treesize:45 [2018-11-23 11:10:37,525 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:37,526 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_42|, v_subst_3]. (or (not (= (select (select (store |v_#memory_int_42| main_~t~0.base (store (select |v_#memory_int_42| main_~t~0.base) v_subst_3 (_ bv3 32))) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32))) (not (= (store |#memory_int| main_~p~0.base (let ((.cse0 (bvadd main_~p~0.offset (_ bv8 32)))) (store (select |#memory_int| main_~p~0.base) .cse0 (select (select |v_#memory_int_42| main_~p~0.base) .cse0)))) |v_#memory_int_42|))) [2018-11-23 11:10:37,526 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_12, v_DerPreprocessor_10]. (let ((.cse0 (select |#memory_int| main_~p~0.base)) (.cse1 (bvadd main_~p~0.offset (_ bv8 32))) (.cse2 (bvadd main_~a~0.offset (_ bv4 32)))) (and (or (not (= (select (select (store |#memory_int| main_~p~0.base (store .cse0 .cse1 v_DerPreprocessor_12)) main_~a~0.base) .cse2) (_ bv0 32))) (= main_~t~0.base main_~a~0.base)) (not (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store .cse0 .cse1 v_DerPreprocessor_10)) main_~a~0.base) .cse2))))) [2018-11-23 11:10:45,720 WARN L180 SmtUtils]: Spent 2.02 s on a formula simplification that was a NOOP. DAG size: 27 [2018-11-23 11:10:47,829 WARN L180 SmtUtils]: Spent 2.03 s on a formula simplification that was a NOOP. DAG size: 31 [2018-11-23 11:10:48,140 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 12 [2018-11-23 11:10:48,147 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:10:48,148 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:48,151 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:48,157 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 26 [2018-11-23 11:10:48,163 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 25 [2018-11-23 11:10:48,170 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:48,174 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 33 [2018-11-23 11:10:48,239 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:48,282 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:48,283 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:48,286 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:48,287 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:48,288 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 6 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 26 [2018-11-23 11:10:48,292 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:48,297 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:48,300 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 16 [2018-11-23 11:10:48,302 INFO L267 ElimStorePlain]: Start of recursive call 8: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:48,347 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:48,382 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:48,427 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:48,486 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-0 vars, 1 dim-2 vars, End of recursive call: 3 dim-0 vars, and 3 xjuncts. [2018-11-23 11:10:48,487 INFO L202 ElimStorePlain]: Needed 8 recursive calls to eliminate 4 variables, input treesize:38, output treesize:48 [2018-11-23 11:10:48,506 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:48,506 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_int|, |main_#t~nondet3|, v_DerPreprocessor_10, v_main_~t~0.base_12]. (or (not (= (select |#valid| v_main_~t~0.base_12) (_ bv0 1))) (not (= (select (select (store |#memory_int| main_~p~0.base (store (store (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)) |main_#t~nondet3|) main_~p~0.offset (_ bv1 32)) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_10)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32))) (= (_ bv0 32) |main_#t~nondet3|)) [2018-11-23 11:10:48,507 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_main_~t~0.base_12, v_prenex_9, v_prenex_10]. (let ((.cse1 (bvadd main_~p~0.offset (_ bv4 32)))) (let ((.cse0 (= .cse1 main_~a~0.offset))) (and (or (not (= (select |#valid| v_main_~t~0.base_12) (_ bv0 1))) (not .cse0)) (let ((.cse2 (bvadd main_~a~0.offset (_ bv4 32)))) (or (not (= (select |#valid| v_prenex_9) (_ bv0 1))) (= .cse1 .cse2) .cse0 (= main_~p~0.offset .cse2))) (or (not (= (select |#valid| v_prenex_10) (_ bv0 1))) (= main_~p~0.base main_~a~0.base))))) [2018-11-23 11:10:48,816 WARN L180 SmtUtils]: Spent 125.00 ms on a formula simplification. DAG size of input: 34 DAG size of output: 24 [2018-11-23 11:10:48,837 INFO L273 TraceCheckUtils]: 19: Hoare triple {2275#false} assume !false; {2275#false} is VALID [2018-11-23 11:10:48,837 INFO L273 TraceCheckUtils]: 18: Hoare triple {2275#false} assume 2bv32 != #t~mem10;havoc #t~mem10; {2275#false} is VALID [2018-11-23 11:10:48,838 INFO L273 TraceCheckUtils]: 17: Hoare triple {2334#(not (= (_ bv0 32) |main_#t~mem8|))} assume !(0bv32 != #t~mem8);havoc #t~mem8;call #t~mem10 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2275#false} is VALID [2018-11-23 11:10:48,838 INFO L273 TraceCheckUtils]: 16: Hoare triple {2353#(not (= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {2334#(not (= (_ bv0 32) |main_#t~mem8|))} is VALID [2018-11-23 11:10:48,839 INFO L273 TraceCheckUtils]: 15: Hoare triple {2353#(not (= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2353#(not (= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)))} is VALID [2018-11-23 11:10:48,842 INFO L273 TraceCheckUtils]: 14: Hoare triple {2360#(forall ((main_~p~0.offset (_ BitVec 32))) (not (= (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32))))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2353#(not (= (select (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32))) (_ bv0 32)))} is VALID [2018-11-23 11:10:48,843 INFO L273 TraceCheckUtils]: 13: Hoare triple {2360#(forall ((main_~p~0.offset (_ BitVec 32))) (not (= (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32))))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {2360#(forall ((main_~p~0.offset (_ BitVec 32))) (not (= (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32))))} is VALID [2018-11-23 11:10:48,847 INFO L273 TraceCheckUtils]: 12: Hoare triple {2367#(forall ((v_DerPreprocessor_10 (_ BitVec 32))) (not (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_10)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {2360#(forall ((main_~p~0.offset (_ BitVec 32))) (not (= (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv0 32))))} is VALID [2018-11-23 11:10:48,851 INFO L273 TraceCheckUtils]: 11: Hoare triple {2367#(forall ((v_DerPreprocessor_10 (_ BitVec 32))) (not (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_10)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {2367#(forall ((v_DerPreprocessor_10 (_ BitVec 32))) (not (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_10)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} is VALID [2018-11-23 11:10:48,853 INFO L273 TraceCheckUtils]: 10: Hoare triple {2374#(or (forall ((v_DerPreprocessor_10 (_ BitVec 32))) (not (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_10)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))) (forall ((v_main_~t~0.base_12 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_12) (_ bv0 1)))))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {2367#(forall ((v_DerPreprocessor_10 (_ BitVec 32))) (not (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_10)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} is VALID [2018-11-23 11:10:48,856 INFO L273 TraceCheckUtils]: 9: Hoare triple {2378#(or (= (_ bv0 32) |main_#t~mem4|) (forall ((v_main_~t~0.base_12 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_12) (_ bv0 1)))) (forall ((v_DerPreprocessor_10 (_ BitVec 32))) (not (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv1 32)) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_10)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))))} assume 0bv32 != #t~mem4;havoc #t~mem4;call write~intINTTYPE4(1bv32, ~p~0.base, ~p~0.offset, 4bv32); {2374#(or (forall ((v_DerPreprocessor_10 (_ BitVec 32))) (not (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_10)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))) (forall ((v_main_~t~0.base_12 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_12) (_ bv0 1)))))} is VALID [2018-11-23 11:10:48,877 INFO L273 TraceCheckUtils]: 8: Hoare triple {2382#(and (or (forall ((v_prenex_10 (_ BitVec 32))) (not (= (select |#valid| v_prenex_10) (_ bv0 1)))) (= main_~p~0.base main_~a~0.base)) (or (forall ((v_prenex_9 (_ BitVec 32))) (not (= (select |#valid| v_prenex_9) (_ bv0 1)))) (= (bvadd main_~p~0.offset (_ bv4294967292 32)) main_~a~0.offset) (= main_~p~0.offset main_~a~0.offset)))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {2378#(or (= (_ bv0 32) |main_#t~mem4|) (forall ((v_main_~t~0.base_12 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_12) (_ bv0 1)))) (forall ((v_DerPreprocessor_10 (_ BitVec 32))) (not (= (_ bv0 32) (select (select (store |#memory_int| main_~p~0.base (store (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv1 32)) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_10)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))))} is VALID [2018-11-23 11:10:48,878 INFO L273 TraceCheckUtils]: 7: Hoare triple {2274#true} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {2382#(and (or (forall ((v_prenex_10 (_ BitVec 32))) (not (= (select |#valid| v_prenex_10) (_ bv0 1)))) (= main_~p~0.base main_~a~0.base)) (or (forall ((v_prenex_9 (_ BitVec 32))) (not (= (select |#valid| v_prenex_9) (_ bv0 1)))) (= (bvadd main_~p~0.offset (_ bv4294967292 32)) main_~a~0.offset) (= main_~p~0.offset main_~a~0.offset)))} is VALID [2018-11-23 11:10:48,878 INFO L273 TraceCheckUtils]: 6: Hoare triple {2274#true} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {2274#true} is VALID [2018-11-23 11:10:48,878 INFO L273 TraceCheckUtils]: 5: Hoare triple {2274#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {2274#true} is VALID [2018-11-23 11:10:48,878 INFO L256 TraceCheckUtils]: 4: Hoare triple {2274#true} call #t~ret16 := main(); {2274#true} is VALID [2018-11-23 11:10:48,878 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2274#true} {2274#true} #101#return; {2274#true} is VALID [2018-11-23 11:10:48,878 INFO L273 TraceCheckUtils]: 2: Hoare triple {2274#true} assume true; {2274#true} is VALID [2018-11-23 11:10:48,879 INFO L273 TraceCheckUtils]: 1: Hoare triple {2274#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2274#true} is VALID [2018-11-23 11:10:48,879 INFO L256 TraceCheckUtils]: 0: Hoare triple {2274#true} call ULTIMATE.init(); {2274#true} is VALID [2018-11-23 11:10:48,881 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:48,886 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:10:48,886 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 9] total 16 [2018-11-23 11:10:48,886 INFO L78 Accepts]: Start accepts. Automaton has 16 states. Word has length 20 [2018-11-23 11:10:48,886 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:48,886 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 16 states. [2018-11-23 11:10:48,959 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 32 edges. 32 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:48,959 INFO L459 AbstractCegarLoop]: Interpolant automaton has 16 states [2018-11-23 11:10:48,959 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 16 interpolants. [2018-11-23 11:10:48,959 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=58, Invalid=180, Unknown=2, NotChecked=0, Total=240 [2018-11-23 11:10:48,960 INFO L87 Difference]: Start difference. First operand 80 states and 100 transitions. Second operand 16 states. [2018-11-23 11:10:53,531 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:53,531 INFO L93 Difference]: Finished difference Result 136 states and 170 transitions. [2018-11-23 11:10:53,532 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2018-11-23 11:10:53,532 INFO L78 Accepts]: Start accepts. Automaton has 16 states. Word has length 20 [2018-11-23 11:10:53,532 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:53,532 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 16 states. [2018-11-23 11:10:53,534 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 101 transitions. [2018-11-23 11:10:53,534 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 16 states. [2018-11-23 11:10:53,536 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 101 transitions. [2018-11-23 11:10:53,537 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states and 101 transitions. [2018-11-23 11:10:53,742 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:53,744 INFO L225 Difference]: With dead ends: 136 [2018-11-23 11:10:53,744 INFO L226 Difference]: Without dead ends: 116 [2018-11-23 11:10:53,745 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 25 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 70 ImplicationChecksByTransitivity, 9.8s TimeCoverageRelationStatistics Valid=142, Invalid=362, Unknown=2, NotChecked=0, Total=506 [2018-11-23 11:10:53,745 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 116 states. [2018-11-23 11:10:53,855 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 116 to 82. [2018-11-23 11:10:53,856 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:53,856 INFO L82 GeneralOperation]: Start isEquivalent. First operand 116 states. Second operand 82 states. [2018-11-23 11:10:53,856 INFO L74 IsIncluded]: Start isIncluded. First operand 116 states. Second operand 82 states. [2018-11-23 11:10:53,856 INFO L87 Difference]: Start difference. First operand 116 states. Second operand 82 states. [2018-11-23 11:10:53,860 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:53,860 INFO L93 Difference]: Finished difference Result 116 states and 141 transitions. [2018-11-23 11:10:53,860 INFO L276 IsEmpty]: Start isEmpty. Operand 116 states and 141 transitions. [2018-11-23 11:10:53,861 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:53,861 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:53,861 INFO L74 IsIncluded]: Start isIncluded. First operand 82 states. Second operand 116 states. [2018-11-23 11:10:53,861 INFO L87 Difference]: Start difference. First operand 82 states. Second operand 116 states. [2018-11-23 11:10:53,864 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:53,864 INFO L93 Difference]: Finished difference Result 116 states and 141 transitions. [2018-11-23 11:10:53,864 INFO L276 IsEmpty]: Start isEmpty. Operand 116 states and 141 transitions. [2018-11-23 11:10:53,865 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:53,865 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:53,865 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:53,865 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:53,865 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 82 states. [2018-11-23 11:10:53,867 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 82 states to 82 states and 100 transitions. [2018-11-23 11:10:53,867 INFO L78 Accepts]: Start accepts. Automaton has 82 states and 100 transitions. Word has length 20 [2018-11-23 11:10:53,867 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:53,867 INFO L480 AbstractCegarLoop]: Abstraction has 82 states and 100 transitions. [2018-11-23 11:10:53,867 INFO L481 AbstractCegarLoop]: Interpolant automaton has 16 states. [2018-11-23 11:10:53,868 INFO L276 IsEmpty]: Start isEmpty. Operand 82 states and 100 transitions. [2018-11-23 11:10:53,868 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2018-11-23 11:10:53,868 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:53,868 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:53,868 INFO L423 AbstractCegarLoop]: === Iteration 8 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:53,868 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:53,868 INFO L82 PathProgramCache]: Analyzing trace with hash -1507264470, now seen corresponding path program 1 times [2018-11-23 11:10:53,869 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:53,869 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 9 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 9 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:53,893 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:53,941 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:53,963 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:53,965 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:53,992 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:10:53,996 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,002 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,003 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:10:54,011 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:54,012 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_39|]. (and (= main_~a~0.offset (_ bv0 32)) (= |#valid| (store |v_#valid_39| main_~a~0.base (_ bv1 1)))) [2018-11-23 11:10:54,012 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:10:54,075 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:10:54,081 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:54,083 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,086 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,101 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,102 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:28, output treesize:24 [2018-11-23 11:10:54,239 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:54,241 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:54,241 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:10:54,243 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,260 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,261 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:29, output treesize:21 [2018-11-23 11:10:54,352 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 22 [2018-11-23 11:10:54,362 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:54,366 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 14 [2018-11-23 11:10:54,370 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,377 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,387 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,388 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:34, output treesize:15 [2018-11-23 11:10:54,439 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 20 [2018-11-23 11:10:54,444 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:54,445 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,521 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,537 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:54,538 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:26, output treesize:22 [2018-11-23 11:10:54,546 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:54,547 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_47|, v_main_~p~0.base_44, v_main_~p~0.offset_44]. (and (= main_~p~0.offset (_ bv0 32)) (not (= v_main_~p~0.base_44 main_~p~0.base)) (= (_ bv1 32) (select (select |v_#memory_int_47| main_~p~0.base) (_ bv0 32))) (= (store |v_#memory_int_47| v_main_~p~0.base_44 (store (select |v_#memory_int_47| v_main_~p~0.base_44) v_main_~p~0.offset_44 (_ bv3 32))) |#memory_int|)) [2018-11-23 11:10:54,547 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_44, v_main_~p~0.offset_44]. (and (= main_~p~0.offset (_ bv0 32)) (not (= v_main_~p~0.base_44 main_~p~0.base)) (= (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv1 32)) (= (select (select |#memory_int| v_main_~p~0.base_44) v_main_~p~0.offset_44) (_ bv3 32))) [2018-11-23 11:10:54,619 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 24 [2018-11-23 11:10:54,628 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 1 [2018-11-23 11:10:54,630 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,643 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-23 11:10:54,645 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,648 INFO L267 ElimStorePlain]: Start of recursive call 2: 2 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,656 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,656 INFO L202 ElimStorePlain]: Needed 4 recursive calls to eliminate 4 variables, input treesize:30, output treesize:5 [2018-11-23 11:10:54,678 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:54,678 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, v_main_~p~0.base_44, v_main_~p~0.offset_44]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) (_ bv0 32)))) (and (not (= v_main_~p~0.base_44 main_~p~0.base)) (= .cse0 |main_#t~mem9|) (= (bvadd .cse0 (_ bv4294967295 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_44) v_main_~p~0.offset_44) (_ bv4294967293 32)) (_ bv0 32)))) [2018-11-23 11:10:54,679 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd |main_#t~mem9| (_ bv4294967295 32))) [2018-11-23 11:10:54,700 INFO L256 TraceCheckUtils]: 0: Hoare triple {2925#true} call ULTIMATE.init(); {2925#true} is VALID [2018-11-23 11:10:54,701 INFO L273 TraceCheckUtils]: 1: Hoare triple {2925#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2925#true} is VALID [2018-11-23 11:10:54,701 INFO L273 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2018-11-23 11:10:54,701 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2925#true} #101#return; {2925#true} is VALID [2018-11-23 11:10:54,702 INFO L256 TraceCheckUtils]: 4: Hoare triple {2925#true} call #t~ret16 := main(); {2925#true} is VALID [2018-11-23 11:10:54,704 INFO L273 TraceCheckUtils]: 5: Hoare triple {2925#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {2945#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:54,704 INFO L273 TraceCheckUtils]: 6: Hoare triple {2945#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {2945#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:54,705 INFO L273 TraceCheckUtils]: 7: Hoare triple {2945#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {2952#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:54,708 INFO L273 TraceCheckUtils]: 8: Hoare triple {2952#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {2952#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:54,710 INFO L273 TraceCheckUtils]: 9: Hoare triple {2952#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume 0bv32 != #t~mem4;havoc #t~mem4;call write~intINTTYPE4(1bv32, ~p~0.base, ~p~0.offset, 4bv32); {2959#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:54,710 INFO L273 TraceCheckUtils]: 10: Hoare triple {2959#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {2963#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:54,711 INFO L273 TraceCheckUtils]: 11: Hoare triple {2963#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {2963#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:54,713 INFO L273 TraceCheckUtils]: 12: Hoare triple {2963#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {2970#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:54,714 INFO L273 TraceCheckUtils]: 13: Hoare triple {2970#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {2970#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:54,716 INFO L273 TraceCheckUtils]: 14: Hoare triple {2970#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2977#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.offset_44 (_ BitVec 32)) (v_main_~p~0.base_44 (_ BitVec 32))) (and (not (= v_main_~p~0.base_44 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_44) v_main_~p~0.offset_44) (_ bv4294967293 32)) (_ bv0 32)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:54,717 INFO L273 TraceCheckUtils]: 15: Hoare triple {2977#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.offset_44 (_ BitVec 32)) (v_main_~p~0.base_44 (_ BitVec 32))) (and (not (= v_main_~p~0.base_44 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_44) v_main_~p~0.offset_44) (_ bv4294967293 32)) (_ bv0 32)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2977#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.offset_44 (_ BitVec 32)) (v_main_~p~0.base_44 (_ BitVec 32))) (and (not (= v_main_~p~0.base_44 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_44) v_main_~p~0.offset_44) (_ bv4294967293 32)) (_ bv0 32)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:54,718 INFO L273 TraceCheckUtils]: 16: Hoare triple {2977#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.offset_44 (_ BitVec 32)) (v_main_~p~0.base_44 (_ BitVec 32))) (and (not (= v_main_~p~0.base_44 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_44) v_main_~p~0.offset_44) (_ bv4294967293 32)) (_ bv0 32)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {2977#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.offset_44 (_ BitVec 32)) (v_main_~p~0.base_44 (_ BitVec 32))) (and (not (= v_main_~p~0.base_44 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_44) v_main_~p~0.offset_44) (_ bv4294967293 32)) (_ bv0 32)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:54,719 INFO L273 TraceCheckUtils]: 17: Hoare triple {2977#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.offset_44 (_ BitVec 32)) (v_main_~p~0.base_44 (_ BitVec 32))) (and (not (= v_main_~p~0.base_44 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_44) v_main_~p~0.offset_44) (_ bv4294967293 32)) (_ bv0 32)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} assume 0bv32 != #t~mem8;havoc #t~mem8;call #t~mem9 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2987#(= (_ bv1 32) |main_#t~mem9|)} is VALID [2018-11-23 11:10:54,719 INFO L273 TraceCheckUtils]: 18: Hoare triple {2987#(= (_ bv1 32) |main_#t~mem9|)} assume 1bv32 != #t~mem9;havoc #t~mem9; {2926#false} is VALID [2018-11-23 11:10:54,720 INFO L273 TraceCheckUtils]: 19: Hoare triple {2926#false} assume !false; {2926#false} is VALID [2018-11-23 11:10:54,722 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:54,722 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:10:54,924 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,932 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:54,947 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:54,954 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:54,980 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 1 dim-0 vars, and 2 xjuncts. [2018-11-23 11:10:54,980 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:38, output treesize:24 [2018-11-23 11:10:54,995 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:54,995 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_49|, v_subst_4]. (or (= (_ bv0 32) (bvadd (select (select (store |v_#memory_int_49| main_~t~0.base (store (select |v_#memory_int_49| main_~t~0.base) v_subst_4 (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32))) (not (= (store |#memory_int| main_~p~0.base (let ((.cse0 (bvadd main_~p~0.offset (_ bv8 32)))) (store (select |#memory_int| main_~p~0.base) .cse0 (select (select |v_#memory_int_49| main_~p~0.base) .cse0)))) |v_#memory_int_49|))) [2018-11-23 11:10:54,995 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_16]. (and (not (= main_~t~0.base main_~a~0.base)) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_16)) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32))) [2018-11-23 11:10:59,766 WARN L180 SmtUtils]: Spent 2.03 s on a formula simplification that was a NOOP. DAG size: 30 [2018-11-23 11:10:59,865 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 24 [2018-11-23 11:10:59,871 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 17 [2018-11-23 11:10:59,917 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 9 [2018-11-23 11:10:59,920 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,926 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 6 [2018-11-23 11:10:59,930 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,955 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:59,988 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:11:00,010 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 31 treesize of output 35 [2018-11-23 11:11:00,021 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 30 treesize of output 28 [2018-11-23 11:11:00,024 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:00,060 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:11:00,062 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 33 [2018-11-23 11:11:00,126 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 7 [2018-11-23 11:11:00,128 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:00,145 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:11:00,207 INFO L267 ElimStorePlain]: Start of recursive call 6: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:11:00,212 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 17 [2018-11-23 11:11:00,219 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 5 [2018-11-23 11:11:00,222 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:00,231 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:00,299 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 3 dim-0 vars, and 4 xjuncts. [2018-11-23 11:11:00,299 INFO L202 ElimStorePlain]: Needed 11 recursive calls to eliminate 3 variables, input treesize:36, output treesize:42 [2018-11-23 11:11:00,309 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:00,309 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_int|, v_DerPreprocessor_16, v_main_~t~0.base_13]. (and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (not (= (select |#valid| v_main_~t~0.base_13) (_ bv0 1))) (= (_ bv0 32) (bvadd (select (select (store |#memory_int| main_~p~0.base (store (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv1 32)) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_16)) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32))))) [2018-11-23 11:11:00,309 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_prenex_12, v_prenex_13, v_main_~t~0.base_13]. (let ((.cse0 (= main_~a~0.offset main_~p~0.offset))) (and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (not (= (select |#valid| v_prenex_12) (_ bv0 1))) .cse0) (or (= main_~p~0.base main_~a~0.base) (not (= (select |#valid| v_prenex_13) (_ bv0 1)))) (or (not (= (select |#valid| v_main_~t~0.base_13) (_ bv0 1))) .cse0 (= (bvadd main_~p~0.offset (_ bv8 32)) main_~a~0.offset)))) [2018-11-23 11:11:00,559 INFO L273 TraceCheckUtils]: 19: Hoare triple {2926#false} assume !false; {2926#false} is VALID [2018-11-23 11:11:00,561 INFO L273 TraceCheckUtils]: 18: Hoare triple {2987#(= (_ bv1 32) |main_#t~mem9|)} assume 1bv32 != #t~mem9;havoc #t~mem9; {2926#false} is VALID [2018-11-23 11:11:00,561 INFO L273 TraceCheckUtils]: 17: Hoare triple {3000#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} assume 0bv32 != #t~mem8;havoc #t~mem8;call #t~mem9 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2987#(= (_ bv1 32) |main_#t~mem9|)} is VALID [2018-11-23 11:11:00,563 INFO L273 TraceCheckUtils]: 16: Hoare triple {3000#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {3000#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:11:00,563 INFO L273 TraceCheckUtils]: 15: Hoare triple {3000#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3000#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:11:00,566 INFO L273 TraceCheckUtils]: 14: Hoare triple {3010#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3000#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:11:00,567 INFO L273 TraceCheckUtils]: 13: Hoare triple {3010#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {3010#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:11:00,572 INFO L273 TraceCheckUtils]: 12: Hoare triple {3017#(and (forall ((v_DerPreprocessor_16 (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_16)) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32))) (not (= main_~t~0.base main_~a~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {3010#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:11:00,573 INFO L273 TraceCheckUtils]: 11: Hoare triple {3017#(and (forall ((v_DerPreprocessor_16 (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_16)) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32))) (not (= main_~t~0.base main_~a~0.base)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {3017#(and (forall ((v_DerPreprocessor_16 (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_16)) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32))) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:11:00,575 INFO L273 TraceCheckUtils]: 10: Hoare triple {3024#(and (or (forall ((v_DerPreprocessor_16 (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_16)) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32))) (forall ((v_main_~t~0.base_13 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_13) (_ bv0 1))))) (not (= (select |#valid| main_~a~0.base) (_ bv0 1))))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {3017#(and (forall ((v_DerPreprocessor_16 (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_16)) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32))) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:11:00,577 INFO L273 TraceCheckUtils]: 9: Hoare triple {3028#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_prenex_12 (_ BitVec 32))) (not (= (select |#valid| v_prenex_12) (_ bv0 1)))) (= main_~a~0.offset main_~p~0.offset)) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_13 (_ BitVec 32))) (not (= (select |#valid| v_prenex_13) (_ bv0 1))))))} assume 0bv32 != #t~mem4;havoc #t~mem4;call write~intINTTYPE4(1bv32, ~p~0.base, ~p~0.offset, 4bv32); {3024#(and (or (forall ((v_DerPreprocessor_16 (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)) v_DerPreprocessor_16)) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32))) (forall ((v_main_~t~0.base_13 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_13) (_ bv0 1))))) (not (= (select |#valid| main_~a~0.base) (_ bv0 1))))} is VALID [2018-11-23 11:11:00,583 INFO L273 TraceCheckUtils]: 8: Hoare triple {3028#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_prenex_12 (_ BitVec 32))) (not (= (select |#valid| v_prenex_12) (_ bv0 1)))) (= main_~a~0.offset main_~p~0.offset)) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_13 (_ BitVec 32))) (not (= (select |#valid| v_prenex_13) (_ bv0 1))))))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {3028#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_prenex_12 (_ BitVec 32))) (not (= (select |#valid| v_prenex_12) (_ bv0 1)))) (= main_~a~0.offset main_~p~0.offset)) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_13 (_ BitVec 32))) (not (= (select |#valid| v_prenex_13) (_ bv0 1))))))} is VALID [2018-11-23 11:11:00,585 INFO L273 TraceCheckUtils]: 7: Hoare triple {3035#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {3028#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_prenex_12 (_ BitVec 32))) (not (= (select |#valid| v_prenex_12) (_ bv0 1)))) (= main_~a~0.offset main_~p~0.offset)) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_13 (_ BitVec 32))) (not (= (select |#valid| v_prenex_13) (_ bv0 1))))))} is VALID [2018-11-23 11:11:00,585 INFO L273 TraceCheckUtils]: 6: Hoare triple {3035#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {3035#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:11:00,586 INFO L273 TraceCheckUtils]: 5: Hoare triple {2925#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {3035#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:11:00,586 INFO L256 TraceCheckUtils]: 4: Hoare triple {2925#true} call #t~ret16 := main(); {2925#true} is VALID [2018-11-23 11:11:00,586 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2925#true} {2925#true} #101#return; {2925#true} is VALID [2018-11-23 11:11:00,586 INFO L273 TraceCheckUtils]: 2: Hoare triple {2925#true} assume true; {2925#true} is VALID [2018-11-23 11:11:00,587 INFO L273 TraceCheckUtils]: 1: Hoare triple {2925#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2925#true} is VALID [2018-11-23 11:11:00,587 INFO L256 TraceCheckUtils]: 0: Hoare triple {2925#true} call ULTIMATE.init(); {2925#true} is VALID [2018-11-23 11:11:00,588 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:11:00,590 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:11:00,590 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 15 [2018-11-23 11:11:00,591 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 20 [2018-11-23 11:11:00,591 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:11:00,591 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states. [2018-11-23 11:11:00,667 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 33 edges. 33 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:11:00,667 INFO L459 AbstractCegarLoop]: Interpolant automaton has 15 states [2018-11-23 11:11:00,668 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2018-11-23 11:11:00,668 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=43, Invalid=166, Unknown=1, NotChecked=0, Total=210 [2018-11-23 11:11:00,668 INFO L87 Difference]: Start difference. First operand 82 states and 100 transitions. Second operand 15 states. [2018-11-23 11:11:04,067 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:11:04,067 INFO L93 Difference]: Finished difference Result 109 states and 129 transitions. [2018-11-23 11:11:04,068 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2018-11-23 11:11:04,068 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 20 [2018-11-23 11:11:04,068 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:11:04,068 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2018-11-23 11:11:04,070 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 68 transitions. [2018-11-23 11:11:04,070 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2018-11-23 11:11:04,072 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 68 transitions. [2018-11-23 11:11:04,072 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 68 transitions. [2018-11-23 11:11:04,281 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 68 edges. 68 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:11:04,284 INFO L225 Difference]: With dead ends: 109 [2018-11-23 11:11:04,284 INFO L226 Difference]: Without dead ends: 107 [2018-11-23 11:11:04,285 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 45 GetRequests, 26 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 47 ImplicationChecksByTransitivity, 5.4s TimeCoverageRelationStatistics Valid=110, Invalid=309, Unknown=1, NotChecked=0, Total=420 [2018-11-23 11:11:04,285 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 107 states. [2018-11-23 11:11:04,472 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 107 to 87. [2018-11-23 11:11:04,473 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:11:04,473 INFO L82 GeneralOperation]: Start isEquivalent. First operand 107 states. Second operand 87 states. [2018-11-23 11:11:04,473 INFO L74 IsIncluded]: Start isIncluded. First operand 107 states. Second operand 87 states. [2018-11-23 11:11:04,473 INFO L87 Difference]: Start difference. First operand 107 states. Second operand 87 states. [2018-11-23 11:11:04,477 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:11:04,477 INFO L93 Difference]: Finished difference Result 107 states and 125 transitions. [2018-11-23 11:11:04,478 INFO L276 IsEmpty]: Start isEmpty. Operand 107 states and 125 transitions. [2018-11-23 11:11:04,478 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:11:04,478 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:11:04,478 INFO L74 IsIncluded]: Start isIncluded. First operand 87 states. Second operand 107 states. [2018-11-23 11:11:04,478 INFO L87 Difference]: Start difference. First operand 87 states. Second operand 107 states. [2018-11-23 11:11:04,481 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:11:04,481 INFO L93 Difference]: Finished difference Result 107 states and 125 transitions. [2018-11-23 11:11:04,481 INFO L276 IsEmpty]: Start isEmpty. Operand 107 states and 125 transitions. [2018-11-23 11:11:04,481 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:11:04,481 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:11:04,481 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:11:04,481 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:11:04,482 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 87 states. [2018-11-23 11:11:04,484 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 87 states to 87 states and 105 transitions. [2018-11-23 11:11:04,484 INFO L78 Accepts]: Start accepts. Automaton has 87 states and 105 transitions. Word has length 20 [2018-11-23 11:11:04,484 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:11:04,484 INFO L480 AbstractCegarLoop]: Abstraction has 87 states and 105 transitions. [2018-11-23 11:11:04,485 INFO L481 AbstractCegarLoop]: Interpolant automaton has 15 states. [2018-11-23 11:11:04,485 INFO L276 IsEmpty]: Start isEmpty. Operand 87 states and 105 transitions. [2018-11-23 11:11:04,485 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2018-11-23 11:11:04,485 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:11:04,485 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:11:04,486 INFO L423 AbstractCegarLoop]: === Iteration 9 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:11:04,486 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:11:04,486 INFO L82 PathProgramCache]: Analyzing trace with hash -1128893881, now seen corresponding path program 1 times [2018-11-23 11:11:04,486 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:11:04,486 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 10 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 10 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:11:04,513 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:11:04,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:11:04,598 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:11:04,599 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:11:04,654 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:11:04,656 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:04,666 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:04,666 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:11:04,669 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:04,669 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_46|]. (and (= main_~a~0.offset (_ bv0 32)) (= |#valid| (store |v_#valid_46| main_~a~0.base (_ bv1 1)))) [2018-11-23 11:11:04,669 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:11:04,730 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:04,732 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:04,733 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:11:04,737 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:04,748 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:04,748 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:22, output treesize:14 [2018-11-23 11:11:04,813 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:11:04,819 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:11:04,820 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:04,826 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:04,866 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:11:04,876 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:11:04,877 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:04,881 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:04,910 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:04,910 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 4 variables, input treesize:52, output treesize:32 [2018-11-23 11:11:04,938 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:04,938 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_40|, main_~t~0.base, |v_#memory_$Pointer$.offset_36|, main_~t~0.offset]. (let ((.cse0 (bvadd main_~a~0.offset (_ bv8 32)))) (and (= main_~a~0.offset (_ bv0 32)) (= (store |v_#memory_$Pointer$.base_40| main_~a~0.base (store (select |v_#memory_$Pointer$.base_40| main_~a~0.base) .cse0 main_~t~0.base)) |#memory_$Pointer$.base|) (not (= main_~t~0.base main_~a~0.base)) (= (store |v_#memory_$Pointer$.offset_36| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_36| main_~a~0.base) .cse0 main_~t~0.offset)) |#memory_$Pointer$.offset|) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse0)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse0)))) [2018-11-23 11:11:04,938 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (bvadd main_~a~0.offset (_ bv8 32)))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse1))) (and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base .cse0)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse1)) (= main_~p~0.base .cse0)))) [2018-11-23 11:11:05,036 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 102 treesize of output 98 [2018-11-23 11:11:05,044 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 1 [2018-11-23 11:11:05,045 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,073 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,117 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 16 [2018-11-23 11:11:05,122 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 15 [2018-11-23 11:11:05,123 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,129 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,169 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 51 treesize of output 52 [2018-11-23 11:11:05,176 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 1 [2018-11-23 11:11:05,177 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,184 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,196 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,197 INFO L202 ElimStorePlain]: Needed 7 recursive calls to eliminate 3 variables, input treesize:105, output treesize:27 [2018-11-23 11:11:05,266 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:05,266 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_41|, |v_#memory_int_52|, |v_#memory_$Pointer$.offset_37|]. (let ((.cse0 (select (select |v_#memory_$Pointer$.base_41| main_~p~0.base) (_ bv8 32))) (.cse1 (select (select |v_#memory_$Pointer$.offset_37| main_~p~0.base) (_ bv8 32)))) (and (= (store |v_#memory_int_52| .cse0 (store (select |v_#memory_int_52| .cse0) .cse1 (_ bv3 32))) |#memory_int|) (= main_~p~0.offset (_ bv0 32)) (= (store |v_#memory_$Pointer$.base_41| .cse0 (store (select |v_#memory_$Pointer$.base_41| .cse0) .cse1 (select (select |#memory_$Pointer$.base| .cse0) .cse1))) |#memory_$Pointer$.base|) (not (= .cse0 main_~p~0.base)) (= (store |v_#memory_$Pointer$.offset_37| .cse0 (store (select |v_#memory_$Pointer$.offset_37| .cse0) .cse1 (select (select |#memory_$Pointer$.offset| .cse0) .cse1))) |#memory_$Pointer$.offset|))) [2018-11-23 11:11:05,266 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32)))) (and (= main_~p~0.offset (_ bv0 32)) (not (= .cse0 main_~p~0.base)) (= (select (select |#memory_int| .cse0) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv3 32)))) [2018-11-23 11:11:05,317 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 21 [2018-11-23 11:11:05,324 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 13 [2018-11-23 11:11:05,328 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,331 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,345 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 23 [2018-11-23 11:11:05,354 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 14 [2018-11-23 11:11:05,360 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,368 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,378 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,378 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 3 variables, input treesize:40, output treesize:9 [2018-11-23 11:11:05,382 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:05,382 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_51, |#memory_$Pointer$.offset|]. (let ((.cse0 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_51) (_ bv8 32))) (.cse1 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_51) (_ bv8 32)))) (and (not (= v_main_~p~0.base_51 .cse0)) (= (_ bv0 32) (bvadd (select (select |#memory_int| .cse0) .cse1) (_ bv4294967293 32))) (= main_~p~0.base .cse0) (= main_~p~0.offset .cse1))) [2018-11-23 11:11:05,382 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967293 32))) [2018-11-23 11:11:05,486 INFO L256 TraceCheckUtils]: 0: Hoare triple {3525#true} call ULTIMATE.init(); {3525#true} is VALID [2018-11-23 11:11:05,486 INFO L273 TraceCheckUtils]: 1: Hoare triple {3525#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {3525#true} is VALID [2018-11-23 11:11:05,486 INFO L273 TraceCheckUtils]: 2: Hoare triple {3525#true} assume true; {3525#true} is VALID [2018-11-23 11:11:05,486 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {3525#true} {3525#true} #101#return; {3525#true} is VALID [2018-11-23 11:11:05,487 INFO L256 TraceCheckUtils]: 4: Hoare triple {3525#true} call #t~ret16 := main(); {3525#true} is VALID [2018-11-23 11:11:05,488 INFO L273 TraceCheckUtils]: 5: Hoare triple {3525#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {3545#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:11:05,488 INFO L273 TraceCheckUtils]: 6: Hoare triple {3545#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {3545#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:11:05,489 INFO L273 TraceCheckUtils]: 7: Hoare triple {3545#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {3552#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:11:05,492 INFO L273 TraceCheckUtils]: 8: Hoare triple {3552#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {3552#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:11:05,494 INFO L273 TraceCheckUtils]: 9: Hoare triple {3552#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~mem4);havoc #t~mem4;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32); {3552#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:11:05,497 INFO L273 TraceCheckUtils]: 10: Hoare triple {3552#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {3562#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:11:05,501 INFO L273 TraceCheckUtils]: 11: Hoare triple {3562#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {3562#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:11:05,503 INFO L273 TraceCheckUtils]: 12: Hoare triple {3562#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {3569#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:11:05,504 INFO L273 TraceCheckUtils]: 13: Hoare triple {3569#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {3569#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:11:05,506 INFO L273 TraceCheckUtils]: 14: Hoare triple {3569#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3576#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32)) main_~p~0.base)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:11:05,507 INFO L273 TraceCheckUtils]: 15: Hoare triple {3576#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32)) main_~p~0.base)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967293 32)) (_ bv0 32)))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3576#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32)) main_~p~0.base)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:11:05,509 INFO L273 TraceCheckUtils]: 16: Hoare triple {3576#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32)) main_~p~0.base)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967293 32)) (_ bv0 32)))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {3576#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32)) main_~p~0.base)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:11:05,510 INFO L273 TraceCheckUtils]: 17: Hoare triple {3576#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32)) main_~p~0.base)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967293 32)) (_ bv0 32)))} assume !(0bv32 != #t~mem8);havoc #t~mem8;call #t~mem10 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3576#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32)) main_~p~0.base)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:11:05,511 INFO L273 TraceCheckUtils]: 18: Hoare triple {3576#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32)) main_~p~0.base)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967293 32)) (_ bv0 32)))} assume !(2bv32 != #t~mem10);havoc #t~mem10; {3576#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32)) main_~p~0.base)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:11:05,513 INFO L273 TraceCheckUtils]: 19: Hoare triple {3576#(and (= main_~p~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32)) main_~p~0.base)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967293 32)) (_ bv0 32)))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem11.base, #t~mem11.offset;havoc #t~mem11.base, #t~mem11.offset;#t~post12 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post12);havoc #t~post12; {3592#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:11:05,515 INFO L273 TraceCheckUtils]: 20: Hoare triple {3592#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3596#(and (= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem7|))} is VALID [2018-11-23 11:11:05,515 INFO L273 TraceCheckUtils]: 21: Hoare triple {3596#(and (= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem7|))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {3526#false} is VALID [2018-11-23 11:11:05,515 INFO L273 TraceCheckUtils]: 22: Hoare triple {3526#false} assume !(0bv32 != #t~mem8);havoc #t~mem8;call #t~mem10 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3526#false} is VALID [2018-11-23 11:11:05,516 INFO L273 TraceCheckUtils]: 23: Hoare triple {3526#false} assume 2bv32 != #t~mem10;havoc #t~mem10; {3526#false} is VALID [2018-11-23 11:11:05,516 INFO L273 TraceCheckUtils]: 24: Hoare triple {3526#false} assume !false; {3526#false} is VALID [2018-11-23 11:11:05,518 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 2 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:11:05,518 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:11:05,833 WARN L180 SmtUtils]: Spent 131.00 ms on a formula simplification. DAG size of input: 41 DAG size of output: 39 [2018-11-23 11:11:05,841 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 13 [2018-11-23 11:11:05,850 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-23 11:11:05,851 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,858 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,914 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:05,924 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:05,930 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,938 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:05,985 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:05,993 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:06,001 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:06,009 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:06,032 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: 2 dim-0 vars, and 2 xjuncts. [2018-11-23 11:11:06,033 INFO L202 ElimStorePlain]: Needed 11 recursive calls to eliminate 3 variables, input treesize:60, output treesize:35 [2018-11-23 11:11:06,215 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:06,215 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_int|, |v_#memory_$Pointer$.base_42|, |v_#memory_$Pointer$.offset_38|]. (or (= (_ bv3 32) (let ((.cse0 (bvadd main_~a~0.offset (_ bv8 32)))) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) (select (select |v_#memory_$Pointer$.base_42| main_~a~0.base) .cse0)) (select (select |v_#memory_$Pointer$.offset_38| main_~a~0.base) .cse0)))) (not (= |v_#memory_$Pointer$.base_42| (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.base_42| main_~p~0.base) main_~p~0.offset))))) (not (= |v_#memory_$Pointer$.offset_38| (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.offset_38| main_~p~0.base) main_~p~0.offset)))))) [2018-11-23 11:11:06,215 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_22, v_DerPreprocessor_18]. (let ((.cse0 (bvadd main_~a~0.offset (_ bv8 32)))) (and (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_22)) main_~a~0.base) .cse0)) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_18)) main_~a~0.base) .cse0) main_~p~0.base))) [2018-11-23 11:11:06,395 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 29 [2018-11-23 11:11:06,470 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 10 [2018-11-23 11:11:06,471 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:06,544 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 20 treesize of output 24 [2018-11-23 11:11:06,598 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 15 [2018-11-23 11:11:06,636 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:06,865 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 11 [2018-11-23 11:11:06,902 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:07,073 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 3 [2018-11-23 11:11:07,095 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:07,152 INFO L267 ElimStorePlain]: Start of recursive call 4: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:11:07,157 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 19 [2018-11-23 11:11:07,162 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:11:07,162 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:07,171 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:07,214 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 7 xjuncts. [2018-11-23 11:11:07,354 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 29 [2018-11-23 11:11:07,439 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 10 [2018-11-23 11:11:07,462 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:07,631 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 19 [2018-11-23 11:11:07,638 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:11:07,638 INFO L267 ElimStorePlain]: Start of recursive call 13: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:07,648 INFO L267 ElimStorePlain]: Start of recursive call 12: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:07,674 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 20 treesize of output 24 [2018-11-23 11:11:07,684 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 15 [2018-11-23 11:11:07,689 INFO L267 ElimStorePlain]: Start of recursive call 15: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:07,724 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 11 [2018-11-23 11:11:07,726 INFO L267 ElimStorePlain]: Start of recursive call 16: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:07,751 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 3 [2018-11-23 11:11:07,753 INFO L267 ElimStorePlain]: Start of recursive call 17: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:07,761 INFO L267 ElimStorePlain]: Start of recursive call 14: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:11:07,802 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 7 xjuncts. [2018-11-23 11:11:07,906 INFO L267 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 2 dim-2 vars, End of recursive call: and 5 xjuncts. [2018-11-23 11:11:07,906 INFO L202 ElimStorePlain]: Needed 17 recursive calls to eliminate 6 variables, input treesize:75, output treesize:33 [2018-11-23 11:11:07,931 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:07,931 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_$Pointer$.offset|, v_prenex_14, v_DerPreprocessor_22, |#memory_$Pointer$.base|, main_~t~0.offset, v_DerPreprocessor_18]. (let ((.cse1 (bvadd main_~p~0.offset (_ bv8 32))) (.cse2 (bvadd main_~a~0.offset (_ bv8 32)))) (and (= (select (select (let ((.cse0 (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) .cse1 v_prenex_14)))) (store .cse0 main_~t~0.base (store (select .cse0 main_~t~0.base) v_prenex_14 v_DerPreprocessor_22))) main_~a~0.base) .cse2) v_prenex_14) (= main_~t~0.base (select (select (let ((.cse3 (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) .cse1 main_~t~0.base)))) (store .cse3 main_~t~0.base (store (select .cse3 main_~t~0.base) main_~t~0.offset v_DerPreprocessor_18))) main_~a~0.base) .cse2)))) [2018-11-23 11:11:07,932 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ []. (let ((.cse0 (= (bvadd main_~p~0.offset (_ bv8 32)) (bvadd main_~a~0.offset (_ bv8 32)))) (.cse2 (= main_~p~0.base main_~a~0.base)) (.cse1 (= main_~t~0.base main_~a~0.base))) (and (or .cse0 .cse1) .cse2 .cse0 (not .cse1) (or .cse2 .cse1))) [2018-11-23 11:11:08,138 INFO L273 TraceCheckUtils]: 24: Hoare triple {3526#false} assume !false; {3526#false} is VALID [2018-11-23 11:11:08,138 INFO L273 TraceCheckUtils]: 23: Hoare triple {3526#false} assume 2bv32 != #t~mem10;havoc #t~mem10; {3526#false} is VALID [2018-11-23 11:11:08,138 INFO L273 TraceCheckUtils]: 22: Hoare triple {3526#false} assume !(0bv32 != #t~mem8);havoc #t~mem8;call #t~mem10 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3526#false} is VALID [2018-11-23 11:11:08,138 INFO L273 TraceCheckUtils]: 21: Hoare triple {3618#(= (_ bv3 32) |main_#t~mem7|)} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {3526#false} is VALID [2018-11-23 11:11:08,139 INFO L273 TraceCheckUtils]: 20: Hoare triple {3592#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3618#(= (_ bv3 32) |main_#t~mem7|)} is VALID [2018-11-23 11:11:08,141 INFO L273 TraceCheckUtils]: 19: Hoare triple {3625#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem11.base, #t~mem11.offset;havoc #t~mem11.base, #t~mem11.offset;#t~post12 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post12);havoc #t~post12; {3592#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:11:08,141 INFO L273 TraceCheckUtils]: 18: Hoare triple {3625#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32))} assume !(2bv32 != #t~mem10);havoc #t~mem10; {3625#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:11:08,141 INFO L273 TraceCheckUtils]: 17: Hoare triple {3625#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32))} assume !(0bv32 != #t~mem8);havoc #t~mem8;call #t~mem10 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3625#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:11:08,142 INFO L273 TraceCheckUtils]: 16: Hoare triple {3625#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {3625#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:11:08,142 INFO L273 TraceCheckUtils]: 15: Hoare triple {3625#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3625#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:11:08,146 INFO L273 TraceCheckUtils]: 14: Hoare triple {3641#(and (forall ((v_DerPreprocessor_18 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_18)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_22 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_22)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3625#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:11:08,147 INFO L273 TraceCheckUtils]: 13: Hoare triple {3641#(and (forall ((v_DerPreprocessor_18 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_18)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_22 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_22)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {3641#(and (forall ((v_DerPreprocessor_18 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_18)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_22 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_22)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))))} is VALID [2018-11-23 11:11:08,150 INFO L273 TraceCheckUtils]: 12: Hoare triple {3648#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {3641#(and (forall ((v_DerPreprocessor_18 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_18)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_22 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_22)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))))} is VALID [2018-11-23 11:11:08,151 INFO L273 TraceCheckUtils]: 11: Hoare triple {3648#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {3648#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:11:08,153 INFO L273 TraceCheckUtils]: 10: Hoare triple {3655#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_17 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_17))))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((|v_main_#t~malloc5.base_7| (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| |v_main_#t~malloc5.base_7|))))))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {3648#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:11:08,154 INFO L273 TraceCheckUtils]: 9: Hoare triple {3655#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_17 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_17))))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((|v_main_#t~malloc5.base_7| (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| |v_main_#t~malloc5.base_7|))))))} assume !(0bv32 != #t~mem4);havoc #t~mem4;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32); {3655#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_17 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_17))))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((|v_main_#t~malloc5.base_7| (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| |v_main_#t~malloc5.base_7|))))))} is VALID [2018-11-23 11:11:08,154 INFO L273 TraceCheckUtils]: 8: Hoare triple {3655#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_17 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_17))))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((|v_main_#t~malloc5.base_7| (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| |v_main_#t~malloc5.base_7|))))))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {3655#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_17 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_17))))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((|v_main_#t~malloc5.base_7| (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| |v_main_#t~malloc5.base_7|))))))} is VALID [2018-11-23 11:11:08,155 INFO L273 TraceCheckUtils]: 7: Hoare triple {3665#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {3655#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_17 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_17))))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((|v_main_#t~malloc5.base_7| (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| |v_main_#t~malloc5.base_7|))))))} is VALID [2018-11-23 11:11:08,156 INFO L273 TraceCheckUtils]: 6: Hoare triple {3665#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {3665#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:11:08,162 INFO L273 TraceCheckUtils]: 5: Hoare triple {3525#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {3665#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:11:08,163 INFO L256 TraceCheckUtils]: 4: Hoare triple {3525#true} call #t~ret16 := main(); {3525#true} is VALID [2018-11-23 11:11:08,163 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {3525#true} {3525#true} #101#return; {3525#true} is VALID [2018-11-23 11:11:08,163 INFO L273 TraceCheckUtils]: 2: Hoare triple {3525#true} assume true; {3525#true} is VALID [2018-11-23 11:11:08,163 INFO L273 TraceCheckUtils]: 1: Hoare triple {3525#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {3525#true} is VALID [2018-11-23 11:11:08,163 INFO L256 TraceCheckUtils]: 0: Hoare triple {3525#true} call ULTIMATE.init(); {3525#true} is VALID [2018-11-23 11:11:08,165 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 2 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:11:08,167 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:11:08,167 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 15 [2018-11-23 11:11:08,168 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 25 [2018-11-23 11:11:08,168 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:11:08,168 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states. [2018-11-23 11:11:08,242 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:11:08,242 INFO L459 AbstractCegarLoop]: Interpolant automaton has 15 states [2018-11-23 11:11:08,243 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2018-11-23 11:11:08,243 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=37, Invalid=173, Unknown=0, NotChecked=0, Total=210 [2018-11-23 11:11:08,243 INFO L87 Difference]: Start difference. First operand 87 states and 105 transitions. Second operand 15 states. [2018-11-23 11:11:11,064 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:11:11,064 INFO L93 Difference]: Finished difference Result 104 states and 125 transitions. [2018-11-23 11:11:11,064 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2018-11-23 11:11:11,064 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 25 [2018-11-23 11:11:11,064 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:11:11,065 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2018-11-23 11:11:11,066 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 74 transitions. [2018-11-23 11:11:11,066 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2018-11-23 11:11:11,067 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 74 transitions. [2018-11-23 11:11:11,068 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 74 transitions. [2018-11-23 11:11:11,203 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 74 edges. 74 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:11:11,205 INFO L225 Difference]: With dead ends: 104 [2018-11-23 11:11:11,205 INFO L226 Difference]: Without dead ends: 75 [2018-11-23 11:11:11,206 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 54 GetRequests, 34 SyntacticMatches, 2 SemanticMatches, 18 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 44 ImplicationChecksByTransitivity, 0.7s TimeCoverageRelationStatistics Valid=78, Invalid=302, Unknown=0, NotChecked=0, Total=380 [2018-11-23 11:11:11,206 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 75 states. [2018-11-23 11:11:11,759 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 75 to 71. [2018-11-23 11:11:11,759 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:11:11,759 INFO L82 GeneralOperation]: Start isEquivalent. First operand 75 states. Second operand 71 states. [2018-11-23 11:11:11,760 INFO L74 IsIncluded]: Start isIncluded. First operand 75 states. Second operand 71 states. [2018-11-23 11:11:11,760 INFO L87 Difference]: Start difference. First operand 75 states. Second operand 71 states. [2018-11-23 11:11:11,764 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:11:11,764 INFO L93 Difference]: Finished difference Result 75 states and 88 transitions. [2018-11-23 11:11:11,764 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 88 transitions. [2018-11-23 11:11:11,765 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:11:11,765 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:11:11,765 INFO L74 IsIncluded]: Start isIncluded. First operand 71 states. Second operand 75 states. [2018-11-23 11:11:11,765 INFO L87 Difference]: Start difference. First operand 71 states. Second operand 75 states. [2018-11-23 11:11:11,772 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:11:11,773 INFO L93 Difference]: Finished difference Result 75 states and 88 transitions. [2018-11-23 11:11:11,773 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 88 transitions. [2018-11-23 11:11:11,773 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:11:11,773 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:11:11,773 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:11:11,774 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:11:11,774 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 71 states. [2018-11-23 11:11:11,777 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 71 states to 71 states and 84 transitions. [2018-11-23 11:11:11,777 INFO L78 Accepts]: Start accepts. Automaton has 71 states and 84 transitions. Word has length 25 [2018-11-23 11:11:11,777 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:11:11,777 INFO L480 AbstractCegarLoop]: Abstraction has 71 states and 84 transitions. [2018-11-23 11:11:11,777 INFO L481 AbstractCegarLoop]: Interpolant automaton has 15 states. [2018-11-23 11:11:11,777 INFO L276 IsEmpty]: Start isEmpty. Operand 71 states and 84 transitions. [2018-11-23 11:11:11,778 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2018-11-23 11:11:11,778 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:11:11,778 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:11:11,779 INFO L423 AbstractCegarLoop]: === Iteration 10 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:11:11,779 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:11:11,779 INFO L82 PathProgramCache]: Analyzing trace with hash -838733386, now seen corresponding path program 2 times [2018-11-23 11:11:11,779 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:11:11,780 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 11 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 11 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:11:11,808 INFO L101 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2018-11-23 11:11:11,946 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2018-11-23 11:11:11,946 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-11-23 11:11:11,996 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:11:12,000 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:11:12,090 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:11:12,092 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,097 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,098 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:11:12,101 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:12,101 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_53|]. (and (= main_~a~0.offset (_ bv0 32)) (= |#valid| (store |v_#valid_53| main_~a~0.base (_ bv1 1)))) [2018-11-23 11:11:12,101 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:11:12,169 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:12,170 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:12,171 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 23 [2018-11-23 11:11:12,174 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,198 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,198 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:31, output treesize:29 [2018-11-23 11:11:12,203 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:12,203 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_54|]. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 1) (select |v_#valid_54| main_~t~0.base)) (= (_ bv0 1) (bvadd (select |v_#valid_54| main_~a~0.base) (_ bv1 1))) (= main_~t~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (= |#valid| (store |v_#valid_54| main_~t~0.base (_ bv1 1)))) [2018-11-23 11:11:12,203 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~t~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= (select |#valid| main_~t~0.base) (_ bv1 1)) (not (= main_~t~0.base main_~a~0.base))) [2018-11-23 11:11:12,298 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:11:12,306 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:11:12,308 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,315 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,363 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:11:12,369 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:11:12,371 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,376 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,412 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,412 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 3 variables, input treesize:66, output treesize:61 [2018-11-23 11:11:12,499 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:12,499 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_46|, main_~t~0.base, |v_#memory_$Pointer$.offset_42|]. (let ((.cse0 (bvadd main_~a~0.offset (_ bv8 32)))) (and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (not (= main_~t~0.base main_~a~0.base)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_46| main_~a~0.base (store (select |v_#memory_$Pointer$.base_46| main_~a~0.base) .cse0 main_~t~0.base))) (= (bvadd (select |#valid| main_~t~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse0)) (= (store |v_#memory_$Pointer$.offset_42| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_42| main_~a~0.base) .cse0 (_ bv0 32))) |#memory_$Pointer$.offset|) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse0)))) [2018-11-23 11:11:12,499 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse2 (bvadd main_~a~0.offset (_ bv8 32)))) (let ((.cse0 (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse2)) (.cse1 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse2))) (and (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 32) .cse0) (not (= main_~a~0.base .cse1)) (= (bvadd (select |#valid| .cse1) (_ bv1 1)) (_ bv0 1)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~p~0.offset .cse0) (= main_~p~0.base .cse1)))) [2018-11-23 11:11:12,586 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:12,609 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 45 [2018-11-23 11:11:12,617 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 21 [2018-11-23 11:11:12,619 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,636 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,693 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:12,707 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 52 treesize of output 53 [2018-11-23 11:11:12,716 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 1 [2018-11-23 11:11:12,717 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,731 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,759 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,759 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:99, output treesize:61 [2018-11-23 11:11:12,820 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 14 [2018-11-23 11:11:12,833 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 19 [2018-11-23 11:11:12,836 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,846 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,951 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:12,976 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 53 treesize of output 60 [2018-11-23 11:11:12,988 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 18 treesize of output 23 [2018-11-23 11:11:12,990 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,016 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,077 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:13,089 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 67 treesize of output 68 [2018-11-23 11:11:13,128 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 17 [2018-11-23 11:11:13,130 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,151 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,183 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,184 INFO L202 ElimStorePlain]: Needed 7 recursive calls to eliminate 3 variables, input treesize:102, output treesize:80 [2018-11-23 11:11:13,289 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:13,291 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:13,293 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:13,295 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 4 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 25 [2018-11-23 11:11:13,297 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,339 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,340 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:88, output treesize:77 [2018-11-23 11:11:13,523 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 182 treesize of output 183 [2018-11-23 11:11:13,534 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 21 [2018-11-23 11:11:13,535 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,613 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,735 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 69 treesize of output 52 [2018-11-23 11:11:13,747 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:13,753 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 52 treesize of output 38 [2018-11-23 11:11:13,756 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,768 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,850 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:13,855 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 4 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 134 treesize of output 145 [2018-11-23 11:11:13,866 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 40 treesize of output 36 [2018-11-23 11:11:13,868 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,901 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,955 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,956 INFO L202 ElimStorePlain]: Needed 7 recursive calls to eliminate 4 variables, input treesize:209, output treesize:145 [2018-11-23 11:11:14,124 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:14,124 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_49|, |v_#memory_$Pointer$.offset_45|, |v_#memory_int_58|, main_~t~0.base]. (let ((.cse4 (bvadd main_~a~0.offset (_ bv8 32)))) (let ((.cse3 (select (select |v_#memory_$Pointer$.offset_45| main_~a~0.base) .cse4)) (.cse0 (select (select |v_#memory_$Pointer$.base_49| main_~a~0.base) .cse4))) (let ((.cse2 (select |v_#memory_int_58| .cse0)) (.cse1 (bvadd .cse3 (_ bv8 32)))) (and (= main_~a~0.offset (_ bv0 32)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| .cse0) .cse1)) (not (= main_~a~0.base .cse0)) (= |#memory_$Pointer$.offset| (store |v_#memory_$Pointer$.offset_45| .cse0 (store (select |v_#memory_$Pointer$.offset_45| .cse0) .cse1 (_ bv0 32)))) (= (_ bv2 32) (select .cse2 .cse3)) (not (= main_~t~0.base main_~a~0.base)) (not (= main_~t~0.base .cse0)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_49| .cse0 (store (select |v_#memory_$Pointer$.base_49| .cse0) .cse1 main_~t~0.base))) (= (select (select |#memory_$Pointer$.base| .cse0) .cse1) main_~p~0.base) (= |#memory_int| (store |v_#memory_int_58| .cse0 (store .cse2 .cse1 (select (select |#memory_int| .cse0) .cse1)))) (= .cse3 (_ bv0 32)))))) [2018-11-23 11:11:14,124 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse5 (bvadd main_~a~0.offset (_ bv8 32)))) (let ((.cse0 (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse5))) (let ((.cse3 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse5)) (.cse4 (bvadd .cse0 (_ bv8 32)))) (let ((.cse2 (select (select |#memory_$Pointer$.offset| .cse3) .cse4)) (.cse1 (select (select |#memory_$Pointer$.base| .cse3) .cse4))) (and (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 32) .cse0) (= .cse1 main_~p~0.base) (= .cse2 main_~p~0.offset) (= .cse2 (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| .cse3) .cse0)) (not (= .cse1 .cse3)) (not (= .cse1 main_~a~0.base))))))) [2018-11-23 11:11:14,257 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:14,348 INFO L303 Elim1Store]: Index analysis took 105 ms [2018-11-23 11:11:14,349 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 3 select indices, 3 select index equivalence classes, 3 disjoint index pairs (out of 3 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 303 treesize of output 297 [2018-11-23 11:11:14,375 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 68 treesize of output 1 [2018-11-23 11:11:14,375 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:14,450 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:14,652 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:14,672 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:14,686 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 3 select indices, 3 select index equivalence classes, 4 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 0 case distinctions, treesize of input 211 treesize of output 196 [2018-11-23 11:11:14,698 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 68 treesize of output 1 [2018-11-23 11:11:14,698 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:14,726 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:14,793 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:14,796 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 69 treesize of output 101 [2018-11-23 11:11:14,819 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 64 treesize of output 62 [2018-11-23 11:11:14,821 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:14,845 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:14,878 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:14,879 INFO L202 ElimStorePlain]: Needed 7 recursive calls to eliminate 3 variables, input treesize:306, output treesize:96 [2018-11-23 11:11:17,403 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:17,403 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_50|, |v_#memory_$Pointer$.offset_46|, |v_#memory_int_59|]. (let ((.cse1 (select (select |v_#memory_$Pointer$.offset_46| main_~p~0.base) (_ bv8 32)))) (let ((.cse0 (select (select |v_#memory_$Pointer$.base_50| main_~p~0.base) (_ bv8 32))) (.cse4 (bvadd .cse1 (_ bv8 32)))) (let ((.cse3 (select (select |v_#memory_$Pointer$.base_50| .cse0) .cse4)) (.cse2 (select (select |v_#memory_$Pointer$.offset_46| .cse0) .cse4))) (and (= main_~p~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |v_#memory_int_59| .cse0) .cse1)) (= (_ bv0 32) .cse2) (= .cse1 (_ bv0 32)) (= (store |v_#memory_int_59| .cse3 (store (select |v_#memory_int_59| .cse3) .cse2 (_ bv3 32))) |#memory_int|) (not (= .cse3 main_~p~0.base)) (not (= .cse3 .cse0)) (= (store |v_#memory_$Pointer$.base_50| .cse3 (store (select |v_#memory_$Pointer$.base_50| .cse3) .cse2 (select (select |#memory_$Pointer$.base| .cse3) .cse2))) |#memory_$Pointer$.base|) (= (store |v_#memory_$Pointer$.offset_46| .cse3 (store (select |v_#memory_$Pointer$.offset_46| .cse3) .cse2 (select (select |#memory_$Pointer$.offset| .cse3) .cse2))) |#memory_$Pointer$.offset|))))) [2018-11-23 11:11:17,404 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)))) (let ((.cse3 (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (.cse4 (bvadd .cse0 (_ bv8 32)))) (let ((.cse2 (select (select |#memory_$Pointer$.base| .cse3) .cse4)) (.cse1 (select (select |#memory_$Pointer$.offset| .cse3) .cse4))) (and (= main_~p~0.offset (_ bv0 32)) (= .cse0 (_ bv0 32)) (= (_ bv0 32) .cse1) (not (= .cse2 main_~p~0.base)) (= (select (select |#memory_int| .cse3) .cse0) (_ bv2 32)) (= (select (select |#memory_int| .cse2) .cse1) (_ bv3 32)))))) [2018-11-23 11:11:17,810 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:17,814 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 86 treesize of output 70 [2018-11-23 11:11:17,824 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 62 treesize of output 47 [2018-11-23 11:11:17,826 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:17,853 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 19 [2018-11-23 11:11:17,856 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:17,871 INFO L267 ElimStorePlain]: Start of recursive call 2: 2 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:17,899 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:17,901 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:17,902 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 40 treesize of output 40 [2018-11-23 11:11:17,927 INFO L478 Elim1Store]: Elim1 applied some preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 27 treesize of output 28 [2018-11-23 11:11:17,945 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 2 xjuncts. [2018-11-23 11:11:17,972 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 9 [2018-11-23 11:11:17,974 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:17,985 INFO L267 ElimStorePlain]: Start of recursive call 5: 2 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:18,004 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:18,005 INFO L202 ElimStorePlain]: Needed 7 recursive calls to eliminate 3 variables, input treesize:102, output treesize:35 [2018-11-23 11:11:18,026 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:18,026 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_60, |#memory_$Pointer$.offset|]. (let ((.cse1 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_60) (_ bv8 32)))) (let ((.cse0 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_60) (_ bv8 32))) (.cse2 (bvadd .cse1 (_ bv8 32)))) (let ((.cse3 (select (select |#memory_$Pointer$.offset| .cse0) .cse2))) (and (= (bvadd (select (select |#memory_int| .cse0) .cse1) (_ bv4294967294 32)) (_ bv0 32)) (= (_ bv0 32) (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| .cse0) .cse2)) .cse3) (_ bv4294967293 32))) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_60) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (= (_ bv0 32) .cse3) (= .cse0 main_~p~0.base) (= .cse1 (_ bv0 32)) (= .cse1 main_~p~0.offset))))) [2018-11-23 11:11:18,026 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_60, v_arrayElimCell_94]. (and (= (_ bv0 32) (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967294 32))) (= main_~p~0.offset (_ bv0 32)) (not (= v_main_~p~0.base_60 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_arrayElimCell_94) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_60) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32))) [2018-11-23 11:11:18,218 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:18,220 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:18,223 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:18,226 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:18,228 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 3 select indices, 3 select index equivalence classes, 5 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 0 case distinctions, treesize of input 35 treesize of output 47 [2018-11-23 11:11:18,252 INFO L478 Elim1Store]: Elim1 applied some preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 20 [2018-11-23 11:11:18,257 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 2 xjuncts. [2018-11-23 11:11:18,295 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 1 [2018-11-23 11:11:18,296 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:18,312 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 1 [2018-11-23 11:11:18,312 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:18,320 INFO L267 ElimStorePlain]: Start of recursive call 2: 3 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:18,337 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:18,338 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 4 variables, input treesize:39, output treesize:5 [2018-11-23 11:11:18,343 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:18,343 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, v_main_~p~0.base_60, v_arrayElimCell_94]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) (_ bv0 32)))) (and (not (= v_main_~p~0.base_60 main_~p~0.base)) (= (bvadd .cse0 (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| v_arrayElimCell_94) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_60) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (= |main_#t~mem10| .cse0))) [2018-11-23 11:11:18,343 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd |main_#t~mem10| (_ bv4294967294 32))) [2018-11-23 11:11:18,373 INFO L256 TraceCheckUtils]: 0: Hoare triple {4067#true} call ULTIMATE.init(); {4067#true} is VALID [2018-11-23 11:11:18,374 INFO L273 TraceCheckUtils]: 1: Hoare triple {4067#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {4067#true} is VALID [2018-11-23 11:11:18,374 INFO L273 TraceCheckUtils]: 2: Hoare triple {4067#true} assume true; {4067#true} is VALID [2018-11-23 11:11:18,374 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {4067#true} {4067#true} #101#return; {4067#true} is VALID [2018-11-23 11:11:18,374 INFO L256 TraceCheckUtils]: 4: Hoare triple {4067#true} call #t~ret16 := main(); {4067#true} is VALID [2018-11-23 11:11:18,375 INFO L273 TraceCheckUtils]: 5: Hoare triple {4067#true} havoc ~p~0.base, ~p~0.offset;havoc ~a~0.base, ~a~0.offset;havoc ~t~0.base, ~t~0.offset;call #t~malloc0.base, #t~malloc0.offset := #Ultimate.alloc(12bv32);~a~0.base, ~a~0.offset := #t~malloc0.base, #t~malloc0.offset; {4087#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:11:18,376 INFO L273 TraceCheckUtils]: 6: Hoare triple {4087#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {4087#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:11:18,376 INFO L273 TraceCheckUtils]: 7: Hoare triple {4087#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} ~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset;~i~0 := 0bv32; {4094#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:11:18,379 INFO L273 TraceCheckUtils]: 8: Hoare triple {4094#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {4094#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:11:18,381 INFO L273 TraceCheckUtils]: 9: Hoare triple {4094#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~mem4);havoc #t~mem4;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32); {4094#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:11:18,384 INFO L273 TraceCheckUtils]: 10: Hoare triple {4094#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {4104#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~t~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (bvadd (select |#valid| main_~t~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:11:18,385 INFO L273 TraceCheckUtils]: 11: Hoare triple {4104#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~t~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (bvadd (select |#valid| main_~t~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {4104#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~t~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (bvadd (select |#valid| main_~t~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:11:18,387 INFO L273 TraceCheckUtils]: 12: Hoare triple {4104#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~t~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (bvadd (select |#valid| main_~t~0.base) (_ bv1 1)) (_ bv0 1)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {4111#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= (bvadd (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (_ bv1 1)) (_ bv0 1)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:11:18,391 INFO L273 TraceCheckUtils]: 13: Hoare triple {4111#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= (bvadd (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (_ bv1 1)) (_ bv0 1)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} assume !!(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1;#t~post2 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post2);havoc #t~post2;call write~intINTTYPE4(#t~nondet3, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);havoc #t~nondet3;call #t~mem4 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {4111#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= (bvadd (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (_ bv1 1)) (_ bv0 1)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:11:18,394 INFO L273 TraceCheckUtils]: 14: Hoare triple {4111#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= (bvadd (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (_ bv1 1)) (_ bv0 1)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} assume !(0bv32 != #t~mem4);havoc #t~mem4;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32); {4118#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= (bvadd (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (_ bv1 1)) (_ bv0 1)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:11:18,398 INFO L273 TraceCheckUtils]: 15: Hoare triple {4118#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= (bvadd (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (_ bv1 1)) (_ bv0 1)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} call #t~malloc5.base, #t~malloc5.offset := #Ultimate.alloc(12bv32);~t~0.base, ~t~0.offset := #t~malloc5.base, #t~malloc5.offset; {4122#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (not (= main_~t~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~t~0.offset (_ bv0 32)) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:11:18,399 INFO L273 TraceCheckUtils]: 16: Hoare triple {4122#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (not (= main_~t~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~t~0.offset (_ bv0 32)) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {4122#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (not (= main_~t~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~t~0.offset (_ bv0 32)) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} is VALID [2018-11-23 11:11:18,404 INFO L273 TraceCheckUtils]: 17: Hoare triple {4122#(and (= main_~a~0.offset (_ bv0 32)) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (not (= main_~t~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~t~0.offset (_ bv0 32)) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);call #t~mem6.base, #t~mem6.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem6.base, #t~mem6.offset;havoc #t~mem6.base, #t~mem6.offset; {4129#(and (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~p~0.base) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~p~0.offset) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~a~0.base)))} is VALID [2018-11-23 11:11:18,407 INFO L273 TraceCheckUtils]: 18: Hoare triple {4129#(and (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~p~0.base) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~p~0.offset) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~a~0.base)))} assume !(~bvslt32(~i~0, 20bv32) && 0bv32 != #t~nondet1);havoc #t~nondet1; {4129#(and (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~p~0.base) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~p~0.offset) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~a~0.base)))} is VALID [2018-11-23 11:11:18,412 INFO L273 TraceCheckUtils]: 19: Hoare triple {4129#(and (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~p~0.base) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~p~0.offset) (= (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv8 32))) (_ bv8 32))) main_~a~0.base)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4136#(and (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv0 32)) (= main_~p~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32))) main_~p~0.base)))} is VALID [2018-11-23 11:11:18,414 INFO L273 TraceCheckUtils]: 20: Hoare triple {4136#(and (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv0 32)) (= main_~p~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32))) main_~p~0.base)))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4136#(and (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv0 32)) (= main_~p~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32))) main_~p~0.base)))} is VALID [2018-11-23 11:11:18,416 INFO L273 TraceCheckUtils]: 21: Hoare triple {4136#(and (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv0 32)) (= main_~p~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32))) main_~p~0.base)))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {4136#(and (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv0 32)) (= main_~p~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32))) main_~p~0.base)))} is VALID [2018-11-23 11:11:18,418 INFO L273 TraceCheckUtils]: 22: Hoare triple {4136#(and (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv0 32)) (= main_~p~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32))) main_~p~0.base)))} assume !(0bv32 != #t~mem8);havoc #t~mem8;call #t~mem10 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4146#(and (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv0 32)) (= main_~p~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem10|) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32))) main_~p~0.base)))} is VALID [2018-11-23 11:11:18,420 INFO L273 TraceCheckUtils]: 23: Hoare triple {4146#(and (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv0 32)) (= main_~p~0.offset (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem10|) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32))) main_~p~0.base)))} assume !(2bv32 != #t~mem10);havoc #t~mem10; {4150#(and (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv0 32)) (= main_~p~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:11:18,427 INFO L273 TraceCheckUtils]: 24: Hoare triple {4150#(and (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv0 32)) (= main_~p~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32))) (_ bv4294967294 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv8 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv8 32)) (_ bv8 32)))) (_ bv4294967293 32)) (_ bv0 32)))} call #t~mem11.base, #t~mem11.offset := read~$Pointer$(~p~0.base, ~bvadd32(8bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem11.base, #t~mem11.offset;havoc #t~mem11.base, #t~mem11.offset;#t~post12 := ~i~0;~i~0 := ~bvadd32(1bv32, #t~post12);havoc #t~post12; {4154#(and (= main_~p~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_arrayElimCell_94 (_ BitVec 32))) (= (bvadd (select (select |#memory_int| v_arrayElimCell_94) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32))) (exists ((v_main_~p~0.base_60 (_ BitVec 32))) (and (not (= v_main_~p~0.base_60 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_60) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)))))} is VALID [2018-11-23 11:11:18,428 INFO L273 TraceCheckUtils]: 25: Hoare triple {4154#(and (= main_~p~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_arrayElimCell_94 (_ BitVec 32))) (= (bvadd (select (select |#memory_int| v_arrayElimCell_94) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32))) (exists ((v_main_~p~0.base_60 (_ BitVec 32))) (and (not (= v_main_~p~0.base_60 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_60) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)))))} call #t~mem7 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4154#(and (= main_~p~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_arrayElimCell_94 (_ BitVec 32))) (= (bvadd (select (select |#memory_int| v_arrayElimCell_94) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32))) (exists ((v_main_~p~0.base_60 (_ BitVec 32))) (and (not (= v_main_~p~0.base_60 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_60) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)))))} is VALID [2018-11-23 11:11:18,428 INFO L273 TraceCheckUtils]: 26: Hoare triple {4154#(and (= main_~p~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_arrayElimCell_94 (_ BitVec 32))) (= (bvadd (select (select |#memory_int| v_arrayElimCell_94) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32))) (exists ((v_main_~p~0.base_60 (_ BitVec 32))) (and (not (= v_main_~p~0.base_60 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_60) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)))))} assume !!(3bv32 != #t~mem7);havoc #t~mem7;call #t~mem8 := read~intINTTYPE4(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32); {4154#(and (= main_~p~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_arrayElimCell_94 (_ BitVec 32))) (= (bvadd (select (select |#memory_int| v_arrayElimCell_94) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32))) (exists ((v_main_~p~0.base_60 (_ BitVec 32))) (and (not (= v_main_~p~0.base_60 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_60) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)))))} is VALID [2018-11-23 11:11:18,429 INFO L273 TraceCheckUtils]: 27: Hoare triple {4154#(and (= main_~p~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_arrayElimCell_94 (_ BitVec 32))) (= (bvadd (select (select |#memory_int| v_arrayElimCell_94) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32))) (exists ((v_main_~p~0.base_60 (_ BitVec 32))) (and (not (= v_main_~p~0.base_60 main_~p~0.base)) (= (bvadd (select (select |#memory_int| v_main_~p~0.base_60) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)))))} assume !(0bv32 != #t~mem8);havoc #t~mem8;call #t~mem10 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4164#(= (_ bv2 32) |main_#t~mem10|)} is VALID [2018-11-23 11:11:18,429 INFO L273 TraceCheckUtils]: 28: Hoare triple {4164#(= (_ bv2 32) |main_#t~mem10|)} assume 2bv32 != #t~mem10;havoc #t~mem10; {4068#false} is VALID [2018-11-23 11:11:18,429 INFO L273 TraceCheckUtils]: 29: Hoare triple {4068#false} assume !false; {4068#false} is VALID [2018-11-23 11:11:18,436 INFO L134 CoverageAnalysis]: Checked inductivity of 11 backedges. 0 proven. 11 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:11:18,436 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:11:18,866 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:18,916 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:19,166 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:19,182 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:19,221 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:19,222 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:80, output treesize:62 [2018-11-23 11:11:19,609 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:19,609 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_$Pointer$.base_51|, |v_#memory_$Pointer$.offset_47|]. (let ((.cse0 (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))))) (or (not (= |v_#memory_$Pointer$.offset_47| (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.offset_47| main_~p~0.base) main_~p~0.offset))))) (not (= |v_#memory_$Pointer$.base_51| (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.base_51| main_~p~0.base) main_~p~0.offset))))) (= (bvadd (let ((.cse1 (bvadd main_~a~0.offset (_ bv8 32)))) (select (select .cse0 (select (select |v_#memory_$Pointer$.base_51| main_~a~0.base) .cse1)) (select (select |v_#memory_$Pointer$.offset_47| main_~a~0.base) .cse1))) (_ bv4294967294 32)) (_ bv0 32)) (not (= (bvadd (select (select .cse0 main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32))))) [2018-11-23 11:11:19,610 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_26, v_DerPreprocessor_28]. (let ((.cse0 (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))))) (or (= (_ bv2 32) (let ((.cse1 (bvadd main_~a~0.offset (_ bv8 32)))) (select (select .cse0 (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_26)) main_~a~0.base) .cse1)) (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_28)) main_~a~0.base) .cse1)))) (not (= (bvadd (select (select .cse0 main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32))))) [2018-11-23 11:11:20,139 WARN L180 SmtUtils]: Spent 287.00 ms on a formula simplification that was a NOOP. DAG size: 60 [2018-11-23 11:11:20,172 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:20,232 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:20,260 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:20,463 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:20,488 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:20,620 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:20,641 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:20,758 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:21,383 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 12 dim-0 vars, and 4 xjuncts. [2018-11-23 11:11:21,383 INFO L202 ElimStorePlain]: Needed 9 recursive calls to eliminate 3 variables, input treesize:120, output treesize:417 [2018-11-23 11:11:23,834 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:23,834 WARN L384 uantifierElimination]: Input elimination task: ∀ [v_DerPreprocessor_26, |v_#memory_int_61|, v_DerPreprocessor_28]. (let ((.cse0 (store |v_#memory_int_61| main_~t~0.base (store (select |v_#memory_int_61| main_~t~0.base) main_~t~0.offset (_ bv3 32)))) (.cse2 (bvadd main_~p~0.offset (_ bv8 32)))) (or (not (= (_ bv2 32) (select (select .cse0 main_~a~0.base) main_~a~0.offset))) (= (_ bv2 32) (let ((.cse3 (bvadd main_~a~0.offset (_ bv8 32)))) (select (select .cse0 (select (select (let ((.cse1 (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) .cse2 main_~t~0.base)))) (store .cse1 main_~t~0.base (store (select .cse1 main_~t~0.base) main_~t~0.offset v_DerPreprocessor_26))) main_~a~0.base) .cse3)) (select (select (let ((.cse4 (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) .cse2 main_~t~0.offset)))) (store .cse4 main_~t~0.base (store (select .cse4 main_~t~0.base) main_~t~0.offset v_DerPreprocessor_28))) main_~a~0.base) .cse3)))) (not (= (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) .cse2 (select (select |v_#memory_int_61| main_~p~0.base) .cse2))) |v_#memory_int_61|)))) [2018-11-23 11:11:23,834 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_26, v_DerPreprocessor_36, v_DerPreprocessor_28, v_prenex_19, v_DerPreprocessor_32, v_prenex_18, v_prenex_23, v_DerPreprocessor_34, v_prenex_22, v_prenex_21, v_DerPreprocessor_30, v_prenex_20]. (let ((.cse4 (bvadd main_~p~0.offset (_ bv8 32)))) (let ((.cse6 (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) .cse4 main_~t~0.offset))) (.cse0 (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) .cse4 main_~t~0.base)))) (let ((.cse8 (= main_~a~0.offset main_~t~0.offset)) (.cse1 (select .cse0 main_~t~0.base)) (.cse7 (select .cse6 main_~t~0.base)) (.cse2 (bvadd main_~a~0.offset (_ bv8 32))) (.cse5 (= main_~t~0.base main_~a~0.base)) (.cse3 (select |#memory_int| main_~p~0.base))) (and (or (not (= main_~t~0.base (select (select (store .cse0 main_~t~0.base (store .cse1 main_~t~0.offset v_DerPreprocessor_26)) main_~a~0.base) .cse2))) (not (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store .cse3 .cse4 v_DerPreprocessor_36)) main_~a~0.base) main_~a~0.offset))) .cse5 (not (= main_~t~0.offset (select (select (store .cse6 main_~t~0.base (store .cse7 main_~t~0.offset v_DerPreprocessor_28)) main_~a~0.base) .cse2)))) (let ((.cse9 (store |#memory_int| main_~p~0.base (store .cse3 .cse4 v_DerPreprocessor_32)))) (or .cse8 (= (_ bv2 32) (select (select .cse9 (select (select (store .cse0 main_~t~0.base (store .cse1 main_~t~0.offset v_prenex_19)) main_~a~0.base) .cse2)) (select (select (store .cse6 main_~t~0.base (store .cse7 main_~t~0.offset v_prenex_18)) main_~a~0.base) .cse2))) (not (= (bvadd (select (select .cse9 main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32))))) (or .cse8 (not (= main_~t~0.base (select (select (store .cse0 main_~t~0.base (store .cse1 main_~t~0.offset v_prenex_23)) main_~a~0.base) .cse2))) (not (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store .cse3 .cse4 v_DerPreprocessor_34)) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32))) (not (= main_~t~0.offset (select (select (store .cse6 main_~t~0.base (store .cse7 main_~t~0.offset v_prenex_22)) main_~a~0.base) .cse2)))) (let ((.cse10 (store |#memory_int| main_~p~0.base (store .cse3 .cse4 v_DerPreprocessor_30)))) (or (not (= (_ bv2 32) (select (select .cse10 main_~a~0.base) main_~a~0.offset))) (= (bvadd (select (select .cse10 (select (select (store .cse0 main_~t~0.base (store .cse1 main_~t~0.offset v_prenex_21)) main_~a~0.base) .cse2)) (select (select (store .cse6 main_~t~0.base (store .cse7 main_~t~0.offset v_prenex_20)) main_~a~0.base) .cse2)) (_ bv4294967294 32)) (_ bv0 32)) .cse5)))))) [2018-11-23 11:11:25,026 WARN L180 SmtUtils]: Spent 425.00 ms on a formula simplification that was a NOOP. DAG size: 126 [2018-11-23 11:11:48,807 WARN L180 SmtUtils]: Spent 14.98 s on a formula simplification that was a NOOP. DAG size: 154 [2018-11-23 11:12:05,203 WARN L180 SmtUtils]: Spent 13.90 s on a formula simplification that was a NOOP. DAG size: 249 [2018-11-23 11:12:05,267 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 138 treesize of output 136 [2018-11-23 11:12:05,298 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 18 [2018-11-23 11:12:05,373 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 13 [2018-11-23 11:12:05,374 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:12:05,471 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 5 [2018-11-23 11:12:05,472 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:12:05,684 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:12:06,114 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:12:06,131 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 129 treesize of output 127 [2018-11-23 11:12:06,154 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 1 [2018-11-23 11:12:06,155 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:12:06,442 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:12:33,001 WARN L521 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 11 cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:12:33,002 FATAL L292 ToolchainWalker]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.NullPointerException at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSort.areDimensionsConsistent(MultiDimensionalSort.java:84) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelect.classInvariant(MultiDimensionalSelect.java:113) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelect.(MultiDimensionalSelect.java:90) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalStore.isCompatibleSelect(MultiDimensionalStore.java:105) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalStore.(MultiDimensionalStore.java:73) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelectOverStore.(MultiDimensionalSelectOverStore.java:48) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelectOverStore.convert(MultiDimensionalSelectOverStore.java:75) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ArrayQuantifierEliminationUtils.elimAllSos(ArrayQuantifierEliminationUtils.java:57) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.doElimAllRec(ElimStorePlain.java:232) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.doElimOneRec(ElimStorePlain.java:225) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.doElimAllRec(ElimStorePlain.java:247) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.elimAllRec(ElimStorePlain.java:199) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.PartialQuantifierElimination.elim(PartialQuantifierElimination.java:293) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.PartialQuantifierElimination.tryToEliminate(PartialQuantifierElimination.java:101) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer$QuantifierEliminationPostprocessor.postprocess(IterativePredicateTransformer.java:245) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer.applyPostprocessors(IterativePredicateTransformer.java:439) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer.computeBackwardSequence(IterativePredicateTransformer.java:418) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer.computeWeakestPreconditionSequence(IterativePredicateTransformer.java:290) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.singletracecheck.TraceCheckSpWp.computeInterpolantsUsingUnsatCore(TraceCheckSpWp.java:330) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.singletracecheck.TraceCheckSpWp.computeInterpolants(TraceCheckSpWp.java:175) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.singletracecheck.TraceCheckSpWp.(TraceCheckSpWp.java:162) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceCheckConstructor.constructForwardBackward(TraceCheckConstructor.java:224) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceCheckConstructor.constructTraceCheck(TraceCheckConstructor.java:188) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceCheckConstructor.get(TraceCheckConstructor.java:165) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.MultiTrackRefinementStrategy.getTraceCheck(MultiTrackRefinementStrategy.java:232) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseRefinementStrategy.checkFeasibility(BaseRefinementStrategy.java:223) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseRefinementStrategy.executeStrategy(BaseRefinementStrategy.java:197) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceAbstractionRefinementEngine.(TraceAbstractionRefinementEngine.java:70) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.BasicCegarLoop.isCounterexampleFeasible(BasicCegarLoop.java:456) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.AbstractCegarLoop.iterateInternal(AbstractCegarLoop.java:434) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.AbstractCegarLoop.iterate(AbstractCegarLoop.java:376) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.iterate(TraceAbstractionStarter.java:334) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:174) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:126) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:316) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55) [2018-11-23 11:12:33,011 INFO L168 Benchmark]: Toolchain (without parser) took 152549.83 ms. Allocated memory was 1.5 GB in the beginning and 2.6 GB in the end (delta: 1.1 GB). Free memory was 1.4 GB in the beginning and 2.4 GB in the end (delta: -957.9 MB). Peak memory consumption was 154.2 MB. Max. memory is 7.1 GB. [2018-11-23 11:12:33,011 INFO L168 Benchmark]: CDTParser took 0.24 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-11-23 11:12:33,011 INFO L168 Benchmark]: CACSL2BoogieTranslator took 832.37 ms. Allocated memory was 1.5 GB in the beginning and 2.2 GB in the end (delta: 712.5 MB). Free memory was 1.4 GB in the beginning and 2.2 GB in the end (delta: -746.3 MB). Peak memory consumption was 38.6 MB. Max. memory is 7.1 GB. [2018-11-23 11:12:33,012 INFO L168 Benchmark]: Boogie Procedure Inliner took 54.39 ms. Allocated memory is still 2.2 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-11-23 11:12:33,012 INFO L168 Benchmark]: Boogie Preprocessor took 84.38 ms. Allocated memory is still 2.2 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-11-23 11:12:33,012 INFO L168 Benchmark]: RCFGBuilder took 1051.94 ms. Allocated memory is still 2.2 GB. Free memory was 2.2 GB in the beginning and 2.1 GB in the end (delta: 38.3 MB). Peak memory consumption was 38.3 MB. Max. memory is 7.1 GB. [2018-11-23 11:12:33,013 INFO L168 Benchmark]: TraceAbstraction took 150521.45 ms. Allocated memory was 2.2 GB in the beginning and 2.6 GB in the end (delta: 399.5 MB). Free memory was 2.1 GB in the beginning and 2.4 GB in the end (delta: -249.9 MB). Peak memory consumption was 149.6 MB. Max. memory is 7.1 GB. [2018-11-23 11:12:33,014 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - GenericResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.24 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. * CACSL2BoogieTranslator took 832.37 ms. Allocated memory was 1.5 GB in the beginning and 2.2 GB in the end (delta: 712.5 MB). Free memory was 1.4 GB in the beginning and 2.2 GB in the end (delta: -746.3 MB). Peak memory consumption was 38.6 MB. Max. memory is 7.1 GB. * Boogie Procedure Inliner took 54.39 ms. Allocated memory is still 2.2 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. * Boogie Preprocessor took 84.38 ms. Allocated memory is still 2.2 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. * RCFGBuilder took 1051.94 ms. Allocated memory is still 2.2 GB. Free memory was 2.2 GB in the beginning and 2.1 GB in the end (delta: 38.3 MB). Peak memory consumption was 38.3 MB. Max. memory is 7.1 GB. * TraceAbstraction took 150521.45 ms. Allocated memory was 2.2 GB in the beginning and 2.6 GB in the end (delta: 399.5 MB). Free memory was 2.1 GB in the beginning and 2.4 GB in the end (delta: -249.9 MB). Peak memory consumption was 149.6 MB. Max. memory is 7.1 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - ExceptionOrErrorResult: NullPointerException: null de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: NullPointerException: null: de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSort.areDimensionsConsistent(MultiDimensionalSort.java:84) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request...