java -ea -Xmx8000000000 -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc ../../../trunk/examples/toolchains/AutomizerCInline_WitnessPrinter.xml -s ../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf -i ../../../trunk/examples/svcomp/list-ext2-properties/list_and_tree_cnstr_false-unreach-call_false-termination.i -------------------------------------------------------------------------------- This is Ultimate 0.1.23-61f4311 [2018-11-23 11:10:01,426 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-11-23 11:10:01,428 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-11-23 11:10:01,440 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-11-23 11:10:01,440 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-11-23 11:10:01,441 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-11-23 11:10:01,442 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-11-23 11:10:01,444 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-11-23 11:10:01,446 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-11-23 11:10:01,447 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-11-23 11:10:01,448 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-11-23 11:10:01,448 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-11-23 11:10:01,449 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2018-11-23 11:10:01,450 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-11-23 11:10:01,451 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2018-11-23 11:10:01,452 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-11-23 11:10:01,453 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-11-23 11:10:01,454 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-11-23 11:10:01,456 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-11-23 11:10:01,458 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-11-23 11:10:01,459 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-11-23 11:10:01,460 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-11-23 11:10:01,465 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-11-23 11:10:01,465 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-11-23 11:10:01,465 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2018-11-23 11:10:01,468 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-11-23 11:10:01,471 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-11-23 11:10:01,472 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2018-11-23 11:10:01,473 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-11-23 11:10:01,476 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-11-23 11:10:01,476 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-11-23 11:10:01,477 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-11-23 11:10:01,477 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2018-11-23 11:10:01,477 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2018-11-23 11:10:01,478 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-11-23 11:10:01,481 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-11-23 11:10:01,482 INFO L98 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Bitvector.epf [2018-11-23 11:10:01,510 INFO L110 SettingsManager]: Loading preferences was successful [2018-11-23 11:10:01,511 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-11-23 11:10:01,512 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-11-23 11:10:01,512 INFO L133 SettingsManager]: * ... calls to implemented procedures=ONLY_FOR_CONCURRENT_PROGRAMS [2018-11-23 11:10:01,513 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2018-11-23 11:10:01,513 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2018-11-23 11:10:01,513 INFO L133 SettingsManager]: * Use SBE=true [2018-11-23 11:10:01,513 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-11-23 11:10:01,515 INFO L133 SettingsManager]: * sizeof long=4 [2018-11-23 11:10:01,515 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-11-23 11:10:01,515 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-11-23 11:10:01,515 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2018-11-23 11:10:01,515 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-11-23 11:10:01,515 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2018-11-23 11:10:01,516 INFO L133 SettingsManager]: * Use bitvectors instead of ints=true [2018-11-23 11:10:01,516 INFO L133 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2018-11-23 11:10:01,516 INFO L133 SettingsManager]: * sizeof long double=12 [2018-11-23 11:10:01,516 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2018-11-23 11:10:01,516 INFO L133 SettingsManager]: * Use constant arrays=true [2018-11-23 11:10:01,517 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2018-11-23 11:10:01,517 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-11-23 11:10:01,517 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-11-23 11:10:01,517 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-11-23 11:10:01,517 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-11-23 11:10:01,518 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:10:01,518 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-11-23 11:10:01,518 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-11-23 11:10:01,518 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-11-23 11:10:01,518 INFO L133 SettingsManager]: * Trace refinement strategy=WOLF [2018-11-23 11:10:01,519 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-11-23 11:10:01,520 INFO L133 SettingsManager]: * Command for external solver=cvc4nyu --tear-down-incremental --rewrite-divk --print-success --lang smt [2018-11-23 11:10:01,521 INFO L133 SettingsManager]: * Logic for external solver=AUFBV [2018-11-23 11:10:01,521 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2018-11-23 11:10:01,589 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-11-23 11:10:01,604 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2018-11-23 11:10:01,609 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2018-11-23 11:10:01,610 INFO L271 PluginConnector]: Initializing CDTParser... [2018-11-23 11:10:01,611 INFO L276 PluginConnector]: CDTParser initialized [2018-11-23 11:10:01,612 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/list-ext2-properties/list_and_tree_cnstr_false-unreach-call_false-termination.i [2018-11-23 11:10:01,676 INFO L221 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/005e02afe/ce8bad2e3918401d95bc2df5504c85f6/FLAGe030671d7 [2018-11-23 11:10:02,206 INFO L307 CDTParser]: Found 1 translation units. [2018-11-23 11:10:02,206 INFO L161 CDTParser]: Scanning /storage/repos/ultimate/trunk/examples/svcomp/list-ext2-properties/list_and_tree_cnstr_false-unreach-call_false-termination.i [2018-11-23 11:10:02,218 INFO L355 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/005e02afe/ce8bad2e3918401d95bc2df5504c85f6/FLAGe030671d7 [2018-11-23 11:10:02,479 INFO L363 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/005e02afe/ce8bad2e3918401d95bc2df5504c85f6 [2018-11-23 11:10:02,490 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-11-23 11:10:02,491 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2018-11-23 11:10:02,492 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-11-23 11:10:02,492 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-11-23 11:10:02,496 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-11-23 11:10:02,498 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:10:02" (1/1) ... [2018-11-23 11:10:02,501 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@19ade664 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:02, skipping insertion in model container [2018-11-23 11:10:02,501 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:10:02" (1/1) ... [2018-11-23 11:10:02,512 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2018-11-23 11:10:02,564 INFO L176 MainTranslator]: Built tables and reachable declarations [2018-11-23 11:10:03,016 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:10:03,032 INFO L191 MainTranslator]: Completed pre-run [2018-11-23 11:10:03,194 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:10:03,257 INFO L195 MainTranslator]: Completed translation [2018-11-23 11:10:03,258 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03 WrapperNode [2018-11-23 11:10:03,258 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-11-23 11:10:03,259 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2018-11-23 11:10:03,259 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2018-11-23 11:10:03,259 INFO L276 PluginConnector]: Boogie Procedure Inliner initialized [2018-11-23 11:10:03,268 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03" (1/1) ... [2018-11-23 11:10:03,288 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03" (1/1) ... [2018-11-23 11:10:03,298 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2018-11-23 11:10:03,298 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-11-23 11:10:03,298 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-11-23 11:10:03,298 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-11-23 11:10:03,309 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03" (1/1) ... [2018-11-23 11:10:03,309 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03" (1/1) ... [2018-11-23 11:10:03,315 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03" (1/1) ... [2018-11-23 11:10:03,315 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03" (1/1) ... [2018-11-23 11:10:03,342 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03" (1/1) ... [2018-11-23 11:10:03,352 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03" (1/1) ... [2018-11-23 11:10:03,356 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03" (1/1) ... [2018-11-23 11:10:03,362 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-11-23 11:10:03,365 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-11-23 11:10:03,365 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-11-23 11:10:03,365 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-11-23 11:10:03,368 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:10:03,432 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-11-23 11:10:03,433 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE4 [2018-11-23 11:10:03,433 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2018-11-23 11:10:03,433 INFO L138 BoogieDeclarations]: Found implementation of procedure exit [2018-11-23 11:10:03,433 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-11-23 11:10:03,433 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-11-23 11:10:03,434 INFO L130 BoogieDeclarations]: Found specification of procedure main [2018-11-23 11:10:03,434 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2018-11-23 11:10:03,434 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2018-11-23 11:10:03,434 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2018-11-23 11:10:03,434 INFO L130 BoogieDeclarations]: Found specification of procedure write~intINTTYPE4 [2018-11-23 11:10:03,434 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2018-11-23 11:10:03,435 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-11-23 11:10:03,435 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-11-23 11:10:05,115 INFO L275 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-11-23 11:10:05,116 INFO L280 CfgBuilder]: Removed 8 assue(true) statements. [2018-11-23 11:10:05,116 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:10:05 BoogieIcfgContainer [2018-11-23 11:10:05,117 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-11-23 11:10:05,118 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2018-11-23 11:10:05,118 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2018-11-23 11:10:05,121 INFO L276 PluginConnector]: TraceAbstraction initialized [2018-11-23 11:10:05,121 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 23.11 11:10:02" (1/3) ... [2018-11-23 11:10:05,122 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3ab5ac5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:10:05, skipping insertion in model container [2018-11-23 11:10:05,122 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:10:03" (2/3) ... [2018-11-23 11:10:05,123 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3ab5ac5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:10:05, skipping insertion in model container [2018-11-23 11:10:05,123 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:10:05" (3/3) ... [2018-11-23 11:10:05,125 INFO L112 eAbstractionObserver]: Analyzing ICFG list_and_tree_cnstr_false-unreach-call_false-termination.i [2018-11-23 11:10:05,135 INFO L156 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2018-11-23 11:10:05,143 INFO L168 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2018-11-23 11:10:05,161 INFO L257 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2018-11-23 11:10:05,196 INFO L133 ementStrategyFactory]: Using default assertion order modulation [2018-11-23 11:10:05,197 INFO L382 AbstractCegarLoop]: Interprodecural is true [2018-11-23 11:10:05,197 INFO L383 AbstractCegarLoop]: Hoare is true [2018-11-23 11:10:05,197 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2018-11-23 11:10:05,197 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2018-11-23 11:10:05,198 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2018-11-23 11:10:05,198 INFO L387 AbstractCegarLoop]: Difference is false [2018-11-23 11:10:05,198 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2018-11-23 11:10:05,198 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2018-11-23 11:10:05,216 INFO L276 IsEmpty]: Start isEmpty. Operand 52 states. [2018-11-23 11:10:05,223 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2018-11-23 11:10:05,223 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:05,224 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:05,227 INFO L423 AbstractCegarLoop]: === Iteration 1 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:05,233 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:05,233 INFO L82 PathProgramCache]: Analyzing trace with hash -48326112, now seen corresponding path program 1 times [2018-11-23 11:10:05,238 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:05,239 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:05,261 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:05,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:05,335 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:05,340 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:05,425 INFO L256 TraceCheckUtils]: 0: Hoare triple {55#true} call ULTIMATE.init(); {55#true} is VALID [2018-11-23 11:10:05,429 INFO L273 TraceCheckUtils]: 1: Hoare triple {55#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {55#true} is VALID [2018-11-23 11:10:05,429 INFO L273 TraceCheckUtils]: 2: Hoare triple {55#true} assume true; {55#true} is VALID [2018-11-23 11:10:05,430 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {55#true} {55#true} #200#return; {55#true} is VALID [2018-11-23 11:10:05,430 INFO L256 TraceCheckUtils]: 4: Hoare triple {55#true} call #t~ret39 := main(); {55#true} is VALID [2018-11-23 11:10:05,430 INFO L273 TraceCheckUtils]: 5: Hoare triple {55#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {55#true} is VALID [2018-11-23 11:10:05,431 INFO L273 TraceCheckUtils]: 6: Hoare triple {55#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {55#true} is VALID [2018-11-23 11:10:05,431 INFO L273 TraceCheckUtils]: 7: Hoare triple {55#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {55#true} is VALID [2018-11-23 11:10:05,431 INFO L273 TraceCheckUtils]: 8: Hoare triple {55#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {55#true} is VALID [2018-11-23 11:10:05,432 INFO L273 TraceCheckUtils]: 9: Hoare triple {55#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {55#true} is VALID [2018-11-23 11:10:05,432 INFO L273 TraceCheckUtils]: 10: Hoare triple {55#true} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {55#true} is VALID [2018-11-23 11:10:05,432 INFO L273 TraceCheckUtils]: 11: Hoare triple {55#true} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {55#true} is VALID [2018-11-23 11:10:05,433 INFO L273 TraceCheckUtils]: 12: Hoare triple {55#true} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {55#true} is VALID [2018-11-23 11:10:05,433 INFO L273 TraceCheckUtils]: 13: Hoare triple {55#true} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {55#true} is VALID [2018-11-23 11:10:05,433 INFO L273 TraceCheckUtils]: 14: Hoare triple {55#true} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {55#true} is VALID [2018-11-23 11:10:05,451 INFO L273 TraceCheckUtils]: 15: Hoare triple {55#true} assume !true; {56#false} is VALID [2018-11-23 11:10:05,451 INFO L273 TraceCheckUtils]: 16: Hoare triple {56#false} assume !true; {56#false} is VALID [2018-11-23 11:10:05,452 INFO L273 TraceCheckUtils]: 17: Hoare triple {56#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {56#false} is VALID [2018-11-23 11:10:05,452 INFO L273 TraceCheckUtils]: 18: Hoare triple {56#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {56#false} is VALID [2018-11-23 11:10:05,452 INFO L273 TraceCheckUtils]: 19: Hoare triple {56#false} assume !false; {56#false} is VALID [2018-11-23 11:10:05,457 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:05,458 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:10:05,464 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:10:05,467 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2018-11-23 11:10:05,472 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 20 [2018-11-23 11:10:05,475 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:05,479 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states. [2018-11-23 11:10:05,622 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:05,622 INFO L459 AbstractCegarLoop]: Interpolant automaton has 2 states [2018-11-23 11:10:05,631 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2018-11-23 11:10:05,631 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:10:05,633 INFO L87 Difference]: Start difference. First operand 52 states. Second operand 2 states. [2018-11-23 11:10:06,432 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:06,432 INFO L93 Difference]: Finished difference Result 98 states and 152 transitions. [2018-11-23 11:10:06,432 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2018-11-23 11:10:06,433 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 20 [2018-11-23 11:10:06,433 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:06,434 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:10:06,450 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 152 transitions. [2018-11-23 11:10:06,451 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 2 states. [2018-11-23 11:10:06,457 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 152 transitions. [2018-11-23 11:10:06,457 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 152 transitions. [2018-11-23 11:10:06,887 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 152 edges. 152 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:06,900 INFO L225 Difference]: With dead ends: 98 [2018-11-23 11:10:06,901 INFO L226 Difference]: Without dead ends: 42 [2018-11-23 11:10:06,904 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 19 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:10:06,920 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 42 states. [2018-11-23 11:10:06,948 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 42 to 42. [2018-11-23 11:10:06,949 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:06,949 INFO L82 GeneralOperation]: Start isEquivalent. First operand 42 states. Second operand 42 states. [2018-11-23 11:10:06,950 INFO L74 IsIncluded]: Start isIncluded. First operand 42 states. Second operand 42 states. [2018-11-23 11:10:06,950 INFO L87 Difference]: Start difference. First operand 42 states. Second operand 42 states. [2018-11-23 11:10:06,955 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:06,956 INFO L93 Difference]: Finished difference Result 42 states and 57 transitions. [2018-11-23 11:10:06,956 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 57 transitions. [2018-11-23 11:10:06,957 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:06,957 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:06,957 INFO L74 IsIncluded]: Start isIncluded. First operand 42 states. Second operand 42 states. [2018-11-23 11:10:06,957 INFO L87 Difference]: Start difference. First operand 42 states. Second operand 42 states. [2018-11-23 11:10:06,962 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:06,962 INFO L93 Difference]: Finished difference Result 42 states and 57 transitions. [2018-11-23 11:10:06,963 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 57 transitions. [2018-11-23 11:10:06,963 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:06,964 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:06,964 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:06,964 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:06,964 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 42 states. [2018-11-23 11:10:06,968 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 42 states to 42 states and 57 transitions. [2018-11-23 11:10:06,970 INFO L78 Accepts]: Start accepts. Automaton has 42 states and 57 transitions. Word has length 20 [2018-11-23 11:10:06,970 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:06,970 INFO L480 AbstractCegarLoop]: Abstraction has 42 states and 57 transitions. [2018-11-23 11:10:06,970 INFO L481 AbstractCegarLoop]: Interpolant automaton has 2 states. [2018-11-23 11:10:06,971 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 57 transitions. [2018-11-23 11:10:06,972 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 23 [2018-11-23 11:10:06,972 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:06,972 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:06,972 INFO L423 AbstractCegarLoop]: === Iteration 2 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:06,973 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:06,973 INFO L82 PathProgramCache]: Analyzing trace with hash -1580956794, now seen corresponding path program 1 times [2018-11-23 11:10:06,974 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:06,974 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:06,994 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:07,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:07,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:07,050 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:07,154 INFO L256 TraceCheckUtils]: 0: Hoare triple {376#true} call ULTIMATE.init(); {376#true} is VALID [2018-11-23 11:10:07,155 INFO L273 TraceCheckUtils]: 1: Hoare triple {376#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {376#true} is VALID [2018-11-23 11:10:07,155 INFO L273 TraceCheckUtils]: 2: Hoare triple {376#true} assume true; {376#true} is VALID [2018-11-23 11:10:07,156 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {376#true} {376#true} #200#return; {376#true} is VALID [2018-11-23 11:10:07,156 INFO L256 TraceCheckUtils]: 4: Hoare triple {376#true} call #t~ret39 := main(); {376#true} is VALID [2018-11-23 11:10:07,158 INFO L273 TraceCheckUtils]: 5: Hoare triple {376#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {396#(not (= main_~root~0.base (_ bv0 32)))} is VALID [2018-11-23 11:10:07,158 INFO L273 TraceCheckUtils]: 6: Hoare triple {396#(not (= main_~root~0.base (_ bv0 32)))} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {396#(not (= main_~root~0.base (_ bv0 32)))} is VALID [2018-11-23 11:10:07,159 INFO L273 TraceCheckUtils]: 7: Hoare triple {396#(not (= main_~root~0.base (_ bv0 32)))} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {396#(not (= main_~root~0.base (_ bv0 32)))} is VALID [2018-11-23 11:10:07,163 INFO L273 TraceCheckUtils]: 8: Hoare triple {396#(not (= main_~root~0.base (_ bv0 32)))} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {377#false} is VALID [2018-11-23 11:10:07,163 INFO L273 TraceCheckUtils]: 9: Hoare triple {377#false} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {377#false} is VALID [2018-11-23 11:10:07,163 INFO L273 TraceCheckUtils]: 10: Hoare triple {377#false} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {377#false} is VALID [2018-11-23 11:10:07,163 INFO L273 TraceCheckUtils]: 11: Hoare triple {377#false} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {377#false} is VALID [2018-11-23 11:10:07,164 INFO L273 TraceCheckUtils]: 12: Hoare triple {377#false} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {377#false} is VALID [2018-11-23 11:10:07,164 INFO L273 TraceCheckUtils]: 13: Hoare triple {377#false} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {377#false} is VALID [2018-11-23 11:10:07,164 INFO L273 TraceCheckUtils]: 14: Hoare triple {377#false} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {377#false} is VALID [2018-11-23 11:10:07,164 INFO L273 TraceCheckUtils]: 15: Hoare triple {377#false} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {377#false} is VALID [2018-11-23 11:10:07,165 INFO L273 TraceCheckUtils]: 16: Hoare triple {377#false} assume !(2bv32 == #t~mem34);havoc #t~mem34; {377#false} is VALID [2018-11-23 11:10:07,165 INFO L273 TraceCheckUtils]: 17: Hoare triple {377#false} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {377#false} is VALID [2018-11-23 11:10:07,165 INFO L273 TraceCheckUtils]: 18: Hoare triple {377#false} assume !(1bv32 == #t~mem36);havoc #t~mem36; {377#false} is VALID [2018-11-23 11:10:07,166 INFO L273 TraceCheckUtils]: 19: Hoare triple {377#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {377#false} is VALID [2018-11-23 11:10:07,166 INFO L273 TraceCheckUtils]: 20: Hoare triple {377#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {377#false} is VALID [2018-11-23 11:10:07,166 INFO L273 TraceCheckUtils]: 21: Hoare triple {377#false} assume !false; {377#false} is VALID [2018-11-23 11:10:07,169 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:10:07,169 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:10:07,173 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:10:07,173 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2018-11-23 11:10:07,175 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 22 [2018-11-23 11:10:07,175 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:07,176 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2018-11-23 11:10:07,221 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 22 edges. 22 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:07,221 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2018-11-23 11:10:07,221 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2018-11-23 11:10:07,221 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:10:07,222 INFO L87 Difference]: Start difference. First operand 42 states and 57 transitions. Second operand 3 states. [2018-11-23 11:10:07,671 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:07,672 INFO L93 Difference]: Finished difference Result 68 states and 92 transitions. [2018-11-23 11:10:07,672 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2018-11-23 11:10:07,672 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 22 [2018-11-23 11:10:07,672 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:07,672 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:10:07,676 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 92 transitions. [2018-11-23 11:10:07,676 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-11-23 11:10:07,679 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 92 transitions. [2018-11-23 11:10:07,679 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 92 transitions. [2018-11-23 11:10:08,065 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 92 edges. 92 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:08,068 INFO L225 Difference]: With dead ends: 68 [2018-11-23 11:10:08,068 INFO L226 Difference]: Without dead ends: 50 [2018-11-23 11:10:08,069 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 21 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-11-23 11:10:08,070 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 50 states. [2018-11-23 11:10:08,089 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 50 to 50. [2018-11-23 11:10:08,089 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:08,090 INFO L82 GeneralOperation]: Start isEquivalent. First operand 50 states. Second operand 50 states. [2018-11-23 11:10:08,090 INFO L74 IsIncluded]: Start isIncluded. First operand 50 states. Second operand 50 states. [2018-11-23 11:10:08,090 INFO L87 Difference]: Start difference. First operand 50 states. Second operand 50 states. [2018-11-23 11:10:08,094 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:08,094 INFO L93 Difference]: Finished difference Result 50 states and 70 transitions. [2018-11-23 11:10:08,094 INFO L276 IsEmpty]: Start isEmpty. Operand 50 states and 70 transitions. [2018-11-23 11:10:08,096 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:08,096 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:08,096 INFO L74 IsIncluded]: Start isIncluded. First operand 50 states. Second operand 50 states. [2018-11-23 11:10:08,097 INFO L87 Difference]: Start difference. First operand 50 states. Second operand 50 states. [2018-11-23 11:10:08,100 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:08,100 INFO L93 Difference]: Finished difference Result 50 states and 70 transitions. [2018-11-23 11:10:08,101 INFO L276 IsEmpty]: Start isEmpty. Operand 50 states and 70 transitions. [2018-11-23 11:10:08,101 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:08,102 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:08,102 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:08,102 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:08,102 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 50 states. [2018-11-23 11:10:08,105 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 50 states to 50 states and 70 transitions. [2018-11-23 11:10:08,105 INFO L78 Accepts]: Start accepts. Automaton has 50 states and 70 transitions. Word has length 22 [2018-11-23 11:10:08,105 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:08,106 INFO L480 AbstractCegarLoop]: Abstraction has 50 states and 70 transitions. [2018-11-23 11:10:08,106 INFO L481 AbstractCegarLoop]: Interpolant automaton has 3 states. [2018-11-23 11:10:08,106 INFO L276 IsEmpty]: Start isEmpty. Operand 50 states and 70 transitions. [2018-11-23 11:10:08,107 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2018-11-23 11:10:08,107 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:08,107 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:08,108 INFO L423 AbstractCegarLoop]: === Iteration 3 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:08,108 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:08,108 INFO L82 PathProgramCache]: Analyzing trace with hash -1938767375, now seen corresponding path program 1 times [2018-11-23 11:10:08,109 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:08,109 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:08,127 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:08,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:08,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:08,205 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:08,376 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:10:08,386 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:08,387 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:08,390 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:08,397 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:08,397 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:15, output treesize:11 [2018-11-23 11:10:08,483 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-23 11:10:08,518 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-23 11:10:08,521 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:08,523 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:08,531 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:08,531 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-23 11:10:08,534 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:08,534 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) (_ bv0 32)))) (and (= (bvadd .cse0 (_ bv4294967293 32)) (_ bv0 32)) (= |main_#t~mem38| .cse0))) [2018-11-23 11:10:08,535 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (bvadd |main_#t~mem38| (_ bv4294967293 32)) (_ bv0 32)) [2018-11-23 11:10:08,584 INFO L256 TraceCheckUtils]: 0: Hoare triple {688#true} call ULTIMATE.init(); {688#true} is VALID [2018-11-23 11:10:08,584 INFO L273 TraceCheckUtils]: 1: Hoare triple {688#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {688#true} is VALID [2018-11-23 11:10:08,585 INFO L273 TraceCheckUtils]: 2: Hoare triple {688#true} assume true; {688#true} is VALID [2018-11-23 11:10:08,585 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {688#true} {688#true} #200#return; {688#true} is VALID [2018-11-23 11:10:08,586 INFO L256 TraceCheckUtils]: 4: Hoare triple {688#true} call #t~ret39 := main(); {688#true} is VALID [2018-11-23 11:10:08,586 INFO L273 TraceCheckUtils]: 5: Hoare triple {688#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {688#true} is VALID [2018-11-23 11:10:08,586 INFO L273 TraceCheckUtils]: 6: Hoare triple {688#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {688#true} is VALID [2018-11-23 11:10:08,587 INFO L273 TraceCheckUtils]: 7: Hoare triple {688#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {688#true} is VALID [2018-11-23 11:10:08,587 INFO L273 TraceCheckUtils]: 8: Hoare triple {688#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {688#true} is VALID [2018-11-23 11:10:08,587 INFO L273 TraceCheckUtils]: 9: Hoare triple {688#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {688#true} is VALID [2018-11-23 11:10:08,588 INFO L273 TraceCheckUtils]: 10: Hoare triple {688#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {688#true} is VALID [2018-11-23 11:10:08,588 INFO L273 TraceCheckUtils]: 11: Hoare triple {688#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {688#true} is VALID [2018-11-23 11:10:08,589 INFO L273 TraceCheckUtils]: 12: Hoare triple {688#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {688#true} is VALID [2018-11-23 11:10:08,589 INFO L273 TraceCheckUtils]: 13: Hoare triple {688#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {688#true} is VALID [2018-11-23 11:10:08,589 INFO L273 TraceCheckUtils]: 14: Hoare triple {688#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {688#true} is VALID [2018-11-23 11:10:08,595 INFO L273 TraceCheckUtils]: 15: Hoare triple {688#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {738#(= main_~a~0.offset (_ bv0 32))} is VALID [2018-11-23 11:10:08,596 INFO L273 TraceCheckUtils]: 16: Hoare triple {738#(= main_~a~0.offset (_ bv0 32))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {738#(= main_~a~0.offset (_ bv0 32))} is VALID [2018-11-23 11:10:08,600 INFO L273 TraceCheckUtils]: 17: Hoare triple {738#(= main_~a~0.offset (_ bv0 32))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {745#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:08,604 INFO L273 TraceCheckUtils]: 18: Hoare triple {745#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {745#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:08,605 INFO L273 TraceCheckUtils]: 19: Hoare triple {745#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {745#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:08,608 INFO L273 TraceCheckUtils]: 20: Hoare triple {745#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {755#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:08,612 INFO L273 TraceCheckUtils]: 21: Hoare triple {755#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {755#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:08,612 INFO L273 TraceCheckUtils]: 22: Hoare triple {755#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} assume !(2bv32 == #t~mem34);havoc #t~mem34; {755#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:08,614 INFO L273 TraceCheckUtils]: 23: Hoare triple {755#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {755#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:08,614 INFO L273 TraceCheckUtils]: 24: Hoare triple {755#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} assume !(1bv32 == #t~mem36);havoc #t~mem36; {755#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:08,615 INFO L273 TraceCheckUtils]: 25: Hoare triple {755#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {771#(= (bvadd |main_#t~mem38| (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:08,617 INFO L273 TraceCheckUtils]: 26: Hoare triple {771#(= (bvadd |main_#t~mem38| (_ bv4294967293 32)) (_ bv0 32))} assume 3bv32 != #t~mem38;havoc #t~mem38; {689#false} is VALID [2018-11-23 11:10:08,617 INFO L273 TraceCheckUtils]: 27: Hoare triple {689#false} assume !false; {689#false} is VALID [2018-11-23 11:10:08,621 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:08,621 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:10:08,630 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:10:08,631 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-23 11:10:08,631 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 28 [2018-11-23 11:10:08,632 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:08,632 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-23 11:10:08,679 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 28 edges. 28 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:08,679 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-23 11:10:08,680 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-23 11:10:08,680 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2018-11-23 11:10:08,680 INFO L87 Difference]: Start difference. First operand 50 states and 70 transitions. Second operand 6 states. [2018-11-23 11:10:10,235 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:10,235 INFO L93 Difference]: Finished difference Result 73 states and 97 transitions. [2018-11-23 11:10:10,235 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2018-11-23 11:10:10,236 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 28 [2018-11-23 11:10:10,236 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:10,236 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:10:10,239 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 84 transitions. [2018-11-23 11:10:10,239 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:10:10,241 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 84 transitions. [2018-11-23 11:10:10,241 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 84 transitions. [2018-11-23 11:10:10,501 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 84 edges. 84 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:10,505 INFO L225 Difference]: With dead ends: 73 [2018-11-23 11:10:10,505 INFO L226 Difference]: Without dead ends: 69 [2018-11-23 11:10:10,506 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 29 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2018-11-23 11:10:10,506 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 69 states. [2018-11-23 11:10:10,549 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 69 to 57. [2018-11-23 11:10:10,549 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:10,549 INFO L82 GeneralOperation]: Start isEquivalent. First operand 69 states. Second operand 57 states. [2018-11-23 11:10:10,549 INFO L74 IsIncluded]: Start isIncluded. First operand 69 states. Second operand 57 states. [2018-11-23 11:10:10,549 INFO L87 Difference]: Start difference. First operand 69 states. Second operand 57 states. [2018-11-23 11:10:10,553 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:10,553 INFO L93 Difference]: Finished difference Result 69 states and 93 transitions. [2018-11-23 11:10:10,554 INFO L276 IsEmpty]: Start isEmpty. Operand 69 states and 93 transitions. [2018-11-23 11:10:10,554 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:10,555 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:10,555 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand 69 states. [2018-11-23 11:10:10,555 INFO L87 Difference]: Start difference. First operand 57 states. Second operand 69 states. [2018-11-23 11:10:10,559 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:10,559 INFO L93 Difference]: Finished difference Result 69 states and 93 transitions. [2018-11-23 11:10:10,559 INFO L276 IsEmpty]: Start isEmpty. Operand 69 states and 93 transitions. [2018-11-23 11:10:10,560 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:10,560 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:10,560 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:10,561 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:10,561 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 57 states. [2018-11-23 11:10:10,563 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 57 states to 57 states and 80 transitions. [2018-11-23 11:10:10,564 INFO L78 Accepts]: Start accepts. Automaton has 57 states and 80 transitions. Word has length 28 [2018-11-23 11:10:10,564 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:10,564 INFO L480 AbstractCegarLoop]: Abstraction has 57 states and 80 transitions. [2018-11-23 11:10:10,564 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-23 11:10:10,565 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 80 transitions. [2018-11-23 11:10:10,566 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2018-11-23 11:10:10,566 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:10,566 INFO L402 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:10,566 INFO L423 AbstractCegarLoop]: === Iteration 4 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:10,566 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:10,567 INFO L82 PathProgramCache]: Analyzing trace with hash 909038860, now seen corresponding path program 1 times [2018-11-23 11:10:10,567 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:10,567 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:10,585 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:10,638 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:10,654 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:10,657 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:10,750 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:10:10,755 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:10,757 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,760 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,767 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,767 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:15, output treesize:11 [2018-11-23 11:10:10,857 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-23 11:10:10,915 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-23 11:10:10,940 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,966 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,973 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:10,973 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-23 11:10:10,975 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:10,976 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) (_ bv0 32)))) (and (= (bvadd .cse0 (_ bv4294967293 32)) (_ bv0 32)) (= |main_#t~mem36| .cse0))) [2018-11-23 11:10:10,976 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd |main_#t~mem36| (_ bv4294967293 32))) [2018-11-23 11:10:10,999 INFO L256 TraceCheckUtils]: 0: Hoare triple {1078#true} call ULTIMATE.init(); {1078#true} is VALID [2018-11-23 11:10:10,999 INFO L273 TraceCheckUtils]: 1: Hoare triple {1078#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1078#true} is VALID [2018-11-23 11:10:10,999 INFO L273 TraceCheckUtils]: 2: Hoare triple {1078#true} assume true; {1078#true} is VALID [2018-11-23 11:10:10,999 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1078#true} {1078#true} #200#return; {1078#true} is VALID [2018-11-23 11:10:11,000 INFO L256 TraceCheckUtils]: 4: Hoare triple {1078#true} call #t~ret39 := main(); {1078#true} is VALID [2018-11-23 11:10:11,000 INFO L273 TraceCheckUtils]: 5: Hoare triple {1078#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {1078#true} is VALID [2018-11-23 11:10:11,000 INFO L273 TraceCheckUtils]: 6: Hoare triple {1078#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {1078#true} is VALID [2018-11-23 11:10:11,000 INFO L273 TraceCheckUtils]: 7: Hoare triple {1078#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {1078#true} is VALID [2018-11-23 11:10:11,001 INFO L273 TraceCheckUtils]: 8: Hoare triple {1078#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1078#true} is VALID [2018-11-23 11:10:11,001 INFO L273 TraceCheckUtils]: 9: Hoare triple {1078#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {1078#true} is VALID [2018-11-23 11:10:11,001 INFO L273 TraceCheckUtils]: 10: Hoare triple {1078#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {1078#true} is VALID [2018-11-23 11:10:11,001 INFO L273 TraceCheckUtils]: 11: Hoare triple {1078#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {1078#true} is VALID [2018-11-23 11:10:11,002 INFO L273 TraceCheckUtils]: 12: Hoare triple {1078#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {1078#true} is VALID [2018-11-23 11:10:11,002 INFO L273 TraceCheckUtils]: 13: Hoare triple {1078#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1078#true} is VALID [2018-11-23 11:10:11,002 INFO L273 TraceCheckUtils]: 14: Hoare triple {1078#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {1078#true} is VALID [2018-11-23 11:10:11,005 INFO L273 TraceCheckUtils]: 15: Hoare triple {1078#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {1128#(= main_~a~0.offset (_ bv0 32))} is VALID [2018-11-23 11:10:11,005 INFO L273 TraceCheckUtils]: 16: Hoare triple {1128#(= main_~a~0.offset (_ bv0 32))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {1128#(= main_~a~0.offset (_ bv0 32))} is VALID [2018-11-23 11:10:11,006 INFO L273 TraceCheckUtils]: 17: Hoare triple {1128#(= main_~a~0.offset (_ bv0 32))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1135#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:11,006 INFO L273 TraceCheckUtils]: 18: Hoare triple {1135#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {1135#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:11,007 INFO L273 TraceCheckUtils]: 19: Hoare triple {1135#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {1135#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:11,009 INFO L273 TraceCheckUtils]: 20: Hoare triple {1135#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1145#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:11,010 INFO L273 TraceCheckUtils]: 21: Hoare triple {1145#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1145#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:11,011 INFO L273 TraceCheckUtils]: 22: Hoare triple {1145#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} assume !(2bv32 == #t~mem34);havoc #t~mem34; {1145#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:11,013 INFO L273 TraceCheckUtils]: 23: Hoare triple {1145#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1155#(= (_ bv3 32) |main_#t~mem36|)} is VALID [2018-11-23 11:10:11,015 INFO L273 TraceCheckUtils]: 24: Hoare triple {1155#(= (_ bv3 32) |main_#t~mem36|)} assume !!(1bv32 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {1079#false} is VALID [2018-11-23 11:10:11,015 INFO L273 TraceCheckUtils]: 25: Hoare triple {1079#false} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1079#false} is VALID [2018-11-23 11:10:11,015 INFO L273 TraceCheckUtils]: 26: Hoare triple {1079#false} assume !(1bv32 == #t~mem36);havoc #t~mem36; {1079#false} is VALID [2018-11-23 11:10:11,016 INFO L273 TraceCheckUtils]: 27: Hoare triple {1079#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1079#false} is VALID [2018-11-23 11:10:11,016 INFO L273 TraceCheckUtils]: 28: Hoare triple {1079#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {1079#false} is VALID [2018-11-23 11:10:11,016 INFO L273 TraceCheckUtils]: 29: Hoare triple {1079#false} assume !false; {1079#false} is VALID [2018-11-23 11:10:11,020 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:11,021 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:10:11,025 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:10:11,025 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-23 11:10:11,026 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 30 [2018-11-23 11:10:11,026 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:11,026 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-23 11:10:11,080 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:11,081 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-23 11:10:11,081 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-23 11:10:11,081 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2018-11-23 11:10:11,082 INFO L87 Difference]: Start difference. First operand 57 states and 80 transitions. Second operand 6 states. [2018-11-23 11:10:12,622 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:12,622 INFO L93 Difference]: Finished difference Result 75 states and 99 transitions. [2018-11-23 11:10:12,622 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2018-11-23 11:10:12,622 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 30 [2018-11-23 11:10:12,623 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:12,623 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:10:12,625 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 86 transitions. [2018-11-23 11:10:12,625 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:10:12,628 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 86 transitions. [2018-11-23 11:10:12,628 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 86 transitions. [2018-11-23 11:10:12,792 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 86 edges. 86 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:12,795 INFO L225 Difference]: With dead ends: 75 [2018-11-23 11:10:12,795 INFO L226 Difference]: Without dead ends: 67 [2018-11-23 11:10:12,796 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 31 GetRequests, 25 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2018-11-23 11:10:12,796 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 67 states. [2018-11-23 11:10:12,878 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 67 to 55. [2018-11-23 11:10:12,878 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:12,878 INFO L82 GeneralOperation]: Start isEquivalent. First operand 67 states. Second operand 55 states. [2018-11-23 11:10:12,879 INFO L74 IsIncluded]: Start isIncluded. First operand 67 states. Second operand 55 states. [2018-11-23 11:10:12,879 INFO L87 Difference]: Start difference. First operand 67 states. Second operand 55 states. [2018-11-23 11:10:12,883 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:12,883 INFO L93 Difference]: Finished difference Result 67 states and 90 transitions. [2018-11-23 11:10:12,883 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 90 transitions. [2018-11-23 11:10:12,884 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:12,884 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:12,884 INFO L74 IsIncluded]: Start isIncluded. First operand 55 states. Second operand 67 states. [2018-11-23 11:10:12,884 INFO L87 Difference]: Start difference. First operand 55 states. Second operand 67 states. [2018-11-23 11:10:12,888 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:12,888 INFO L93 Difference]: Finished difference Result 67 states and 90 transitions. [2018-11-23 11:10:12,888 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 90 transitions. [2018-11-23 11:10:12,889 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:12,889 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:12,889 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:12,889 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:12,889 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 55 states. [2018-11-23 11:10:12,892 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 55 states to 55 states and 77 transitions. [2018-11-23 11:10:12,892 INFO L78 Accepts]: Start accepts. Automaton has 55 states and 77 transitions. Word has length 30 [2018-11-23 11:10:12,892 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:12,892 INFO L480 AbstractCegarLoop]: Abstraction has 55 states and 77 transitions. [2018-11-23 11:10:12,892 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-23 11:10:12,893 INFO L276 IsEmpty]: Start isEmpty. Operand 55 states and 77 transitions. [2018-11-23 11:10:12,893 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2018-11-23 11:10:12,893 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:12,894 INFO L402 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:12,894 INFO L423 AbstractCegarLoop]: === Iteration 5 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:12,894 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:12,894 INFO L82 PathProgramCache]: Analyzing trace with hash 1933741836, now seen corresponding path program 1 times [2018-11-23 11:10:12,895 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:12,895 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:12,914 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:12,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:12,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:12,990 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:13,078 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:10:13,083 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:13,085 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:13,088 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:13,097 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:13,097 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:15, output treesize:11 [2018-11-23 11:10:13,146 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 13 [2018-11-23 11:10:13,155 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 5 [2018-11-23 11:10:13,157 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:13,159 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:13,161 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:13,161 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:17, output treesize:5 [2018-11-23 11:10:13,170 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:13,170 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) (_ bv0 32)))) (and (= (bvadd .cse0 (_ bv4294967293 32)) (_ bv0 32)) (= |main_#t~mem34| .cse0))) [2018-11-23 11:10:13,171 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (bvadd |main_#t~mem34| (_ bv4294967293 32)) (_ bv0 32)) [2018-11-23 11:10:13,187 INFO L256 TraceCheckUtils]: 0: Hoare triple {1470#true} call ULTIMATE.init(); {1470#true} is VALID [2018-11-23 11:10:13,188 INFO L273 TraceCheckUtils]: 1: Hoare triple {1470#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1470#true} is VALID [2018-11-23 11:10:13,188 INFO L273 TraceCheckUtils]: 2: Hoare triple {1470#true} assume true; {1470#true} is VALID [2018-11-23 11:10:13,189 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1470#true} {1470#true} #200#return; {1470#true} is VALID [2018-11-23 11:10:13,189 INFO L256 TraceCheckUtils]: 4: Hoare triple {1470#true} call #t~ret39 := main(); {1470#true} is VALID [2018-11-23 11:10:13,189 INFO L273 TraceCheckUtils]: 5: Hoare triple {1470#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {1470#true} is VALID [2018-11-23 11:10:13,190 INFO L273 TraceCheckUtils]: 6: Hoare triple {1470#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {1470#true} is VALID [2018-11-23 11:10:13,190 INFO L273 TraceCheckUtils]: 7: Hoare triple {1470#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {1470#true} is VALID [2018-11-23 11:10:13,191 INFO L273 TraceCheckUtils]: 8: Hoare triple {1470#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1470#true} is VALID [2018-11-23 11:10:13,191 INFO L273 TraceCheckUtils]: 9: Hoare triple {1470#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {1470#true} is VALID [2018-11-23 11:10:13,191 INFO L273 TraceCheckUtils]: 10: Hoare triple {1470#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {1470#true} is VALID [2018-11-23 11:10:13,191 INFO L273 TraceCheckUtils]: 11: Hoare triple {1470#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {1470#true} is VALID [2018-11-23 11:10:13,192 INFO L273 TraceCheckUtils]: 12: Hoare triple {1470#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {1470#true} is VALID [2018-11-23 11:10:13,192 INFO L273 TraceCheckUtils]: 13: Hoare triple {1470#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1470#true} is VALID [2018-11-23 11:10:13,192 INFO L273 TraceCheckUtils]: 14: Hoare triple {1470#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {1470#true} is VALID [2018-11-23 11:10:13,195 INFO L273 TraceCheckUtils]: 15: Hoare triple {1470#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {1520#(= main_~a~0.offset (_ bv0 32))} is VALID [2018-11-23 11:10:13,197 INFO L273 TraceCheckUtils]: 16: Hoare triple {1520#(= main_~a~0.offset (_ bv0 32))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {1520#(= main_~a~0.offset (_ bv0 32))} is VALID [2018-11-23 11:10:13,197 INFO L273 TraceCheckUtils]: 17: Hoare triple {1520#(= main_~a~0.offset (_ bv0 32))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1527#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:13,199 INFO L273 TraceCheckUtils]: 18: Hoare triple {1527#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {1527#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:13,200 INFO L273 TraceCheckUtils]: 19: Hoare triple {1527#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {1527#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:13,201 INFO L273 TraceCheckUtils]: 20: Hoare triple {1527#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1537#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:13,217 INFO L273 TraceCheckUtils]: 21: Hoare triple {1537#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1541#(= (bvadd |main_#t~mem34| (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:13,219 INFO L273 TraceCheckUtils]: 22: Hoare triple {1541#(= (bvadd |main_#t~mem34| (_ bv4294967293 32)) (_ bv0 32))} assume !!(2bv32 == #t~mem34);havoc #t~mem34;call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {1471#false} is VALID [2018-11-23 11:10:13,219 INFO L273 TraceCheckUtils]: 23: Hoare triple {1471#false} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1471#false} is VALID [2018-11-23 11:10:13,219 INFO L273 TraceCheckUtils]: 24: Hoare triple {1471#false} assume !(2bv32 == #t~mem34);havoc #t~mem34; {1471#false} is VALID [2018-11-23 11:10:13,220 INFO L273 TraceCheckUtils]: 25: Hoare triple {1471#false} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1471#false} is VALID [2018-11-23 11:10:13,220 INFO L273 TraceCheckUtils]: 26: Hoare triple {1471#false} assume !(1bv32 == #t~mem36);havoc #t~mem36; {1471#false} is VALID [2018-11-23 11:10:13,220 INFO L273 TraceCheckUtils]: 27: Hoare triple {1471#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1471#false} is VALID [2018-11-23 11:10:13,221 INFO L273 TraceCheckUtils]: 28: Hoare triple {1471#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {1471#false} is VALID [2018-11-23 11:10:13,221 INFO L273 TraceCheckUtils]: 29: Hoare triple {1471#false} assume !false; {1471#false} is VALID [2018-11-23 11:10:13,223 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:13,223 INFO L312 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2018-11-23 11:10:13,226 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:10:13,226 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2018-11-23 11:10:13,227 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 30 [2018-11-23 11:10:13,227 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:13,227 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2018-11-23 11:10:13,272 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:13,272 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2018-11-23 11:10:13,273 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2018-11-23 11:10:13,273 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2018-11-23 11:10:13,273 INFO L87 Difference]: Start difference. First operand 55 states and 77 transitions. Second operand 6 states. [2018-11-23 11:10:15,051 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:15,052 INFO L93 Difference]: Finished difference Result 75 states and 99 transitions. [2018-11-23 11:10:15,052 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2018-11-23 11:10:15,052 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 30 [2018-11-23 11:10:15,052 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:15,052 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:10:15,054 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 86 transitions. [2018-11-23 11:10:15,055 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2018-11-23 11:10:15,056 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 86 transitions. [2018-11-23 11:10:15,056 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 86 transitions. [2018-11-23 11:10:15,219 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 86 edges. 86 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:15,222 INFO L225 Difference]: With dead ends: 75 [2018-11-23 11:10:15,222 INFO L226 Difference]: Without dead ends: 64 [2018-11-23 11:10:15,222 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 31 GetRequests, 25 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2018-11-23 11:10:15,223 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 64 states. [2018-11-23 11:10:15,245 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 64 to 52. [2018-11-23 11:10:15,246 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:15,246 INFO L82 GeneralOperation]: Start isEquivalent. First operand 64 states. Second operand 52 states. [2018-11-23 11:10:15,246 INFO L74 IsIncluded]: Start isIncluded. First operand 64 states. Second operand 52 states. [2018-11-23 11:10:15,246 INFO L87 Difference]: Start difference. First operand 64 states. Second operand 52 states. [2018-11-23 11:10:15,249 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:15,250 INFO L93 Difference]: Finished difference Result 64 states and 86 transitions. [2018-11-23 11:10:15,250 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 86 transitions. [2018-11-23 11:10:15,250 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:15,250 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:15,250 INFO L74 IsIncluded]: Start isIncluded. First operand 52 states. Second operand 64 states. [2018-11-23 11:10:15,251 INFO L87 Difference]: Start difference. First operand 52 states. Second operand 64 states. [2018-11-23 11:10:15,253 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:15,254 INFO L93 Difference]: Finished difference Result 64 states and 86 transitions. [2018-11-23 11:10:15,254 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 86 transitions. [2018-11-23 11:10:15,254 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:15,254 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:15,255 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:15,255 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:15,255 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 52 states. [2018-11-23 11:10:15,257 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 52 states to 52 states and 73 transitions. [2018-11-23 11:10:15,257 INFO L78 Accepts]: Start accepts. Automaton has 52 states and 73 transitions. Word has length 30 [2018-11-23 11:10:15,257 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:15,258 INFO L480 AbstractCegarLoop]: Abstraction has 52 states and 73 transitions. [2018-11-23 11:10:15,258 INFO L481 AbstractCegarLoop]: Interpolant automaton has 6 states. [2018-11-23 11:10:15,258 INFO L276 IsEmpty]: Start isEmpty. Operand 52 states and 73 transitions. [2018-11-23 11:10:15,258 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2018-11-23 11:10:15,259 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:15,259 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:15,259 INFO L423 AbstractCegarLoop]: === Iteration 6 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:15,259 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:15,260 INFO L82 PathProgramCache]: Analyzing trace with hash 1417006922, now seen corresponding path program 1 times [2018-11-23 11:10:15,260 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:15,260 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:15,283 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:15,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:15,399 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:15,401 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:15,447 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:10:15,449 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,471 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,491 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:10:15,513 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:15,513 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_21|]. (and (= main_~a~0.offset (_ bv0 32)) (= |#valid| (store |v_#valid_21| main_~a~0.base (_ bv1 1)))) [2018-11-23 11:10:15,513 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:10:15,702 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:15,703 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:15,704 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:10:15,706 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,791 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:10:15,796 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:15,797 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,801 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,816 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,817 INFO L202 ElimStorePlain]: Needed 4 recursive calls to eliminate 2 variables, input treesize:33, output treesize:21 [2018-11-23 11:10:15,825 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:15,826 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_39|, |v_#valid_22|]. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 1) (select |v_#valid_22| main_~t~0.base)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv0 1) (bvadd (select |v_#valid_22| main_~a~0.base) (_ bv1 1))) (= (store |v_#memory_int_39| main_~p~0.base (store (select |v_#memory_int_39| main_~p~0.base) main_~p~0.offset (_ bv2 32))) |#memory_int|)) [2018-11-23 11:10:15,826 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset))) [2018-11-23 11:10:15,911 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 22 [2018-11-23 11:10:15,918 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:15,921 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 14 [2018-11-23 11:10:15,927 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,936 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,946 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:15,946 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:34, output treesize:15 [2018-11-23 11:10:16,062 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 20 [2018-11-23 11:10:16,068 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:16,071 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:16,153 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:16,166 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:16,167 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:26, output treesize:22 [2018-11-23 11:10:16,178 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:16,178 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_41|, v_main_~p~0.base_21, v_main_~p~0.offset_21]. (and (= main_~p~0.offset (_ bv0 32)) (= (select (select |v_#memory_int_41| main_~p~0.base) (_ bv0 32)) (_ bv2 32)) (= (store |v_#memory_int_41| v_main_~p~0.base_21 (store (select |v_#memory_int_41| v_main_~p~0.base_21) v_main_~p~0.offset_21 (_ bv3 32))) |#memory_int|) (not (= v_main_~p~0.base_21 main_~p~0.base))) [2018-11-23 11:10:16,178 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_21, v_main_~p~0.offset_21]. (and (= main_~p~0.offset (_ bv0 32)) (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_21) v_main_~p~0.offset_21)) (= (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv2 32)) (not (= v_main_~p~0.base_21 main_~p~0.base))) [2018-11-23 11:10:16,337 INFO L256 TraceCheckUtils]: 0: Hoare triple {1853#true} call ULTIMATE.init(); {1853#true} is VALID [2018-11-23 11:10:16,338 INFO L273 TraceCheckUtils]: 1: Hoare triple {1853#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1853#true} is VALID [2018-11-23 11:10:16,338 INFO L273 TraceCheckUtils]: 2: Hoare triple {1853#true} assume true; {1853#true} is VALID [2018-11-23 11:10:16,339 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1853#true} {1853#true} #200#return; {1853#true} is VALID [2018-11-23 11:10:16,339 INFO L256 TraceCheckUtils]: 4: Hoare triple {1853#true} call #t~ret39 := main(); {1853#true} is VALID [2018-11-23 11:10:16,339 INFO L273 TraceCheckUtils]: 5: Hoare triple {1853#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {1853#true} is VALID [2018-11-23 11:10:16,340 INFO L273 TraceCheckUtils]: 6: Hoare triple {1853#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {1853#true} is VALID [2018-11-23 11:10:16,340 INFO L273 TraceCheckUtils]: 7: Hoare triple {1853#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {1853#true} is VALID [2018-11-23 11:10:16,340 INFO L273 TraceCheckUtils]: 8: Hoare triple {1853#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1853#true} is VALID [2018-11-23 11:10:16,340 INFO L273 TraceCheckUtils]: 9: Hoare triple {1853#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {1853#true} is VALID [2018-11-23 11:10:16,340 INFO L273 TraceCheckUtils]: 10: Hoare triple {1853#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {1853#true} is VALID [2018-11-23 11:10:16,341 INFO L273 TraceCheckUtils]: 11: Hoare triple {1853#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {1853#true} is VALID [2018-11-23 11:10:16,341 INFO L273 TraceCheckUtils]: 12: Hoare triple {1853#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {1853#true} is VALID [2018-11-23 11:10:16,341 INFO L273 TraceCheckUtils]: 13: Hoare triple {1853#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1853#true} is VALID [2018-11-23 11:10:16,341 INFO L273 TraceCheckUtils]: 14: Hoare triple {1853#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {1853#true} is VALID [2018-11-23 11:10:16,346 INFO L273 TraceCheckUtils]: 15: Hoare triple {1853#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {1903#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:16,347 INFO L273 TraceCheckUtils]: 16: Hoare triple {1903#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {1903#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:16,348 INFO L273 TraceCheckUtils]: 17: Hoare triple {1903#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1910#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:16,348 INFO L273 TraceCheckUtils]: 18: Hoare triple {1910#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {1910#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:16,350 INFO L273 TraceCheckUtils]: 19: Hoare triple {1910#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0bv32 != #t~nondet31);havoc #t~nondet31;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc32.base, #t~malloc32.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc32.base, #t~malloc32.offset; {1917#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:16,351 INFO L273 TraceCheckUtils]: 20: Hoare triple {1917#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {1917#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:16,353 INFO L273 TraceCheckUtils]: 21: Hoare triple {1917#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem33.base, #t~mem33.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem33.base, #t~mem33.offset;havoc #t~mem33.base, #t~mem33.offset; {1924#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:16,353 INFO L273 TraceCheckUtils]: 22: Hoare triple {1924#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {1924#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:16,356 INFO L273 TraceCheckUtils]: 23: Hoare triple {1924#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1931#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.offset_21 (_ BitVec 32)) (v_main_~p~0.base_21 (_ BitVec 32))) (and (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_21) v_main_~p~0.offset_21)) (not (= v_main_~p~0.base_21 main_~p~0.base)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:16,357 INFO L273 TraceCheckUtils]: 24: Hoare triple {1931#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.offset_21 (_ BitVec 32)) (v_main_~p~0.base_21 (_ BitVec 32))) (and (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_21) v_main_~p~0.offset_21)) (not (= v_main_~p~0.base_21 main_~p~0.base)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1935#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.offset_21 (_ BitVec 32)) (v_main_~p~0.base_21 (_ BitVec 32))) (and (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_21) v_main_~p~0.offset_21)) (not (= v_main_~p~0.base_21 main_~p~0.base)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem34|))} is VALID [2018-11-23 11:10:16,358 INFO L273 TraceCheckUtils]: 25: Hoare triple {1935#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.offset_21 (_ BitVec 32)) (v_main_~p~0.base_21 (_ BitVec 32))) (and (= (_ bv3 32) (select (select |#memory_int| v_main_~p~0.base_21) v_main_~p~0.offset_21)) (not (= v_main_~p~0.base_21 main_~p~0.base)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967294 32)) (_ bv0 32)) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem34|))} assume !(2bv32 == #t~mem34);havoc #t~mem34; {1854#false} is VALID [2018-11-23 11:10:16,358 INFO L273 TraceCheckUtils]: 26: Hoare triple {1854#false} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1854#false} is VALID [2018-11-23 11:10:16,359 INFO L273 TraceCheckUtils]: 27: Hoare triple {1854#false} assume !(1bv32 == #t~mem36);havoc #t~mem36; {1854#false} is VALID [2018-11-23 11:10:16,359 INFO L273 TraceCheckUtils]: 28: Hoare triple {1854#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1854#false} is VALID [2018-11-23 11:10:16,359 INFO L273 TraceCheckUtils]: 29: Hoare triple {1854#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {1854#false} is VALID [2018-11-23 11:10:16,359 INFO L273 TraceCheckUtils]: 30: Hoare triple {1854#false} assume !false; {1854#false} is VALID [2018-11-23 11:10:16,362 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:16,362 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:10:16,607 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:16,619 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:16,627 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:16,635 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:16,657 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 1 dim-0 vars, and 2 xjuncts. [2018-11-23 11:10:16,658 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:38, output treesize:22 [2018-11-23 11:10:16,670 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:16,670 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_43|, v_subst_1]. (or (not (= (store |#memory_int| main_~p~0.base (let ((.cse0 (bvadd main_~p~0.offset (_ bv4 32)))) (store (select |#memory_int| main_~p~0.base) .cse0 (select (select |v_#memory_int_43| main_~p~0.base) .cse0)))) |v_#memory_int_43|)) (= (_ bv0 32) (bvadd (select (select (store |v_#memory_int_43| main_~t~0.base (store (select |v_#memory_int_43| main_~t~0.base) v_subst_1 (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)))) [2018-11-23 11:10:16,670 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_2]. (and (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset)) (not (= main_~t~0.base main_~a~0.base))) [2018-11-23 11:10:16,888 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 29 treesize of output 33 [2018-11-23 11:10:16,898 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 26 [2018-11-23 11:10:16,902 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:16,952 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:16,954 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 31 [2018-11-23 11:10:17,079 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 9 [2018-11-23 11:10:17,081 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:17,104 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:17,161 INFO L267 ElimStorePlain]: Start of recursive call 2: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:17,165 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 15 [2018-11-23 11:10:17,170 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 3 [2018-11-23 11:10:17,172 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:17,178 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:17,183 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 24 [2018-11-23 11:10:17,189 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 17 [2018-11-23 11:10:17,233 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 6 [2018-11-23 11:10:17,235 INFO L267 ElimStorePlain]: Start of recursive call 10: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:17,243 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 7 [2018-11-23 11:10:17,248 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:17,271 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:17,305 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:17,361 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 3 dim-0 vars, and 4 xjuncts. [2018-11-23 11:10:17,361 INFO L202 ElimStorePlain]: Needed 11 recursive calls to eliminate 3 variables, input treesize:34, output treesize:42 [2018-11-23 11:10:17,372 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:17,372 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_int|, v_DerPreprocessor_2, v_main_~t~0.base_10]. (and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= (select (select (store |#memory_int| main_~p~0.base (store (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv2 32)) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset) (_ bv2 32)) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))) [2018-11-23 11:10:17,372 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_main_~t~0.base_10, v_prenex_3, v_prenex_2]. (let ((.cse0 (= main_~a~0.offset main_~p~0.offset))) (and (or .cse0 (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10)))) (or (= (bvadd main_~p~0.offset (_ bv4 32)) main_~a~0.offset) .cse0 (not (= (_ bv0 1) (select |#valid| v_prenex_3)))) (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.base main_~a~0.base) (not (= (_ bv0 1) (select |#valid| v_prenex_2)))))) [2018-11-23 11:10:17,540 WARN L180 SmtUtils]: Spent 128.00 ms on a formula simplification. DAG size of input: 33 DAG size of output: 24 [2018-11-23 11:10:17,615 INFO L273 TraceCheckUtils]: 30: Hoare triple {1854#false} assume !false; {1854#false} is VALID [2018-11-23 11:10:17,615 INFO L273 TraceCheckUtils]: 29: Hoare triple {1854#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {1854#false} is VALID [2018-11-23 11:10:17,615 INFO L273 TraceCheckUtils]: 28: Hoare triple {1854#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1854#false} is VALID [2018-11-23 11:10:17,615 INFO L273 TraceCheckUtils]: 27: Hoare triple {1854#false} assume !(1bv32 == #t~mem36);havoc #t~mem36; {1854#false} is VALID [2018-11-23 11:10:17,616 INFO L273 TraceCheckUtils]: 26: Hoare triple {1854#false} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1854#false} is VALID [2018-11-23 11:10:17,616 INFO L273 TraceCheckUtils]: 25: Hoare triple {1969#(= (bvadd |main_#t~mem34| (_ bv4294967294 32)) (_ bv0 32))} assume !(2bv32 == #t~mem34);havoc #t~mem34; {1854#false} is VALID [2018-11-23 11:10:17,617 INFO L273 TraceCheckUtils]: 24: Hoare triple {1973#(= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {1969#(= (bvadd |main_#t~mem34| (_ bv4294967294 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:17,619 INFO L273 TraceCheckUtils]: 23: Hoare triple {1977#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1973#(= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:17,620 INFO L273 TraceCheckUtils]: 22: Hoare triple {1977#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32)))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {1977#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:17,624 INFO L273 TraceCheckUtils]: 21: Hoare triple {1984#(and (forall ((v_DerPreprocessor_2 (_ BitVec 32))) (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset))) (not (= main_~t~0.base main_~a~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem33.base, #t~mem33.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem33.base, #t~mem33.offset;havoc #t~mem33.base, #t~mem33.offset; {1977#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:17,625 INFO L273 TraceCheckUtils]: 20: Hoare triple {1984#(and (forall ((v_DerPreprocessor_2 (_ BitVec 32))) (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset))) (not (= main_~t~0.base main_~a~0.base)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {1984#(and (forall ((v_DerPreprocessor_2 (_ BitVec 32))) (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset))) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:17,627 INFO L273 TraceCheckUtils]: 19: Hoare triple {1991#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_prenex_2 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_2)))) (= main_~p~0.base main_~a~0.base)) (or (= main_~a~0.offset main_~p~0.offset) (forall ((v_main_~t~0.base_10 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))))} assume !!(0bv32 != #t~nondet31);havoc #t~nondet31;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc32.base, #t~malloc32.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc32.base, #t~malloc32.offset; {1984#(and (forall ((v_DerPreprocessor_2 (_ BitVec 32))) (= (_ bv2 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_2)) main_~a~0.base) main_~a~0.offset))) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:17,628 INFO L273 TraceCheckUtils]: 18: Hoare triple {1991#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_prenex_2 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_2)))) (= main_~p~0.base main_~a~0.base)) (or (= main_~a~0.offset main_~p~0.offset) (forall ((v_main_~t~0.base_10 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {1991#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_prenex_2 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_2)))) (= main_~p~0.base main_~a~0.base)) (or (= main_~a~0.offset main_~p~0.offset) (forall ((v_main_~t~0.base_10 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))))} is VALID [2018-11-23 11:10:17,629 INFO L273 TraceCheckUtils]: 17: Hoare triple {1998#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1991#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_prenex_2 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_prenex_2)))) (= main_~p~0.base main_~a~0.base)) (or (= main_~a~0.offset main_~p~0.offset) (forall ((v_main_~t~0.base_10 (_ BitVec 32))) (not (= (_ bv0 1) (select |#valid| v_main_~t~0.base_10))))))} is VALID [2018-11-23 11:10:17,629 INFO L273 TraceCheckUtils]: 16: Hoare triple {1998#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {1998#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:17,630 INFO L273 TraceCheckUtils]: 15: Hoare triple {1853#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {1998#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:17,630 INFO L273 TraceCheckUtils]: 14: Hoare triple {1853#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {1853#true} is VALID [2018-11-23 11:10:17,630 INFO L273 TraceCheckUtils]: 13: Hoare triple {1853#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1853#true} is VALID [2018-11-23 11:10:17,630 INFO L273 TraceCheckUtils]: 12: Hoare triple {1853#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {1853#true} is VALID [2018-11-23 11:10:17,631 INFO L273 TraceCheckUtils]: 11: Hoare triple {1853#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {1853#true} is VALID [2018-11-23 11:10:17,631 INFO L273 TraceCheckUtils]: 10: Hoare triple {1853#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {1853#true} is VALID [2018-11-23 11:10:17,631 INFO L273 TraceCheckUtils]: 9: Hoare triple {1853#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {1853#true} is VALID [2018-11-23 11:10:17,631 INFO L273 TraceCheckUtils]: 8: Hoare triple {1853#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1853#true} is VALID [2018-11-23 11:10:17,631 INFO L273 TraceCheckUtils]: 7: Hoare triple {1853#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {1853#true} is VALID [2018-11-23 11:10:17,632 INFO L273 TraceCheckUtils]: 6: Hoare triple {1853#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {1853#true} is VALID [2018-11-23 11:10:17,632 INFO L273 TraceCheckUtils]: 5: Hoare triple {1853#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {1853#true} is VALID [2018-11-23 11:10:17,632 INFO L256 TraceCheckUtils]: 4: Hoare triple {1853#true} call #t~ret39 := main(); {1853#true} is VALID [2018-11-23 11:10:17,632 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {1853#true} {1853#true} #200#return; {1853#true} is VALID [2018-11-23 11:10:17,633 INFO L273 TraceCheckUtils]: 2: Hoare triple {1853#true} assume true; {1853#true} is VALID [2018-11-23 11:10:17,633 INFO L273 TraceCheckUtils]: 1: Hoare triple {1853#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {1853#true} is VALID [2018-11-23 11:10:17,633 INFO L256 TraceCheckUtils]: 0: Hoare triple {1853#true} call ULTIMATE.init(); {1853#true} is VALID [2018-11-23 11:10:17,636 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:17,641 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:10:17,641 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 8] total 14 [2018-11-23 11:10:17,642 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 31 [2018-11-23 11:10:17,642 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:17,642 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states. [2018-11-23 11:10:17,717 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:17,717 INFO L459 AbstractCegarLoop]: Interpolant automaton has 14 states [2018-11-23 11:10:17,718 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2018-11-23 11:10:17,718 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=37, Invalid=145, Unknown=0, NotChecked=0, Total=182 [2018-11-23 11:10:17,718 INFO L87 Difference]: Start difference. First operand 52 states and 73 transitions. Second operand 14 states. [2018-11-23 11:10:23,183 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:23,183 INFO L93 Difference]: Finished difference Result 76 states and 100 transitions. [2018-11-23 11:10:23,183 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2018-11-23 11:10:23,184 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 31 [2018-11-23 11:10:23,184 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:23,184 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 14 states. [2018-11-23 11:10:23,186 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 87 transitions. [2018-11-23 11:10:23,186 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 14 states. [2018-11-23 11:10:23,188 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 87 transitions. [2018-11-23 11:10:23,188 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 87 transitions. [2018-11-23 11:10:23,361 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 87 edges. 87 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:23,363 INFO L225 Difference]: With dead ends: 76 [2018-11-23 11:10:23,363 INFO L226 Difference]: Without dead ends: 70 [2018-11-23 11:10:23,365 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 67 GetRequests, 48 SyntacticMatches, 1 SemanticMatches, 18 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 1.0s TimeCoverageRelationStatistics Valid=96, Invalid=284, Unknown=0, NotChecked=0, Total=380 [2018-11-23 11:10:23,366 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 70 states. [2018-11-23 11:10:23,392 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 70 to 58. [2018-11-23 11:10:23,392 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:23,392 INFO L82 GeneralOperation]: Start isEquivalent. First operand 70 states. Second operand 58 states. [2018-11-23 11:10:23,392 INFO L74 IsIncluded]: Start isIncluded. First operand 70 states. Second operand 58 states. [2018-11-23 11:10:23,392 INFO L87 Difference]: Start difference. First operand 70 states. Second operand 58 states. [2018-11-23 11:10:23,395 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:23,395 INFO L93 Difference]: Finished difference Result 70 states and 93 transitions. [2018-11-23 11:10:23,395 INFO L276 IsEmpty]: Start isEmpty. Operand 70 states and 93 transitions. [2018-11-23 11:10:23,396 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:23,396 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:23,396 INFO L74 IsIncluded]: Start isIncluded. First operand 58 states. Second operand 70 states. [2018-11-23 11:10:23,396 INFO L87 Difference]: Start difference. First operand 58 states. Second operand 70 states. [2018-11-23 11:10:23,398 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:23,398 INFO L93 Difference]: Finished difference Result 70 states and 93 transitions. [2018-11-23 11:10:23,399 INFO L276 IsEmpty]: Start isEmpty. Operand 70 states and 93 transitions. [2018-11-23 11:10:23,399 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:23,399 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:23,399 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:23,399 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:23,400 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 58 states. [2018-11-23 11:10:23,401 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 58 states to 58 states and 80 transitions. [2018-11-23 11:10:23,402 INFO L78 Accepts]: Start accepts. Automaton has 58 states and 80 transitions. Word has length 31 [2018-11-23 11:10:23,402 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:23,402 INFO L480 AbstractCegarLoop]: Abstraction has 58 states and 80 transitions. [2018-11-23 11:10:23,402 INFO L481 AbstractCegarLoop]: Interpolant automaton has 14 states. [2018-11-23 11:10:23,402 INFO L276 IsEmpty]: Start isEmpty. Operand 58 states and 80 transitions. [2018-11-23 11:10:23,403 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2018-11-23 11:10:23,403 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:23,403 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:23,403 INFO L423 AbstractCegarLoop]: === Iteration 7 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:23,403 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:23,404 INFO L82 PathProgramCache]: Analyzing trace with hash 1039451941, now seen corresponding path program 1 times [2018-11-23 11:10:23,404 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:23,404 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 8 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:23,434 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:23,519 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:23,543 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:23,544 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:23,576 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:10:23,581 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:23,589 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:23,589 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:10:23,592 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:23,592 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_28|]. (and (= main_~a~0.offset (_ bv0 32)) (= |#valid| (store |v_#valid_28| main_~a~0.base (_ bv1 1)))) [2018-11-23 11:10:23,592 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:10:23,649 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:23,650 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:23,651 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:10:23,654 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:23,705 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:10:23,710 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:23,711 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:23,715 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:23,732 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:23,732 INFO L202 ElimStorePlain]: Needed 4 recursive calls to eliminate 2 variables, input treesize:33, output treesize:21 [2018-11-23 11:10:23,741 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:23,741 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_45|, |v_#valid_29|]. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 1) (bvadd (select |v_#valid_29| main_~a~0.base) (_ bv1 1))) (= main_~a~0.offset main_~p~0.offset) (= (_ bv0 1) (select |v_#valid_29| main_~t~0.base)) (= (store |v_#memory_int_45| main_~p~0.base (store (select |v_#memory_int_45| main_~p~0.base) main_~p~0.offset (_ bv1 32))) |#memory_int|)) [2018-11-23 11:10:23,742 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset))) [2018-11-23 11:10:23,805 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 22 [2018-11-23 11:10:23,813 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:23,815 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 14 [2018-11-23 11:10:23,825 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:23,832 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:23,841 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:23,841 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 1 variables, input treesize:34, output treesize:15 [2018-11-23 11:10:23,998 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 20 [2018-11-23 11:10:24,037 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:10:24,054 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:24,063 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:24,077 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:24,079 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:26, output treesize:22 [2018-11-23 11:10:24,091 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:24,091 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_47|, v_main_~p~0.base_26, v_main_~p~0.offset_26]. (and (= main_~p~0.offset (_ bv0 32)) (= (_ bv1 32) (select (select |v_#memory_int_47| main_~p~0.base) (_ bv0 32))) (= (store |v_#memory_int_47| v_main_~p~0.base_26 (store (select |v_#memory_int_47| v_main_~p~0.base_26) v_main_~p~0.offset_26 (_ bv3 32))) |#memory_int|) (not (= v_main_~p~0.base_26 main_~p~0.base))) [2018-11-23 11:10:24,091 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_26, v_main_~p~0.offset_26]. (and (= main_~p~0.offset (_ bv0 32)) (= (select (select |#memory_int| v_main_~p~0.base_26) v_main_~p~0.offset_26) (_ bv3 32)) (not (= v_main_~p~0.base_26 main_~p~0.base)) (= (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv1 32))) [2018-11-23 11:10:24,254 INFO L256 TraceCheckUtils]: 0: Hoare triple {2367#true} call ULTIMATE.init(); {2367#true} is VALID [2018-11-23 11:10:24,254 INFO L273 TraceCheckUtils]: 1: Hoare triple {2367#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2367#true} is VALID [2018-11-23 11:10:24,254 INFO L273 TraceCheckUtils]: 2: Hoare triple {2367#true} assume true; {2367#true} is VALID [2018-11-23 11:10:24,255 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2367#true} {2367#true} #200#return; {2367#true} is VALID [2018-11-23 11:10:24,255 INFO L256 TraceCheckUtils]: 4: Hoare triple {2367#true} call #t~ret39 := main(); {2367#true} is VALID [2018-11-23 11:10:24,255 INFO L273 TraceCheckUtils]: 5: Hoare triple {2367#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {2367#true} is VALID [2018-11-23 11:10:24,255 INFO L273 TraceCheckUtils]: 6: Hoare triple {2367#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {2367#true} is VALID [2018-11-23 11:10:24,256 INFO L273 TraceCheckUtils]: 7: Hoare triple {2367#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {2367#true} is VALID [2018-11-23 11:10:24,256 INFO L273 TraceCheckUtils]: 8: Hoare triple {2367#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2367#true} is VALID [2018-11-23 11:10:24,256 INFO L273 TraceCheckUtils]: 9: Hoare triple {2367#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {2367#true} is VALID [2018-11-23 11:10:24,256 INFO L273 TraceCheckUtils]: 10: Hoare triple {2367#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {2367#true} is VALID [2018-11-23 11:10:24,257 INFO L273 TraceCheckUtils]: 11: Hoare triple {2367#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {2367#true} is VALID [2018-11-23 11:10:24,257 INFO L273 TraceCheckUtils]: 12: Hoare triple {2367#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {2367#true} is VALID [2018-11-23 11:10:24,257 INFO L273 TraceCheckUtils]: 13: Hoare triple {2367#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2367#true} is VALID [2018-11-23 11:10:24,257 INFO L273 TraceCheckUtils]: 14: Hoare triple {2367#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {2367#true} is VALID [2018-11-23 11:10:24,270 INFO L273 TraceCheckUtils]: 15: Hoare triple {2367#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {2417#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:24,271 INFO L273 TraceCheckUtils]: 16: Hoare triple {2417#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {2417#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:24,271 INFO L273 TraceCheckUtils]: 17: Hoare triple {2417#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2424#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:24,273 INFO L273 TraceCheckUtils]: 18: Hoare triple {2424#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0bv32 != #t~nondet28);havoc #t~nondet28;call write~intINTTYPE4(1bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc29.base, #t~malloc29.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc29.base, #t~malloc29.offset; {2428#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:24,274 INFO L273 TraceCheckUtils]: 19: Hoare triple {2428#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {2428#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:24,275 INFO L273 TraceCheckUtils]: 20: Hoare triple {2428#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem30.base, #t~mem30.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem30.base, #t~mem30.offset;havoc #t~mem30.base, #t~mem30.offset; {2435#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:24,276 INFO L273 TraceCheckUtils]: 21: Hoare triple {2435#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {2435#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:24,277 INFO L273 TraceCheckUtils]: 22: Hoare triple {2435#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {2435#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2018-11-23 11:10:24,279 INFO L273 TraceCheckUtils]: 23: Hoare triple {2435#(and (not (= main_~p~0.base main_~a~0.base)) (= main_~a~0.offset (_ bv0 32)) (= (_ bv1 32) (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2445#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.base_26 (_ BitVec 32)) (v_main_~p~0.offset_26 (_ BitVec 32))) (and (= (bvadd (select (select |#memory_int| v_main_~p~0.base_26) v_main_~p~0.offset_26) (_ bv4294967293 32)) (_ bv0 32)) (not (= v_main_~p~0.base_26 main_~p~0.base)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:24,280 INFO L273 TraceCheckUtils]: 24: Hoare triple {2445#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.base_26 (_ BitVec 32)) (v_main_~p~0.offset_26 (_ BitVec 32))) (and (= (bvadd (select (select |#memory_int| v_main_~p~0.base_26) v_main_~p~0.offset_26) (_ bv4294967293 32)) (_ bv0 32)) (not (= v_main_~p~0.base_26 main_~p~0.base)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2445#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.base_26 (_ BitVec 32)) (v_main_~p~0.offset_26 (_ BitVec 32))) (and (= (bvadd (select (select |#memory_int| v_main_~p~0.base_26) v_main_~p~0.offset_26) (_ bv4294967293 32)) (_ bv0 32)) (not (= v_main_~p~0.base_26 main_~p~0.base)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:24,281 INFO L273 TraceCheckUtils]: 25: Hoare triple {2445#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.base_26 (_ BitVec 32)) (v_main_~p~0.offset_26 (_ BitVec 32))) (and (= (bvadd (select (select |#memory_int| v_main_~p~0.base_26) v_main_~p~0.offset_26) (_ bv4294967293 32)) (_ bv0 32)) (not (= v_main_~p~0.base_26 main_~p~0.base)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} assume !(2bv32 == #t~mem34);havoc #t~mem34; {2445#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.base_26 (_ BitVec 32)) (v_main_~p~0.offset_26 (_ BitVec 32))) (and (= (bvadd (select (select |#memory_int| v_main_~p~0.base_26) v_main_~p~0.offset_26) (_ bv4294967293 32)) (_ bv0 32)) (not (= v_main_~p~0.base_26 main_~p~0.base)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:24,282 INFO L273 TraceCheckUtils]: 26: Hoare triple {2445#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.base_26 (_ BitVec 32)) (v_main_~p~0.offset_26 (_ BitVec 32))) (and (= (bvadd (select (select |#memory_int| v_main_~p~0.base_26) v_main_~p~0.offset_26) (_ bv4294967293 32)) (_ bv0 32)) (not (= v_main_~p~0.base_26 main_~p~0.base)))) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2455#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.base_26 (_ BitVec 32)) (v_main_~p~0.offset_26 (_ BitVec 32))) (and (= (bvadd (select (select |#memory_int| v_main_~p~0.base_26) v_main_~p~0.offset_26) (_ bv4294967293 32)) (_ bv0 32)) (not (= v_main_~p~0.base_26 main_~p~0.base)))) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem36|) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:24,282 INFO L273 TraceCheckUtils]: 27: Hoare triple {2455#(and (= main_~p~0.offset (_ bv0 32)) (exists ((v_main_~p~0.base_26 (_ BitVec 32)) (v_main_~p~0.offset_26 (_ BitVec 32))) (and (= (bvadd (select (select |#memory_int| v_main_~p~0.base_26) v_main_~p~0.offset_26) (_ bv4294967293 32)) (_ bv0 32)) (not (= v_main_~p~0.base_26 main_~p~0.base)))) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem36|) (= (bvadd (select (select |#memory_int| main_~p~0.base) (_ bv0 32)) (_ bv4294967295 32)) (_ bv0 32)))} assume !(1bv32 == #t~mem36);havoc #t~mem36; {2368#false} is VALID [2018-11-23 11:10:24,283 INFO L273 TraceCheckUtils]: 28: Hoare triple {2368#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2368#false} is VALID [2018-11-23 11:10:24,283 INFO L273 TraceCheckUtils]: 29: Hoare triple {2368#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {2368#false} is VALID [2018-11-23 11:10:24,283 INFO L273 TraceCheckUtils]: 30: Hoare triple {2368#false} assume !false; {2368#false} is VALID [2018-11-23 11:10:24,287 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:24,287 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:10:24,593 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:24,602 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:24,628 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:24,643 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:24,667 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 1 dim-0 vars, and 2 xjuncts. [2018-11-23 11:10:24,668 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:38, output treesize:22 [2018-11-23 11:10:24,680 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:24,680 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_int_49|, v_subst_2]. (or (= (bvadd (select (select (store |v_#memory_int_49| main_~t~0.base (store (select |v_#memory_int_49| main_~t~0.base) v_subst_2 (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32)) (not (= (store |#memory_int| main_~p~0.base (let ((.cse0 (bvadd main_~p~0.offset (_ bv4 32)))) (store (select |#memory_int| main_~p~0.base) .cse0 (select (select |v_#memory_int_49| main_~p~0.base) .cse0)))) |v_#memory_int_49|))) [2018-11-23 11:10:24,680 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_8]. (and (= (_ bv1 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_8)) main_~a~0.base) main_~a~0.offset)) (not (= main_~t~0.base main_~a~0.base))) [2018-11-23 11:10:24,952 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 29 treesize of output 33 [2018-11-23 11:10:24,961 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 26 [2018-11-23 11:10:24,965 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:25,000 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 26 [2018-11-23 11:10:25,057 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 6 [2018-11-23 11:10:25,058 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:25,070 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2018-11-23 11:10:25,078 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:25,110 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:25,164 INFO L683 Elim1Store]: detected equality via solver [2018-11-23 11:10:25,165 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 33 [2018-11-23 11:10:25,230 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 7 [2018-11-23 11:10:25,231 INFO L267 ElimStorePlain]: Start of recursive call 8: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:25,249 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:25,286 INFO L267 ElimStorePlain]: Start of recursive call 2: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:25,290 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 24 [2018-11-23 11:10:25,296 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 17 [2018-11-23 11:10:25,329 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 7 [2018-11-23 11:10:25,330 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:25,334 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 6 [2018-11-23 11:10:25,335 INFO L267 ElimStorePlain]: Start of recursive call 12: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:25,359 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:25,390 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:25,394 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 17 treesize of output 15 [2018-11-23 11:10:25,401 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 3 [2018-11-23 11:10:25,402 INFO L267 ElimStorePlain]: Start of recursive call 14: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:25,410 INFO L267 ElimStorePlain]: Start of recursive call 13: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:25,461 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 3 dim-0 vars, and 4 xjuncts. [2018-11-23 11:10:25,461 INFO L202 ElimStorePlain]: Needed 14 recursive calls to eliminate 3 variables, input treesize:34, output treesize:42 [2018-11-23 11:10:25,470 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:25,471 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_int|, v_DerPreprocessor_8, v_main_~t~0.base_12]. (and (or (not (= (select |#valid| v_main_~t~0.base_12) (_ bv0 1))) (= (_ bv1 32) (select (select (store |#memory_int| main_~p~0.base (store (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv1 32)) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_8)) main_~a~0.base) main_~a~0.offset))) (not (= (select |#valid| main_~a~0.base) (_ bv0 1)))) [2018-11-23 11:10:25,471 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_main_~t~0.base_12, v_prenex_5, v_prenex_6]. (let ((.cse0 (= main_~a~0.offset main_~p~0.offset))) (and (or (not (= (select |#valid| v_main_~t~0.base_12) (_ bv0 1))) .cse0) (or (not (= (select |#valid| v_prenex_5) (_ bv0 1))) (= main_~p~0.base main_~a~0.base)) (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (not (= (select |#valid| v_prenex_6) (_ bv0 1))) (= (bvadd main_~p~0.offset (_ bv4 32)) main_~a~0.offset) .cse0))) [2018-11-23 11:10:25,789 INFO L273 TraceCheckUtils]: 30: Hoare triple {2368#false} assume !false; {2368#false} is VALID [2018-11-23 11:10:25,790 INFO L273 TraceCheckUtils]: 29: Hoare triple {2368#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {2368#false} is VALID [2018-11-23 11:10:25,790 INFO L273 TraceCheckUtils]: 28: Hoare triple {2368#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2368#false} is VALID [2018-11-23 11:10:25,790 INFO L273 TraceCheckUtils]: 27: Hoare triple {2477#(= (bvadd |main_#t~mem36| (_ bv4294967295 32)) (_ bv0 32))} assume !(1bv32 == #t~mem36);havoc #t~mem36; {2368#false} is VALID [2018-11-23 11:10:25,791 INFO L273 TraceCheckUtils]: 26: Hoare triple {2481#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2477#(= (bvadd |main_#t~mem36| (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:25,791 INFO L273 TraceCheckUtils]: 25: Hoare triple {2481#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} assume !(2bv32 == #t~mem34);havoc #t~mem34; {2481#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:25,792 INFO L273 TraceCheckUtils]: 24: Hoare triple {2481#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2481#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:25,793 INFO L273 TraceCheckUtils]: 23: Hoare triple {2491#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2481#(= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:25,794 INFO L273 TraceCheckUtils]: 22: Hoare triple {2491#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {2491#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:25,794 INFO L273 TraceCheckUtils]: 21: Hoare triple {2491#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {2491#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:25,799 INFO L273 TraceCheckUtils]: 20: Hoare triple {2501#(and (not (= main_~t~0.base main_~a~0.base)) (forall ((v_DerPreprocessor_8 (_ BitVec 32))) (= (_ bv1 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_8)) main_~a~0.base) main_~a~0.offset))))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem30.base, #t~mem30.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem30.base, #t~mem30.offset;havoc #t~mem30.base, #t~mem30.offset; {2491#(forall ((main_~p~0.offset (_ BitVec 32))) (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) main_~a~0.base) main_~a~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:25,800 INFO L273 TraceCheckUtils]: 19: Hoare triple {2501#(and (not (= main_~t~0.base main_~a~0.base)) (forall ((v_DerPreprocessor_8 (_ BitVec 32))) (= (_ bv1 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_8)) main_~a~0.base) main_~a~0.offset))))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {2501#(and (not (= main_~t~0.base main_~a~0.base)) (forall ((v_DerPreprocessor_8 (_ BitVec 32))) (= (_ bv1 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_8)) main_~a~0.base) main_~a~0.offset))))} is VALID [2018-11-23 11:10:25,804 INFO L273 TraceCheckUtils]: 18: Hoare triple {2508#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_main_~t~0.base_12 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_12) (_ bv0 1)))) (= main_~a~0.offset main_~p~0.offset)) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_5 (_ BitVec 32))) (not (= (select |#valid| v_prenex_5) (_ bv0 1))))))} assume !!(0bv32 != #t~nondet28);havoc #t~nondet28;call write~intINTTYPE4(1bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc29.base, #t~malloc29.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc29.base, #t~malloc29.offset; {2501#(and (not (= main_~t~0.base main_~a~0.base)) (forall ((v_DerPreprocessor_8 (_ BitVec 32))) (= (_ bv1 32) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)) v_DerPreprocessor_8)) main_~a~0.base) main_~a~0.offset))))} is VALID [2018-11-23 11:10:25,804 INFO L273 TraceCheckUtils]: 17: Hoare triple {2512#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2508#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((v_main_~t~0.base_12 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_12) (_ bv0 1)))) (= main_~a~0.offset main_~p~0.offset)) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_5 (_ BitVec 32))) (not (= (select |#valid| v_prenex_5) (_ bv0 1))))))} is VALID [2018-11-23 11:10:25,805 INFO L273 TraceCheckUtils]: 16: Hoare triple {2512#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {2512#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:25,806 INFO L273 TraceCheckUtils]: 15: Hoare triple {2367#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {2512#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:25,806 INFO L273 TraceCheckUtils]: 14: Hoare triple {2367#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {2367#true} is VALID [2018-11-23 11:10:25,806 INFO L273 TraceCheckUtils]: 13: Hoare triple {2367#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2367#true} is VALID [2018-11-23 11:10:25,806 INFO L273 TraceCheckUtils]: 12: Hoare triple {2367#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {2367#true} is VALID [2018-11-23 11:10:25,806 INFO L273 TraceCheckUtils]: 11: Hoare triple {2367#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {2367#true} is VALID [2018-11-23 11:10:25,806 INFO L273 TraceCheckUtils]: 10: Hoare triple {2367#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {2367#true} is VALID [2018-11-23 11:10:25,807 INFO L273 TraceCheckUtils]: 9: Hoare triple {2367#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {2367#true} is VALID [2018-11-23 11:10:25,807 INFO L273 TraceCheckUtils]: 8: Hoare triple {2367#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2367#true} is VALID [2018-11-23 11:10:25,807 INFO L273 TraceCheckUtils]: 7: Hoare triple {2367#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {2367#true} is VALID [2018-11-23 11:10:25,807 INFO L273 TraceCheckUtils]: 6: Hoare triple {2367#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {2367#true} is VALID [2018-11-23 11:10:25,807 INFO L273 TraceCheckUtils]: 5: Hoare triple {2367#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {2367#true} is VALID [2018-11-23 11:10:25,807 INFO L256 TraceCheckUtils]: 4: Hoare triple {2367#true} call #t~ret39 := main(); {2367#true} is VALID [2018-11-23 11:10:25,807 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2367#true} {2367#true} #200#return; {2367#true} is VALID [2018-11-23 11:10:25,808 INFO L273 TraceCheckUtils]: 2: Hoare triple {2367#true} assume true; {2367#true} is VALID [2018-11-23 11:10:25,808 INFO L273 TraceCheckUtils]: 1: Hoare triple {2367#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2367#true} is VALID [2018-11-23 11:10:25,808 INFO L256 TraceCheckUtils]: 0: Hoare triple {2367#true} call ULTIMATE.init(); {2367#true} is VALID [2018-11-23 11:10:25,810 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:25,812 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:10:25,812 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 8] total 14 [2018-11-23 11:10:25,812 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 31 [2018-11-23 11:10:25,813 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:25,813 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states. [2018-11-23 11:10:25,875 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 44 edges. 44 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:25,875 INFO L459 AbstractCegarLoop]: Interpolant automaton has 14 states [2018-11-23 11:10:25,875 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2018-11-23 11:10:25,875 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=37, Invalid=145, Unknown=0, NotChecked=0, Total=182 [2018-11-23 11:10:25,876 INFO L87 Difference]: Start difference. First operand 58 states and 80 transitions. Second operand 14 states. [2018-11-23 11:10:30,215 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:30,216 INFO L93 Difference]: Finished difference Result 70 states and 93 transitions. [2018-11-23 11:10:30,216 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2018-11-23 11:10:30,216 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 31 [2018-11-23 11:10:30,216 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:30,217 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 14 states. [2018-11-23 11:10:30,218 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 80 transitions. [2018-11-23 11:10:30,220 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 14 states. [2018-11-23 11:10:30,222 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 80 transitions. [2018-11-23 11:10:30,222 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 80 transitions. [2018-11-23 11:10:30,441 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 80 edges. 80 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:30,443 INFO L225 Difference]: With dead ends: 70 [2018-11-23 11:10:30,443 INFO L226 Difference]: Without dead ends: 66 [2018-11-23 11:10:30,444 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 66 GetRequests, 48 SyntacticMatches, 1 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 40 ImplicationChecksByTransitivity, 0.9s TimeCoverageRelationStatistics Valid=87, Invalid=255, Unknown=0, NotChecked=0, Total=342 [2018-11-23 11:10:30,444 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 66 states. [2018-11-23 11:10:30,529 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 66 to 62. [2018-11-23 11:10:30,529 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:30,529 INFO L82 GeneralOperation]: Start isEquivalent. First operand 66 states. Second operand 62 states. [2018-11-23 11:10:30,530 INFO L74 IsIncluded]: Start isIncluded. First operand 66 states. Second operand 62 states. [2018-11-23 11:10:30,530 INFO L87 Difference]: Start difference. First operand 66 states. Second operand 62 states. [2018-11-23 11:10:30,532 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:30,532 INFO L93 Difference]: Finished difference Result 66 states and 89 transitions. [2018-11-23 11:10:30,533 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 89 transitions. [2018-11-23 11:10:30,533 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:30,533 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:30,533 INFO L74 IsIncluded]: Start isIncluded. First operand 62 states. Second operand 66 states. [2018-11-23 11:10:30,533 INFO L87 Difference]: Start difference. First operand 62 states. Second operand 66 states. [2018-11-23 11:10:30,535 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:30,536 INFO L93 Difference]: Finished difference Result 66 states and 89 transitions. [2018-11-23 11:10:30,536 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 89 transitions. [2018-11-23 11:10:30,536 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:30,536 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:30,536 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:30,537 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:30,537 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 62 states. [2018-11-23 11:10:30,538 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 62 states to 62 states and 85 transitions. [2018-11-23 11:10:30,538 INFO L78 Accepts]: Start accepts. Automaton has 62 states and 85 transitions. Word has length 31 [2018-11-23 11:10:30,539 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:30,539 INFO L480 AbstractCegarLoop]: Abstraction has 62 states and 85 transitions. [2018-11-23 11:10:30,539 INFO L481 AbstractCegarLoop]: Interpolant automaton has 14 states. [2018-11-23 11:10:30,539 INFO L276 IsEmpty]: Start isEmpty. Operand 62 states and 85 transitions. [2018-11-23 11:10:30,539 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2018-11-23 11:10:30,539 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:30,540 INFO L402 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:30,540 INFO L423 AbstractCegarLoop]: === Iteration 8 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:30,540 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:30,540 INFO L82 PathProgramCache]: Analyzing trace with hash 1312401957, now seen corresponding path program 1 times [2018-11-23 11:10:30,541 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:30,541 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 9 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 9 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:30,559 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:30,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:30,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:30,713 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:30,752 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:10:30,757 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:30,764 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:30,764 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:10:30,767 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:30,767 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_35|]. (and (= main_~a~0.offset (_ bv0 32)) (= (store |v_#valid_35| main_~a~0.base (_ bv1 1)) |#valid|)) [2018-11-23 11:10:30,768 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:10:30,827 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:30,828 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:30,829 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:10:30,830 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:30,900 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:30,900 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:22, output treesize:14 [2018-11-23 11:10:30,904 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:30,904 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_36|]. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (= (bvadd (select |v_#valid_36| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= (_ bv0 1) (select |v_#valid_36| main_~t~0.base))) [2018-11-23 11:10:30,904 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base))) [2018-11-23 11:10:30,961 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:10:30,967 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:10:30,968 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:30,974 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,016 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:10:31,021 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:10:31,022 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,034 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,110 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,110 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 4 variables, input treesize:52, output treesize:32 [2018-11-23 11:10:31,145 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:31,146 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_50|, main_~t~0.base, |v_#memory_$Pointer$.offset_48|, main_~t~0.offset]. (let ((.cse0 (bvadd main_~a~0.offset (_ bv4 32)))) (and (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse0) main_~p~0.base) (= (store |v_#memory_$Pointer$.base_50| main_~a~0.base (store (select |v_#memory_$Pointer$.base_50| main_~a~0.base) .cse0 main_~t~0.base)) |#memory_$Pointer$.base|) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse0)) (not (= main_~t~0.base main_~a~0.base)) (= (store |v_#memory_$Pointer$.offset_48| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_48| main_~a~0.base) .cse0 main_~t~0.offset)) |#memory_$Pointer$.offset|))) [2018-11-23 11:10:31,146 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (bvadd main_~a~0.offset (_ bv4 32)))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse1))) (and (= main_~a~0.offset (_ bv0 32)) (not (= .cse0 main_~a~0.base)) (= .cse0 main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse1))))) [2018-11-23 11:10:31,348 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 102 treesize of output 98 [2018-11-23 11:10:31,356 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 1 [2018-11-23 11:10:31,356 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,381 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,419 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 16 [2018-11-23 11:10:31,424 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 15 [2018-11-23 11:10:31,425 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,436 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,473 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 51 treesize of output 52 [2018-11-23 11:10:31,480 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 1 [2018-11-23 11:10:31,480 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,486 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,496 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,497 INFO L202 ElimStorePlain]: Needed 7 recursive calls to eliminate 3 variables, input treesize:105, output treesize:27 [2018-11-23 11:10:31,547 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:31,547 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_51|, |v_#memory_int_51|, |v_#memory_$Pointer$.offset_49|]. (let ((.cse0 (select (select |v_#memory_$Pointer$.base_51| main_~p~0.base) (_ bv4 32))) (.cse1 (select (select |v_#memory_$Pointer$.offset_49| main_~p~0.base) (_ bv4 32)))) (and (= (store |v_#memory_int_51| .cse0 (store (select |v_#memory_int_51| .cse0) .cse1 (_ bv3 32))) |#memory_int|) (= main_~p~0.offset (_ bv0 32)) (= (store |v_#memory_$Pointer$.offset_49| .cse0 (store (select |v_#memory_$Pointer$.offset_49| .cse0) .cse1 (select (select |#memory_$Pointer$.offset| .cse0) .cse1))) |#memory_$Pointer$.offset|) (not (= .cse0 main_~p~0.base)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_51| .cse0 (store (select |v_#memory_$Pointer$.base_51| .cse0) .cse1 (select (select |#memory_$Pointer$.base| .cse0) .cse1)))))) [2018-11-23 11:10:31,547 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)))) (and (= main_~p~0.offset (_ bv0 32)) (= (select (select |#memory_int| .cse0) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv3 32)) (not (= .cse0 main_~p~0.base)))) [2018-11-23 11:10:31,590 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 21 [2018-11-23 11:10:31,601 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 13 [2018-11-23 11:10:31,603 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,606 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,618 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 23 [2018-11-23 11:10:31,623 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 14 [2018-11-23 11:10:31,625 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,631 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,640 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,640 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 3 variables, input treesize:40, output treesize:9 [2018-11-23 11:10:31,645 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:31,645 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_32, |#memory_$Pointer$.offset|]. (let ((.cse0 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_32) (_ bv4 32))) (.cse1 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_32) (_ bv4 32)))) (and (= main_~p~0.offset .cse0) (= .cse1 main_~p~0.base) (= (bvadd (select (select |#memory_int| .cse1) .cse0) (_ bv4294967293 32)) (_ bv0 32)) (not (= v_main_~p~0.base_32 .cse1)))) [2018-11-23 11:10:31,645 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967293 32))) [2018-11-23 11:10:31,676 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2018-11-23 11:10:31,680 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 3 [2018-11-23 11:10:31,682 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,684 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,685 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,685 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:15, output treesize:3 [2018-11-23 11:10:31,688 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:31,689 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (= (_ bv3 32) .cse0) (= .cse0 |main_#t~mem38|))) [2018-11-23 11:10:31,689 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem38| (_ bv3 32)) [2018-11-23 11:10:31,704 INFO L256 TraceCheckUtils]: 0: Hoare triple {2870#true} call ULTIMATE.init(); {2870#true} is VALID [2018-11-23 11:10:31,704 INFO L273 TraceCheckUtils]: 1: Hoare triple {2870#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2870#true} is VALID [2018-11-23 11:10:31,705 INFO L273 TraceCheckUtils]: 2: Hoare triple {2870#true} assume true; {2870#true} is VALID [2018-11-23 11:10:31,705 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2870#true} {2870#true} #200#return; {2870#true} is VALID [2018-11-23 11:10:31,705 INFO L256 TraceCheckUtils]: 4: Hoare triple {2870#true} call #t~ret39 := main(); {2870#true} is VALID [2018-11-23 11:10:31,706 INFO L273 TraceCheckUtils]: 5: Hoare triple {2870#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {2870#true} is VALID [2018-11-23 11:10:31,706 INFO L273 TraceCheckUtils]: 6: Hoare triple {2870#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {2870#true} is VALID [2018-11-23 11:10:31,706 INFO L273 TraceCheckUtils]: 7: Hoare triple {2870#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {2870#true} is VALID [2018-11-23 11:10:31,707 INFO L273 TraceCheckUtils]: 8: Hoare triple {2870#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2870#true} is VALID [2018-11-23 11:10:31,707 INFO L273 TraceCheckUtils]: 9: Hoare triple {2870#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {2870#true} is VALID [2018-11-23 11:10:31,707 INFO L273 TraceCheckUtils]: 10: Hoare triple {2870#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {2870#true} is VALID [2018-11-23 11:10:31,708 INFO L273 TraceCheckUtils]: 11: Hoare triple {2870#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {2870#true} is VALID [2018-11-23 11:10:31,708 INFO L273 TraceCheckUtils]: 12: Hoare triple {2870#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {2870#true} is VALID [2018-11-23 11:10:31,708 INFO L273 TraceCheckUtils]: 13: Hoare triple {2870#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2870#true} is VALID [2018-11-23 11:10:31,708 INFO L273 TraceCheckUtils]: 14: Hoare triple {2870#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {2870#true} is VALID [2018-11-23 11:10:31,710 INFO L273 TraceCheckUtils]: 15: Hoare triple {2870#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {2920#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:31,711 INFO L273 TraceCheckUtils]: 16: Hoare triple {2920#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {2920#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:31,711 INFO L273 TraceCheckUtils]: 17: Hoare triple {2920#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2927#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:31,712 INFO L273 TraceCheckUtils]: 18: Hoare triple {2927#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {2927#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:31,713 INFO L273 TraceCheckUtils]: 19: Hoare triple {2927#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0bv32 != #t~nondet31);havoc #t~nondet31;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc32.base, #t~malloc32.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc32.base, #t~malloc32.offset; {2934#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:31,714 INFO L273 TraceCheckUtils]: 20: Hoare triple {2934#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {2934#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:31,716 INFO L273 TraceCheckUtils]: 21: Hoare triple {2934#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem33.base, #t~mem33.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem33.base, #t~mem33.offset;havoc #t~mem33.base, #t~mem33.offset; {2941#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} is VALID [2018-11-23 11:10:31,717 INFO L273 TraceCheckUtils]: 22: Hoare triple {2941#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {2941#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} is VALID [2018-11-23 11:10:31,718 INFO L273 TraceCheckUtils]: 23: Hoare triple {2941#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2948#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} is VALID [2018-11-23 11:10:31,719 INFO L273 TraceCheckUtils]: 24: Hoare triple {2948#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2948#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} is VALID [2018-11-23 11:10:31,721 INFO L273 TraceCheckUtils]: 25: Hoare triple {2948#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} assume !!(2bv32 == #t~mem34);havoc #t~mem34;call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:31,722 INFO L273 TraceCheckUtils]: 26: Hoare triple {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:31,722 INFO L273 TraceCheckUtils]: 27: Hoare triple {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2bv32 == #t~mem34);havoc #t~mem34; {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:31,723 INFO L273 TraceCheckUtils]: 28: Hoare triple {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:31,723 INFO L273 TraceCheckUtils]: 29: Hoare triple {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(1bv32 == #t~mem36);havoc #t~mem36; {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:31,723 INFO L273 TraceCheckUtils]: 30: Hoare triple {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2971#(= (bvadd |main_#t~mem38| (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:31,724 INFO L273 TraceCheckUtils]: 31: Hoare triple {2971#(= (bvadd |main_#t~mem38| (_ bv4294967293 32)) (_ bv0 32))} assume 3bv32 != #t~mem38;havoc #t~mem38; {2871#false} is VALID [2018-11-23 11:10:31,724 INFO L273 TraceCheckUtils]: 32: Hoare triple {2871#false} assume !false; {2871#false} is VALID [2018-11-23 11:10:31,727 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 0 proven. 3 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:31,727 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:10:31,941 WARN L180 SmtUtils]: Spent 115.00 ms on a formula simplification. DAG size of input: 39 DAG size of output: 37 [2018-11-23 11:10:31,950 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 11 [2018-11-23 11:10:31,959 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 3 [2018-11-23 11:10:31,960 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:31,966 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:32,020 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:32,026 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:32,036 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:32,046 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:32,092 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:32,097 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:32,156 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:32,162 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:32,181 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: 2 dim-0 vars, and 2 xjuncts. [2018-11-23 11:10:32,181 INFO L202 ElimStorePlain]: Needed 11 recursive calls to eliminate 3 variables, input treesize:60, output treesize:35 [2018-11-23 11:10:33,816 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:33,817 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_int|, |v_#memory_$Pointer$.base_52|, |v_#memory_$Pointer$.offset_50|]. (or (not (= |v_#memory_$Pointer$.base_52| (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.base_52| main_~p~0.base) main_~p~0.offset))))) (not (= |v_#memory_$Pointer$.offset_50| (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.offset_50| main_~p~0.base) main_~p~0.offset))))) (= (_ bv3 32) (let ((.cse0 (bvadd main_~a~0.offset (_ bv4 32)))) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) (select (select |v_#memory_$Pointer$.base_52| main_~a~0.base) .cse0)) (select (select |v_#memory_$Pointer$.offset_50| main_~a~0.base) .cse0))))) [2018-11-23 11:10:33,817 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_14, v_DerPreprocessor_12]. (let ((.cse0 (bvadd main_~a~0.offset (_ bv4 32)))) (and (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_14)) main_~a~0.base) .cse0)) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_12)) main_~a~0.base) .cse0) main_~p~0.base))) [2018-11-23 11:10:34,022 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 29 [2018-11-23 11:10:34,120 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 10 [2018-11-23 11:10:34,121 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,194 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 20 treesize of output 24 [2018-11-23 11:10:34,205 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 11 [2018-11-23 11:10:34,213 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,245 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2018-11-23 11:10:34,257 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,295 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 11 [2018-11-23 11:10:34,301 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,311 INFO L267 ElimStorePlain]: Start of recursive call 4: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:34,315 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 19 [2018-11-23 11:10:34,321 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:10:34,322 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,330 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,371 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 7 xjuncts. [2018-11-23 11:10:34,522 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 29 [2018-11-23 11:10:34,586 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 10 [2018-11-23 11:10:34,589 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,672 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 20 treesize of output 24 [2018-11-23 11:10:34,685 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 15 [2018-11-23 11:10:34,694 INFO L267 ElimStorePlain]: Start of recursive call 13: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,737 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 3 [2018-11-23 11:10:34,739 INFO L267 ElimStorePlain]: Start of recursive call 14: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,778 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 11 [2018-11-23 11:10:34,781 INFO L267 ElimStorePlain]: Start of recursive call 15: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,795 INFO L267 ElimStorePlain]: Start of recursive call 12: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:34,800 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 19 [2018-11-23 11:10:34,809 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:10:34,812 INFO L267 ElimStorePlain]: Start of recursive call 17: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,819 INFO L267 ElimStorePlain]: Start of recursive call 16: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:34,860 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 7 xjuncts. [2018-11-23 11:10:35,027 INFO L267 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 2 dim-2 vars, End of recursive call: and 5 xjuncts. [2018-11-23 11:10:35,028 INFO L202 ElimStorePlain]: Needed 17 recursive calls to eliminate 6 variables, input treesize:75, output treesize:33 [2018-11-23 11:10:35,052 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:35,052 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_$Pointer$.offset|, v_main_~p~0.offset_35, v_DerPreprocessor_14, |#memory_$Pointer$.base|, v_prenex_7, v_DerPreprocessor_12]. (let ((.cse1 (bvadd main_~p~0.offset (_ bv4 32))) (.cse2 (bvadd main_~a~0.offset (_ bv4 32)))) (and (= (select (select (let ((.cse0 (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) .cse1 v_main_~p~0.offset_35)))) (store .cse0 main_~t~0.base (store (select .cse0 main_~t~0.base) v_main_~p~0.offset_35 v_DerPreprocessor_14))) main_~a~0.base) .cse2) v_main_~p~0.offset_35) (= main_~t~0.base (select (select (let ((.cse3 (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) .cse1 main_~t~0.base)))) (store .cse3 main_~t~0.base (store (select .cse3 main_~t~0.base) v_prenex_7 v_DerPreprocessor_12))) main_~a~0.base) .cse2)))) [2018-11-23 11:10:35,053 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ []. (let ((.cse0 (= main_~p~0.base main_~a~0.base)) (.cse1 (= (bvadd main_~p~0.offset (_ bv4 32)) (bvadd main_~a~0.offset (_ bv4 32)))) (.cse2 (= main_~t~0.base main_~a~0.base))) (and .cse0 .cse1 (not .cse2) (or .cse0 .cse2) (or .cse1 .cse2))) [2018-11-23 11:10:35,254 INFO L273 TraceCheckUtils]: 32: Hoare triple {2871#false} assume !false; {2871#false} is VALID [2018-11-23 11:10:35,254 INFO L273 TraceCheckUtils]: 31: Hoare triple {2971#(= (bvadd |main_#t~mem38| (_ bv4294967293 32)) (_ bv0 32))} assume 3bv32 != #t~mem38;havoc #t~mem38; {2871#false} is VALID [2018-11-23 11:10:35,261 INFO L273 TraceCheckUtils]: 30: Hoare triple {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2971#(= (bvadd |main_#t~mem38| (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:35,261 INFO L273 TraceCheckUtils]: 29: Hoare triple {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(1bv32 == #t~mem36);havoc #t~mem36; {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:35,262 INFO L273 TraceCheckUtils]: 28: Hoare triple {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:35,262 INFO L273 TraceCheckUtils]: 27: Hoare triple {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2bv32 == #t~mem34);havoc #t~mem34; {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:35,262 INFO L273 TraceCheckUtils]: 26: Hoare triple {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:35,264 INFO L273 TraceCheckUtils]: 25: Hoare triple {2999#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967293 32)) (_ bv0 32))} assume !!(2bv32 == #t~mem34);havoc #t~mem34;call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {2955#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:35,264 INFO L273 TraceCheckUtils]: 24: Hoare triple {2999#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967293 32)) (_ bv0 32))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {2999#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:35,269 INFO L273 TraceCheckUtils]: 23: Hoare triple {3006#(and (forall ((v_DerPreprocessor_12 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_12)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_14 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_14)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2999#(= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:35,270 INFO L273 TraceCheckUtils]: 22: Hoare triple {3006#(and (forall ((v_DerPreprocessor_12 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_12)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_14 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_14)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {3006#(and (forall ((v_DerPreprocessor_12 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_12)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_14 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_14)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} is VALID [2018-11-23 11:10:35,273 INFO L273 TraceCheckUtils]: 21: Hoare triple {3013#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem33.base, #t~mem33.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem33.base, #t~mem33.offset;havoc #t~mem33.base, #t~mem33.offset; {3006#(and (forall ((v_DerPreprocessor_12 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_12)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_14 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_14)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} is VALID [2018-11-23 11:10:35,274 INFO L273 TraceCheckUtils]: 20: Hoare triple {3013#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {3013#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:35,277 INFO L273 TraceCheckUtils]: 19: Hoare triple {3020#(and (or (forall ((v_main_~t~0.base_14 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_14) (_ bv0 1)))) (= main_~p~0.offset main_~a~0.offset)) (or (forall ((v_prenex_10 (_ BitVec 32))) (not (= (select |#valid| v_prenex_10) (_ bv0 1)))) (= main_~p~0.base main_~a~0.base)) (not (= (select |#valid| main_~a~0.base) (_ bv0 1))))} assume !!(0bv32 != #t~nondet31);havoc #t~nondet31;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc32.base, #t~malloc32.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc32.base, #t~malloc32.offset; {3013#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:35,278 INFO L273 TraceCheckUtils]: 18: Hoare triple {3020#(and (or (forall ((v_main_~t~0.base_14 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_14) (_ bv0 1)))) (= main_~p~0.offset main_~a~0.offset)) (or (forall ((v_prenex_10 (_ BitVec 32))) (not (= (select |#valid| v_prenex_10) (_ bv0 1)))) (= main_~p~0.base main_~a~0.base)) (not (= (select |#valid| main_~a~0.base) (_ bv0 1))))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {3020#(and (or (forall ((v_main_~t~0.base_14 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_14) (_ bv0 1)))) (= main_~p~0.offset main_~a~0.offset)) (or (forall ((v_prenex_10 (_ BitVec 32))) (not (= (select |#valid| v_prenex_10) (_ bv0 1)))) (= main_~p~0.base main_~a~0.base)) (not (= (select |#valid| main_~a~0.base) (_ bv0 1))))} is VALID [2018-11-23 11:10:35,279 INFO L273 TraceCheckUtils]: 17: Hoare triple {3027#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3020#(and (or (forall ((v_main_~t~0.base_14 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_14) (_ bv0 1)))) (= main_~p~0.offset main_~a~0.offset)) (or (forall ((v_prenex_10 (_ BitVec 32))) (not (= (select |#valid| v_prenex_10) (_ bv0 1)))) (= main_~p~0.base main_~a~0.base)) (not (= (select |#valid| main_~a~0.base) (_ bv0 1))))} is VALID [2018-11-23 11:10:35,279 INFO L273 TraceCheckUtils]: 16: Hoare triple {3027#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {3027#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:35,280 INFO L273 TraceCheckUtils]: 15: Hoare triple {2870#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {3027#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:35,280 INFO L273 TraceCheckUtils]: 14: Hoare triple {2870#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {2870#true} is VALID [2018-11-23 11:10:35,281 INFO L273 TraceCheckUtils]: 13: Hoare triple {2870#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2870#true} is VALID [2018-11-23 11:10:35,281 INFO L273 TraceCheckUtils]: 12: Hoare triple {2870#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {2870#true} is VALID [2018-11-23 11:10:35,281 INFO L273 TraceCheckUtils]: 11: Hoare triple {2870#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {2870#true} is VALID [2018-11-23 11:10:35,281 INFO L273 TraceCheckUtils]: 10: Hoare triple {2870#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {2870#true} is VALID [2018-11-23 11:10:35,281 INFO L273 TraceCheckUtils]: 9: Hoare triple {2870#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {2870#true} is VALID [2018-11-23 11:10:35,282 INFO L273 TraceCheckUtils]: 8: Hoare triple {2870#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2870#true} is VALID [2018-11-23 11:10:35,282 INFO L273 TraceCheckUtils]: 7: Hoare triple {2870#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {2870#true} is VALID [2018-11-23 11:10:35,282 INFO L273 TraceCheckUtils]: 6: Hoare triple {2870#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {2870#true} is VALID [2018-11-23 11:10:35,283 INFO L273 TraceCheckUtils]: 5: Hoare triple {2870#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {2870#true} is VALID [2018-11-23 11:10:35,283 INFO L256 TraceCheckUtils]: 4: Hoare triple {2870#true} call #t~ret39 := main(); {2870#true} is VALID [2018-11-23 11:10:35,283 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {2870#true} {2870#true} #200#return; {2870#true} is VALID [2018-11-23 11:10:35,283 INFO L273 TraceCheckUtils]: 2: Hoare triple {2870#true} assume true; {2870#true} is VALID [2018-11-23 11:10:35,284 INFO L273 TraceCheckUtils]: 1: Hoare triple {2870#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {2870#true} is VALID [2018-11-23 11:10:35,284 INFO L256 TraceCheckUtils]: 0: Hoare triple {2870#true} call ULTIMATE.init(); {2870#true} is VALID [2018-11-23 11:10:35,286 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 0 proven. 3 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:35,288 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:10:35,288 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 14 [2018-11-23 11:10:35,289 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 33 [2018-11-23 11:10:35,289 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:35,289 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states. [2018-11-23 11:10:35,400 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 44 edges. 44 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:35,400 INFO L459 AbstractCegarLoop]: Interpolant automaton has 14 states [2018-11-23 11:10:35,400 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2018-11-23 11:10:35,400 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=149, Unknown=0, NotChecked=0, Total=182 [2018-11-23 11:10:35,400 INFO L87 Difference]: Start difference. First operand 62 states and 85 transitions. Second operand 14 states. [2018-11-23 11:10:42,386 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:42,386 INFO L93 Difference]: Finished difference Result 91 states and 119 transitions. [2018-11-23 11:10:42,386 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2018-11-23 11:10:42,386 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 33 [2018-11-23 11:10:42,386 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:42,386 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 14 states. [2018-11-23 11:10:42,389 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 92 transitions. [2018-11-23 11:10:42,389 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 14 states. [2018-11-23 11:10:42,391 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 92 transitions. [2018-11-23 11:10:42,391 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 92 transitions. [2018-11-23 11:10:42,597 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 92 edges. 92 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:42,600 INFO L225 Difference]: With dead ends: 91 [2018-11-23 11:10:42,600 INFO L226 Difference]: Without dead ends: 87 [2018-11-23 11:10:42,601 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 70 GetRequests, 53 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 27 ImplicationChecksByTransitivity, 0.6s TimeCoverageRelationStatistics Valid=73, Invalid=269, Unknown=0, NotChecked=0, Total=342 [2018-11-23 11:10:42,601 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 87 states. [2018-11-23 11:10:42,680 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 87 to 77. [2018-11-23 11:10:42,680 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:42,680 INFO L82 GeneralOperation]: Start isEquivalent. First operand 87 states. Second operand 77 states. [2018-11-23 11:10:42,680 INFO L74 IsIncluded]: Start isIncluded. First operand 87 states. Second operand 77 states. [2018-11-23 11:10:42,680 INFO L87 Difference]: Start difference. First operand 87 states. Second operand 77 states. [2018-11-23 11:10:42,684 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:42,684 INFO L93 Difference]: Finished difference Result 87 states and 115 transitions. [2018-11-23 11:10:42,684 INFO L276 IsEmpty]: Start isEmpty. Operand 87 states and 115 transitions. [2018-11-23 11:10:42,684 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:42,685 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:42,685 INFO L74 IsIncluded]: Start isIncluded. First operand 77 states. Second operand 87 states. [2018-11-23 11:10:42,685 INFO L87 Difference]: Start difference. First operand 77 states. Second operand 87 states. [2018-11-23 11:10:42,687 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:42,687 INFO L93 Difference]: Finished difference Result 87 states and 115 transitions. [2018-11-23 11:10:42,687 INFO L276 IsEmpty]: Start isEmpty. Operand 87 states and 115 transitions. [2018-11-23 11:10:42,688 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:42,688 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:42,688 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:42,688 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:42,688 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 77 states. [2018-11-23 11:10:42,690 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 77 states to 77 states and 104 transitions. [2018-11-23 11:10:42,691 INFO L78 Accepts]: Start accepts. Automaton has 77 states and 104 transitions. Word has length 33 [2018-11-23 11:10:42,691 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:42,691 INFO L480 AbstractCegarLoop]: Abstraction has 77 states and 104 transitions. [2018-11-23 11:10:42,691 INFO L481 AbstractCegarLoop]: Interpolant automaton has 14 states. [2018-11-23 11:10:42,691 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 104 transitions. [2018-11-23 11:10:42,692 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2018-11-23 11:10:42,692 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:42,692 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:42,692 INFO L423 AbstractCegarLoop]: === Iteration 9 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:42,692 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:42,692 INFO L82 PathProgramCache]: Analyzing trace with hash -1453424576, now seen corresponding path program 1 times [2018-11-23 11:10:42,693 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:42,693 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 10 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 10 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:42,719 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:10:42,810 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:42,836 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:42,838 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:42,870 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:10:42,872 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:42,879 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:42,879 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:10:42,884 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:42,884 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_42|]. (and (= main_~a~0.offset (_ bv0 32)) (= (store |v_#valid_42| main_~a~0.base (_ bv1 1)) |#valid|)) [2018-11-23 11:10:42,884 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:10:43,014 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:43,015 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:43,016 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:10:43,018 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,031 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,031 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:22, output treesize:14 [2018-11-23 11:10:43,035 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:43,035 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_43|]. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |v_#valid_43| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv0 1) (select |v_#valid_43| main_~t~0.base))) [2018-11-23 11:10:43,036 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base))) [2018-11-23 11:10:43,091 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:10:43,097 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:10:43,101 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,106 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,200 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:10:43,223 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:10:43,225 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,230 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,258 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,258 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 4 variables, input treesize:52, output treesize:32 [2018-11-23 11:10:43,282 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:43,282 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_55|, main_~t~0.base, |v_#memory_$Pointer$.offset_53|, main_~t~0.offset]. (let ((.cse0 (bvadd main_~a~0.offset (_ bv4 32)))) (and (= main_~a~0.offset (_ bv0 32)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_55| main_~a~0.base (store (select |v_#memory_$Pointer$.base_55| main_~a~0.base) .cse0 main_~t~0.base))) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse0) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse0)) (= (store |v_#memory_$Pointer$.offset_53| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_53| main_~a~0.base) .cse0 main_~t~0.offset)) |#memory_$Pointer$.offset|) (not (= main_~t~0.base main_~a~0.base)))) [2018-11-23 11:10:43,282 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (bvadd main_~a~0.offset (_ bv4 32)))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse1))) (and (= main_~a~0.offset (_ bv0 32)) (not (= .cse0 main_~a~0.base)) (= .cse0 main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse1))))) [2018-11-23 11:10:43,351 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 16 [2018-11-23 11:10:43,359 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 15 [2018-11-23 11:10:43,360 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,368 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,434 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 86 treesize of output 87 [2018-11-23 11:10:43,440 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 1 [2018-11-23 11:10:43,441 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,457 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,497 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 59 treesize of output 55 [2018-11-23 11:10:43,503 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 1 [2018-11-23 11:10:43,505 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,513 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,526 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,526 INFO L202 ElimStorePlain]: Needed 7 recursive calls to eliminate 3 variables, input treesize:105, output treesize:27 [2018-11-23 11:10:43,848 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:43,848 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_56|, |v_#memory_int_55|, |v_#memory_$Pointer$.offset_54|]. (let ((.cse1 (select (select |v_#memory_$Pointer$.offset_54| main_~p~0.base) (_ bv4 32))) (.cse0 (select (select |v_#memory_$Pointer$.base_56| main_~p~0.base) (_ bv4 32)))) (and (= main_~p~0.offset (_ bv0 32)) (= (store |v_#memory_$Pointer$.offset_54| .cse0 (store (select |v_#memory_$Pointer$.offset_54| .cse0) .cse1 (select (select |#memory_$Pointer$.offset| .cse0) .cse1))) |#memory_$Pointer$.offset|) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_56| .cse0 (store (select |v_#memory_$Pointer$.base_56| .cse0) .cse1 (select (select |#memory_$Pointer$.base| .cse0) .cse1)))) (= (store |v_#memory_int_55| .cse0 (store (select |v_#memory_int_55| .cse0) .cse1 (_ bv3 32))) |#memory_int|) (not (= main_~p~0.base .cse0)))) [2018-11-23 11:10:43,848 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)))) (and (= main_~p~0.offset (_ bv0 32)) (= (select (select |#memory_int| .cse0) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv3 32)) (not (= .cse0 main_~p~0.base)))) [2018-11-23 11:10:43,896 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 21 [2018-11-23 11:10:43,900 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 13 [2018-11-23 11:10:43,901 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,905 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,918 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 23 [2018-11-23 11:10:43,923 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 14 [2018-11-23 11:10:43,927 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,935 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,942 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,942 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 3 variables, input treesize:40, output treesize:9 [2018-11-23 11:10:43,945 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:43,945 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_39, |#memory_$Pointer$.offset|]. (let ((.cse0 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_39) (_ bv4 32))) (.cse1 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_39) (_ bv4 32)))) (and (not (= v_main_~p~0.base_39 .cse0)) (= main_~p~0.offset .cse1) (= .cse0 main_~p~0.base) (= (bvadd (select (select |#memory_int| .cse0) .cse1) (_ bv4294967293 32)) (_ bv0 32)))) [2018-11-23 11:10:43,945 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967293 32))) [2018-11-23 11:10:43,971 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2018-11-23 11:10:43,975 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 3 [2018-11-23 11:10:43,975 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,977 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,978 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:43,978 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:15, output treesize:3 [2018-11-23 11:10:43,982 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:43,982 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (= (_ bv3 32) .cse0) (= .cse0 |main_#t~mem36|))) [2018-11-23 11:10:43,982 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem36| (_ bv3 32)) [2018-11-23 11:10:43,999 INFO L256 TraceCheckUtils]: 0: Hoare triple {3470#true} call ULTIMATE.init(); {3470#true} is VALID [2018-11-23 11:10:43,999 INFO L273 TraceCheckUtils]: 1: Hoare triple {3470#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {3470#true} is VALID [2018-11-23 11:10:43,999 INFO L273 TraceCheckUtils]: 2: Hoare triple {3470#true} assume true; {3470#true} is VALID [2018-11-23 11:10:44,000 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {3470#true} {3470#true} #200#return; {3470#true} is VALID [2018-11-23 11:10:44,000 INFO L256 TraceCheckUtils]: 4: Hoare triple {3470#true} call #t~ret39 := main(); {3470#true} is VALID [2018-11-23 11:10:44,000 INFO L273 TraceCheckUtils]: 5: Hoare triple {3470#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {3470#true} is VALID [2018-11-23 11:10:44,000 INFO L273 TraceCheckUtils]: 6: Hoare triple {3470#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {3470#true} is VALID [2018-11-23 11:10:44,001 INFO L273 TraceCheckUtils]: 7: Hoare triple {3470#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {3470#true} is VALID [2018-11-23 11:10:44,001 INFO L273 TraceCheckUtils]: 8: Hoare triple {3470#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {3470#true} is VALID [2018-11-23 11:10:44,001 INFO L273 TraceCheckUtils]: 9: Hoare triple {3470#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {3470#true} is VALID [2018-11-23 11:10:44,001 INFO L273 TraceCheckUtils]: 10: Hoare triple {3470#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {3470#true} is VALID [2018-11-23 11:10:44,001 INFO L273 TraceCheckUtils]: 11: Hoare triple {3470#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {3470#true} is VALID [2018-11-23 11:10:44,001 INFO L273 TraceCheckUtils]: 12: Hoare triple {3470#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {3470#true} is VALID [2018-11-23 11:10:44,001 INFO L273 TraceCheckUtils]: 13: Hoare triple {3470#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {3470#true} is VALID [2018-11-23 11:10:44,002 INFO L273 TraceCheckUtils]: 14: Hoare triple {3470#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {3470#true} is VALID [2018-11-23 11:10:44,002 INFO L273 TraceCheckUtils]: 15: Hoare triple {3470#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {3520#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:44,003 INFO L273 TraceCheckUtils]: 16: Hoare triple {3520#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {3520#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:44,004 INFO L273 TraceCheckUtils]: 17: Hoare triple {3520#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3527#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:44,004 INFO L273 TraceCheckUtils]: 18: Hoare triple {3527#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {3527#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:44,005 INFO L273 TraceCheckUtils]: 19: Hoare triple {3527#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0bv32 != #t~nondet31);havoc #t~nondet31;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc32.base, #t~malloc32.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc32.base, #t~malloc32.offset; {3534#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:44,006 INFO L273 TraceCheckUtils]: 20: Hoare triple {3534#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {3534#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:44,008 INFO L273 TraceCheckUtils]: 21: Hoare triple {3534#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem33.base, #t~mem33.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem33.base, #t~mem33.offset;havoc #t~mem33.base, #t~mem33.offset; {3541#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} is VALID [2018-11-23 11:10:44,009 INFO L273 TraceCheckUtils]: 22: Hoare triple {3541#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {3541#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} is VALID [2018-11-23 11:10:44,011 INFO L273 TraceCheckUtils]: 23: Hoare triple {3541#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3548#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} is VALID [2018-11-23 11:10:44,012 INFO L273 TraceCheckUtils]: 24: Hoare triple {3548#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3548#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} is VALID [2018-11-23 11:10:44,014 INFO L273 TraceCheckUtils]: 25: Hoare triple {3548#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} assume !!(2bv32 == #t~mem34);havoc #t~mem34;call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {3555#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:44,014 INFO L273 TraceCheckUtils]: 26: Hoare triple {3555#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3555#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:44,014 INFO L273 TraceCheckUtils]: 27: Hoare triple {3555#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2bv32 == #t~mem34);havoc #t~mem34; {3555#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:44,015 INFO L273 TraceCheckUtils]: 28: Hoare triple {3555#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3565#(= (bvadd |main_#t~mem36| (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:44,016 INFO L273 TraceCheckUtils]: 29: Hoare triple {3565#(= (bvadd |main_#t~mem36| (_ bv4294967293 32)) (_ bv0 32))} assume !!(1bv32 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {3471#false} is VALID [2018-11-23 11:10:44,016 INFO L273 TraceCheckUtils]: 30: Hoare triple {3471#false} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3471#false} is VALID [2018-11-23 11:10:44,016 INFO L273 TraceCheckUtils]: 31: Hoare triple {3471#false} assume !(1bv32 == #t~mem36);havoc #t~mem36; {3471#false} is VALID [2018-11-23 11:10:44,017 INFO L273 TraceCheckUtils]: 32: Hoare triple {3471#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3471#false} is VALID [2018-11-23 11:10:44,017 INFO L273 TraceCheckUtils]: 33: Hoare triple {3471#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {3471#false} is VALID [2018-11-23 11:10:44,017 INFO L273 TraceCheckUtils]: 34: Hoare triple {3471#false} assume !false; {3471#false} is VALID [2018-11-23 11:10:44,020 INFO L134 CoverageAnalysis]: Checked inductivity of 6 backedges. 2 proven. 3 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:44,020 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:10:44,213 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:44,239 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:44,252 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:44,274 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:44,357 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 40 treesize of output 32 [2018-11-23 11:10:44,367 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 1 [2018-11-23 11:10:44,369 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:44,375 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:44,381 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 46 treesize of output 38 [2018-11-23 11:10:44,392 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 20 treesize of output 1 [2018-11-23 11:10:44,394 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:44,403 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:44,453 INFO L267 ElimStorePlain]: Start of recursive call 11: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:44,467 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:44,478 INFO L267 ElimStorePlain]: Start of recursive call 13: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:44,484 INFO L267 ElimStorePlain]: Start of recursive call 12: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:44,506 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: 2 dim-0 vars, and 2 xjuncts. [2018-11-23 11:10:44,506 INFO L202 ElimStorePlain]: Needed 13 recursive calls to eliminate 3 variables, input treesize:61, output treesize:35 [2018-11-23 11:10:46,466 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:46,466 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_int|, |v_#memory_$Pointer$.base_57|, |v_#memory_$Pointer$.offset_55|]. (or (not (= (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.offset_55| main_~p~0.base) main_~p~0.offset))) |v_#memory_$Pointer$.offset_55|)) (not (= (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.base_57| main_~p~0.base) main_~p~0.offset))) |v_#memory_$Pointer$.base_57|)) (not (= (_ bv1 32) (let ((.cse0 (bvadd main_~a~0.offset (_ bv4 32)))) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) (select (select |v_#memory_$Pointer$.base_57| main_~a~0.base) .cse0)) (select (select |v_#memory_$Pointer$.offset_55| main_~a~0.base) .cse0)))))) [2018-11-23 11:10:46,466 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_22, v_DerPreprocessor_18]. (let ((.cse0 (bvadd main_~a~0.offset (_ bv4 32)))) (and (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_22)) main_~a~0.base) .cse0) main_~p~0.base) (= (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_18)) main_~a~0.base) .cse0) main_~p~0.offset))) [2018-11-23 11:10:46,647 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 29 [2018-11-23 11:10:46,724 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 10 [2018-11-23 11:10:46,725 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:46,798 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 20 treesize of output 24 [2018-11-23 11:10:46,807 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 11 [2018-11-23 11:10:46,809 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:46,847 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2018-11-23 11:10:46,850 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:46,880 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 11 [2018-11-23 11:10:46,882 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:46,892 INFO L267 ElimStorePlain]: Start of recursive call 4: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:46,898 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 19 [2018-11-23 11:10:46,904 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:10:46,904 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:46,912 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:46,950 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 7 xjuncts. [2018-11-23 11:10:47,105 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 29 [2018-11-23 11:10:47,190 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 10 [2018-11-23 11:10:47,196 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:47,273 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 20 treesize of output 24 [2018-11-23 11:10:47,286 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 15 [2018-11-23 11:10:47,289 INFO L267 ElimStorePlain]: Start of recursive call 13: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:47,330 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 11 [2018-11-23 11:10:47,332 INFO L267 ElimStorePlain]: Start of recursive call 14: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:47,359 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 3 [2018-11-23 11:10:47,361 INFO L267 ElimStorePlain]: Start of recursive call 15: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:47,370 INFO L267 ElimStorePlain]: Start of recursive call 12: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:10:47,375 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 19 [2018-11-23 11:10:47,381 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:10:47,382 INFO L267 ElimStorePlain]: Start of recursive call 17: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:47,390 INFO L267 ElimStorePlain]: Start of recursive call 16: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:47,427 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 7 xjuncts. [2018-11-23 11:10:47,596 INFO L267 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 2 dim-2 vars, End of recursive call: and 5 xjuncts. [2018-11-23 11:10:47,596 INFO L202 ElimStorePlain]: Needed 17 recursive calls to eliminate 6 variables, input treesize:75, output treesize:33 [2018-11-23 11:10:47,613 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:47,613 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_$Pointer$.base|, v_prenex_11, v_DerPreprocessor_22, |#memory_$Pointer$.offset|, main_~t~0.offset, v_DerPreprocessor_18]. (let ((.cse1 (bvadd main_~p~0.offset (_ bv4 32))) (.cse2 (bvadd main_~a~0.offset (_ bv4 32)))) (and (= main_~t~0.base (select (select (let ((.cse0 (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) .cse1 main_~t~0.base)))) (store .cse0 main_~t~0.base (store (select .cse0 main_~t~0.base) v_prenex_11 v_DerPreprocessor_22))) main_~a~0.base) .cse2)) (= main_~t~0.offset (select (select (let ((.cse3 (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) .cse1 main_~t~0.offset)))) (store .cse3 main_~t~0.base (store (select .cse3 main_~t~0.base) main_~t~0.offset v_DerPreprocessor_18))) main_~a~0.base) .cse2)))) [2018-11-23 11:10:47,613 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ []. (let ((.cse0 (= main_~p~0.base main_~a~0.base)) (.cse1 (= (bvadd main_~p~0.offset (_ bv4 32)) (bvadd main_~a~0.offset (_ bv4 32)))) (.cse2 (= main_~t~0.base main_~a~0.base))) (and .cse0 .cse1 (not .cse2) (or .cse0 .cse2) (or .cse1 .cse2))) [2018-11-23 11:10:49,834 INFO L273 TraceCheckUtils]: 34: Hoare triple {3471#false} assume !false; {3471#false} is VALID [2018-11-23 11:10:49,834 INFO L273 TraceCheckUtils]: 33: Hoare triple {3471#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {3471#false} is VALID [2018-11-23 11:10:49,835 INFO L273 TraceCheckUtils]: 32: Hoare triple {3471#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3471#false} is VALID [2018-11-23 11:10:49,835 INFO L273 TraceCheckUtils]: 31: Hoare triple {3471#false} assume !(1bv32 == #t~mem36);havoc #t~mem36; {3471#false} is VALID [2018-11-23 11:10:49,835 INFO L273 TraceCheckUtils]: 30: Hoare triple {3471#false} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3471#false} is VALID [2018-11-23 11:10:49,836 INFO L273 TraceCheckUtils]: 29: Hoare triple {3599#(not (= (bvadd |main_#t~mem36| (_ bv4294967295 32)) (_ bv0 32)))} assume !!(1bv32 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {3471#false} is VALID [2018-11-23 11:10:49,837 INFO L273 TraceCheckUtils]: 28: Hoare triple {3603#(not (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3599#(not (= (bvadd |main_#t~mem36| (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:49,837 INFO L273 TraceCheckUtils]: 27: Hoare triple {3603#(not (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} assume !(2bv32 == #t~mem34);havoc #t~mem34; {3603#(not (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:49,837 INFO L273 TraceCheckUtils]: 26: Hoare triple {3603#(not (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3603#(not (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:49,838 INFO L273 TraceCheckUtils]: 25: Hoare triple {3613#(not (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967295 32)) (_ bv0 32)))} assume !!(2bv32 == #t~mem34);havoc #t~mem34;call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {3603#(not (= (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:49,838 INFO L273 TraceCheckUtils]: 24: Hoare triple {3613#(not (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967295 32)) (_ bv0 32)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {3613#(not (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:49,844 INFO L273 TraceCheckUtils]: 23: Hoare triple {3620#(and (forall ((v_DerPreprocessor_22 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_22)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_18 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_18)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.offset)))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3613#(not (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967295 32)) (_ bv0 32)))} is VALID [2018-11-23 11:10:49,844 INFO L273 TraceCheckUtils]: 22: Hoare triple {3620#(and (forall ((v_DerPreprocessor_22 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_22)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_18 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_18)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.offset)))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {3620#(and (forall ((v_DerPreprocessor_22 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_22)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_18 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_18)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.offset)))} is VALID [2018-11-23 11:10:49,846 INFO L273 TraceCheckUtils]: 21: Hoare triple {3627#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem33.base, #t~mem33.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem33.base, #t~mem33.offset;havoc #t~mem33.base, #t~mem33.offset; {3620#(and (forall ((v_DerPreprocessor_22 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_22)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base)) (forall ((v_DerPreprocessor_18 (_ BitVec 32))) (= (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_18)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.offset)))} is VALID [2018-11-23 11:10:49,847 INFO L273 TraceCheckUtils]: 20: Hoare triple {3627#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {3627#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:49,849 INFO L273 TraceCheckUtils]: 19: Hoare triple {3634#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((|v_main_#t~malloc32.base_4| (_ BitVec 32))) (not (= (select |#valid| |v_main_#t~malloc32.base_4|) (_ bv0 1)))) (= main_~p~0.base main_~a~0.base)) (or (forall ((v_prenex_14 (_ BitVec 32))) (not (= (select |#valid| v_prenex_14) (_ bv0 1)))) (= main_~p~0.offset main_~a~0.offset)))} assume !!(0bv32 != #t~nondet31);havoc #t~nondet31;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc32.base, #t~malloc32.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc32.base, #t~malloc32.offset; {3627#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:49,850 INFO L273 TraceCheckUtils]: 18: Hoare triple {3634#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((|v_main_#t~malloc32.base_4| (_ BitVec 32))) (not (= (select |#valid| |v_main_#t~malloc32.base_4|) (_ bv0 1)))) (= main_~p~0.base main_~a~0.base)) (or (forall ((v_prenex_14 (_ BitVec 32))) (not (= (select |#valid| v_prenex_14) (_ bv0 1)))) (= main_~p~0.offset main_~a~0.offset)))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {3634#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((|v_main_#t~malloc32.base_4| (_ BitVec 32))) (not (= (select |#valid| |v_main_#t~malloc32.base_4|) (_ bv0 1)))) (= main_~p~0.base main_~a~0.base)) (or (forall ((v_prenex_14 (_ BitVec 32))) (not (= (select |#valid| v_prenex_14) (_ bv0 1)))) (= main_~p~0.offset main_~a~0.offset)))} is VALID [2018-11-23 11:10:49,851 INFO L273 TraceCheckUtils]: 17: Hoare triple {3641#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3634#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (forall ((|v_main_#t~malloc32.base_4| (_ BitVec 32))) (not (= (select |#valid| |v_main_#t~malloc32.base_4|) (_ bv0 1)))) (= main_~p~0.base main_~a~0.base)) (or (forall ((v_prenex_14 (_ BitVec 32))) (not (= (select |#valid| v_prenex_14) (_ bv0 1)))) (= main_~p~0.offset main_~a~0.offset)))} is VALID [2018-11-23 11:10:49,851 INFO L273 TraceCheckUtils]: 16: Hoare triple {3641#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {3641#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:49,853 INFO L273 TraceCheckUtils]: 15: Hoare triple {3470#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {3641#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:10:49,853 INFO L273 TraceCheckUtils]: 14: Hoare triple {3470#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {3470#true} is VALID [2018-11-23 11:10:49,853 INFO L273 TraceCheckUtils]: 13: Hoare triple {3470#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {3470#true} is VALID [2018-11-23 11:10:49,853 INFO L273 TraceCheckUtils]: 12: Hoare triple {3470#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {3470#true} is VALID [2018-11-23 11:10:49,854 INFO L273 TraceCheckUtils]: 11: Hoare triple {3470#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {3470#true} is VALID [2018-11-23 11:10:49,854 INFO L273 TraceCheckUtils]: 10: Hoare triple {3470#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {3470#true} is VALID [2018-11-23 11:10:49,854 INFO L273 TraceCheckUtils]: 9: Hoare triple {3470#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {3470#true} is VALID [2018-11-23 11:10:49,854 INFO L273 TraceCheckUtils]: 8: Hoare triple {3470#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {3470#true} is VALID [2018-11-23 11:10:49,854 INFO L273 TraceCheckUtils]: 7: Hoare triple {3470#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {3470#true} is VALID [2018-11-23 11:10:49,855 INFO L273 TraceCheckUtils]: 6: Hoare triple {3470#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {3470#true} is VALID [2018-11-23 11:10:49,855 INFO L273 TraceCheckUtils]: 5: Hoare triple {3470#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {3470#true} is VALID [2018-11-23 11:10:49,855 INFO L256 TraceCheckUtils]: 4: Hoare triple {3470#true} call #t~ret39 := main(); {3470#true} is VALID [2018-11-23 11:10:49,855 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {3470#true} {3470#true} #200#return; {3470#true} is VALID [2018-11-23 11:10:49,856 INFO L273 TraceCheckUtils]: 2: Hoare triple {3470#true} assume true; {3470#true} is VALID [2018-11-23 11:10:49,856 INFO L273 TraceCheckUtils]: 1: Hoare triple {3470#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {3470#true} is VALID [2018-11-23 11:10:49,856 INFO L256 TraceCheckUtils]: 0: Hoare triple {3470#true} call ULTIMATE.init(); {3470#true} is VALID [2018-11-23 11:10:49,859 INFO L134 CoverageAnalysis]: Checked inductivity of 6 backedges. 2 proven. 3 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:49,861 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:10:49,861 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 16 [2018-11-23 11:10:49,861 INFO L78 Accepts]: Start accepts. Automaton has 16 states. Word has length 35 [2018-11-23 11:10:49,862 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:10:49,862 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 16 states. [2018-11-23 11:10:49,940 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 50 edges. 50 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:49,940 INFO L459 AbstractCegarLoop]: Interpolant automaton has 16 states [2018-11-23 11:10:49,940 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 16 interpolants. [2018-11-23 11:10:49,941 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=200, Unknown=1, NotChecked=0, Total=240 [2018-11-23 11:10:49,941 INFO L87 Difference]: Start difference. First operand 77 states and 104 transitions. Second operand 16 states. [2018-11-23 11:10:57,258 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:57,258 INFO L93 Difference]: Finished difference Result 93 states and 121 transitions. [2018-11-23 11:10:57,259 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2018-11-23 11:10:57,259 INFO L78 Accepts]: Start accepts. Automaton has 16 states. Word has length 35 [2018-11-23 11:10:57,259 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:10:57,259 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 16 states. [2018-11-23 11:10:57,261 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 94 transitions. [2018-11-23 11:10:57,261 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 16 states. [2018-11-23 11:10:57,263 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 94 transitions. [2018-11-23 11:10:57,263 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 94 transitions. [2018-11-23 11:10:57,412 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 94 edges. 94 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:10:57,413 INFO L225 Difference]: With dead ends: 93 [2018-11-23 11:10:57,414 INFO L226 Difference]: Without dead ends: 83 [2018-11-23 11:10:57,414 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 77 GetRequests, 55 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 55 ImplicationChecksByTransitivity, 2.9s TimeCoverageRelationStatistics Valid=111, Invalid=440, Unknown=1, NotChecked=0, Total=552 [2018-11-23 11:10:57,415 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 83 states. [2018-11-23 11:10:57,469 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 83 to 72. [2018-11-23 11:10:57,470 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:10:57,470 INFO L82 GeneralOperation]: Start isEquivalent. First operand 83 states. Second operand 72 states. [2018-11-23 11:10:57,470 INFO L74 IsIncluded]: Start isIncluded. First operand 83 states. Second operand 72 states. [2018-11-23 11:10:57,470 INFO L87 Difference]: Start difference. First operand 83 states. Second operand 72 states. [2018-11-23 11:10:57,473 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:57,473 INFO L93 Difference]: Finished difference Result 83 states and 109 transitions. [2018-11-23 11:10:57,473 INFO L276 IsEmpty]: Start isEmpty. Operand 83 states and 109 transitions. [2018-11-23 11:10:57,474 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:57,474 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:57,474 INFO L74 IsIncluded]: Start isIncluded. First operand 72 states. Second operand 83 states. [2018-11-23 11:10:57,474 INFO L87 Difference]: Start difference. First operand 72 states. Second operand 83 states. [2018-11-23 11:10:57,477 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:10:57,477 INFO L93 Difference]: Finished difference Result 83 states and 109 transitions. [2018-11-23 11:10:57,477 INFO L276 IsEmpty]: Start isEmpty. Operand 83 states and 109 transitions. [2018-11-23 11:10:57,477 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:10:57,478 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:10:57,478 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:10:57,478 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:10:57,478 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 72 states. [2018-11-23 11:10:57,480 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 72 states to 72 states and 98 transitions. [2018-11-23 11:10:57,480 INFO L78 Accepts]: Start accepts. Automaton has 72 states and 98 transitions. Word has length 35 [2018-11-23 11:10:57,480 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:10:57,480 INFO L480 AbstractCegarLoop]: Abstraction has 72 states and 98 transitions. [2018-11-23 11:10:57,481 INFO L481 AbstractCegarLoop]: Interpolant automaton has 16 states. [2018-11-23 11:10:57,481 INFO L276 IsEmpty]: Start isEmpty. Operand 72 states and 98 transitions. [2018-11-23 11:10:57,481 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2018-11-23 11:10:57,481 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:10:57,481 INFO L402 BasicCegarLoop]: trace histogram [3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:10:57,482 INFO L423 AbstractCegarLoop]: === Iteration 10 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:10:57,482 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:10:57,482 INFO L82 PathProgramCache]: Analyzing trace with hash -428721600, now seen corresponding path program 2 times [2018-11-23 11:10:57,482 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:10:57,482 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 11 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 11 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:10:57,510 INFO L101 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2018-11-23 11:10:57,643 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2018-11-23 11:10:57,643 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-11-23 11:10:57,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:10:57,700 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:10:57,860 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:10:57,861 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:57,868 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:57,868 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:10:57,872 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:57,872 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_49|]. (and (= main_~a~0.offset (_ bv0 32)) (= |#valid| (store |v_#valid_49| main_~a~0.base (_ bv1 1)))) [2018-11-23 11:10:57,873 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:10:57,922 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:57,924 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:10:57,924 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2018-11-23 11:10:57,926 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:57,936 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:57,936 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:22, output treesize:14 [2018-11-23 11:10:57,940 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:57,940 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_50|]. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |v_#valid_50| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (= (_ bv0 1) (select |v_#valid_50| main_~t~0.base))) [2018-11-23 11:10:57,940 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base))) [2018-11-23 11:10:57,999 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:10:58,006 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:10:58,007 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,014 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,057 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:10:58,063 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:10:58,065 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,070 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,101 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,102 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 4 variables, input treesize:52, output treesize:32 [2018-11-23 11:10:58,128 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:58,128 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_60|, main_~t~0.base, |v_#memory_$Pointer$.offset_58|, main_~t~0.offset]. (let ((.cse0 (bvadd main_~a~0.offset (_ bv4 32)))) (and (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse0) main_~p~0.base) (= (store |v_#memory_$Pointer$.base_60| main_~a~0.base (store (select |v_#memory_$Pointer$.base_60| main_~a~0.base) .cse0 main_~t~0.base)) |#memory_$Pointer$.base|) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse0)) (not (= main_~t~0.base main_~a~0.base)) (= |#memory_$Pointer$.offset| (store |v_#memory_$Pointer$.offset_58| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_58| main_~a~0.base) .cse0 main_~t~0.offset))))) [2018-11-23 11:10:58,128 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (bvadd main_~a~0.offset (_ bv4 32)))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse1))) (and (= main_~a~0.offset (_ bv0 32)) (not (= .cse0 main_~a~0.base)) (= .cse0 main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse1))))) [2018-11-23 11:10:58,224 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 102 treesize of output 98 [2018-11-23 11:10:58,232 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 1 [2018-11-23 11:10:58,232 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,257 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,302 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 16 [2018-11-23 11:10:58,308 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 15 [2018-11-23 11:10:58,309 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,370 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,623 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 51 treesize of output 52 [2018-11-23 11:10:58,660 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 28 treesize of output 1 [2018-11-23 11:10:58,685 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,765 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,872 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:58,873 INFO L202 ElimStorePlain]: Needed 7 recursive calls to eliminate 3 variables, input treesize:105, output treesize:27 [2018-11-23 11:10:59,018 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:59,019 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_61|, |v_#memory_int_59|, |v_#memory_$Pointer$.offset_59|]. (let ((.cse0 (select (select |v_#memory_$Pointer$.base_61| main_~p~0.base) (_ bv4 32))) (.cse1 (select (select |v_#memory_$Pointer$.offset_59| main_~p~0.base) (_ bv4 32)))) (and (= main_~p~0.offset (_ bv0 32)) (= |#memory_$Pointer$.offset| (store |v_#memory_$Pointer$.offset_59| .cse0 (store (select |v_#memory_$Pointer$.offset_59| .cse0) .cse1 (select (select |#memory_$Pointer$.offset| .cse0) .cse1)))) (= (store |v_#memory_int_59| .cse0 (store (select |v_#memory_int_59| .cse0) .cse1 (_ bv3 32))) |#memory_int|) (not (= .cse0 main_~p~0.base)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_61| .cse0 (store (select |v_#memory_$Pointer$.base_61| .cse0) .cse1 (select (select |#memory_$Pointer$.base| .cse0) .cse1)))))) [2018-11-23 11:10:59,019 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)))) (and (= main_~p~0.offset (_ bv0 32)) (= (select (select |#memory_int| .cse0) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv3 32)) (not (= .cse0 main_~p~0.base)))) [2018-11-23 11:10:59,064 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 21 [2018-11-23 11:10:59,068 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 13 [2018-11-23 11:10:59,069 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,074 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,089 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 23 [2018-11-23 11:10:59,093 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 14 [2018-11-23 11:10:59,095 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,102 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,110 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,110 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 3 variables, input treesize:40, output treesize:9 [2018-11-23 11:10:59,114 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:59,114 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_47, |#memory_$Pointer$.offset|]. (let ((.cse1 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_47) (_ bv4 32))) (.cse0 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_47) (_ bv4 32)))) (and (= (bvadd (select (select |#memory_int| .cse0) .cse1) (_ bv4294967293 32)) (_ bv0 32)) (= main_~p~0.offset .cse1) (= .cse0 main_~p~0.base) (not (= v_main_~p~0.base_47 .cse0)))) [2018-11-23 11:10:59,114 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967293 32))) [2018-11-23 11:10:59,139 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2018-11-23 11:10:59,143 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 3 [2018-11-23 11:10:59,144 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,145 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,147 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,147 INFO L202 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:15, output treesize:3 [2018-11-23 11:10:59,151 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:10:59,151 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (= (_ bv3 32) .cse0) (= .cse0 |main_#t~mem34|))) [2018-11-23 11:10:59,151 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem34| (_ bv3 32)) [2018-11-23 11:10:59,170 INFO L256 TraceCheckUtils]: 0: Hoare triple {4078#true} call ULTIMATE.init(); {4078#true} is VALID [2018-11-23 11:10:59,170 INFO L273 TraceCheckUtils]: 1: Hoare triple {4078#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {4078#true} is VALID [2018-11-23 11:10:59,170 INFO L273 TraceCheckUtils]: 2: Hoare triple {4078#true} assume true; {4078#true} is VALID [2018-11-23 11:10:59,171 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {4078#true} {4078#true} #200#return; {4078#true} is VALID [2018-11-23 11:10:59,171 INFO L256 TraceCheckUtils]: 4: Hoare triple {4078#true} call #t~ret39 := main(); {4078#true} is VALID [2018-11-23 11:10:59,171 INFO L273 TraceCheckUtils]: 5: Hoare triple {4078#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {4078#true} is VALID [2018-11-23 11:10:59,172 INFO L273 TraceCheckUtils]: 6: Hoare triple {4078#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {4078#true} is VALID [2018-11-23 11:10:59,172 INFO L273 TraceCheckUtils]: 7: Hoare triple {4078#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {4078#true} is VALID [2018-11-23 11:10:59,172 INFO L273 TraceCheckUtils]: 8: Hoare triple {4078#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {4078#true} is VALID [2018-11-23 11:10:59,172 INFO L273 TraceCheckUtils]: 9: Hoare triple {4078#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {4078#true} is VALID [2018-11-23 11:10:59,173 INFO L273 TraceCheckUtils]: 10: Hoare triple {4078#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {4078#true} is VALID [2018-11-23 11:10:59,173 INFO L273 TraceCheckUtils]: 11: Hoare triple {4078#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {4078#true} is VALID [2018-11-23 11:10:59,173 INFO L273 TraceCheckUtils]: 12: Hoare triple {4078#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {4078#true} is VALID [2018-11-23 11:10:59,173 INFO L273 TraceCheckUtils]: 13: Hoare triple {4078#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {4078#true} is VALID [2018-11-23 11:10:59,173 INFO L273 TraceCheckUtils]: 14: Hoare triple {4078#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {4078#true} is VALID [2018-11-23 11:10:59,185 INFO L273 TraceCheckUtils]: 15: Hoare triple {4078#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {4128#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:59,185 INFO L273 TraceCheckUtils]: 16: Hoare triple {4128#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {4128#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:10:59,186 INFO L273 TraceCheckUtils]: 17: Hoare triple {4128#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4135#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:59,186 INFO L273 TraceCheckUtils]: 18: Hoare triple {4135#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {4135#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:10:59,188 INFO L273 TraceCheckUtils]: 19: Hoare triple {4135#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0bv32 != #t~nondet31);havoc #t~nondet31;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc32.base, #t~malloc32.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc32.base, #t~malloc32.offset; {4142#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:59,188 INFO L273 TraceCheckUtils]: 20: Hoare triple {4142#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {4142#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:10:59,190 INFO L273 TraceCheckUtils]: 21: Hoare triple {4142#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem33.base, #t~mem33.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem33.base, #t~mem33.offset;havoc #t~mem33.base, #t~mem33.offset; {4149#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} is VALID [2018-11-23 11:10:59,191 INFO L273 TraceCheckUtils]: 22: Hoare triple {4149#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {4149#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} is VALID [2018-11-23 11:10:59,193 INFO L273 TraceCheckUtils]: 23: Hoare triple {4149#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4156#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} is VALID [2018-11-23 11:10:59,194 INFO L273 TraceCheckUtils]: 24: Hoare triple {4156#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4156#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} is VALID [2018-11-23 11:10:59,196 INFO L273 TraceCheckUtils]: 25: Hoare triple {4156#(and (= main_~p~0.offset (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967293 32)) (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32)) main_~p~0.base)))} assume !!(2bv32 == #t~mem34);havoc #t~mem34;call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4163#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2018-11-23 11:10:59,197 INFO L273 TraceCheckUtils]: 26: Hoare triple {4163#(= (_ bv3 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4167#(= (bvadd |main_#t~mem34| (_ bv4294967293 32)) (_ bv0 32))} is VALID [2018-11-23 11:10:59,198 INFO L273 TraceCheckUtils]: 27: Hoare triple {4167#(= (bvadd |main_#t~mem34| (_ bv4294967293 32)) (_ bv0 32))} assume !!(2bv32 == #t~mem34);havoc #t~mem34;call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4079#false} is VALID [2018-11-23 11:10:59,198 INFO L273 TraceCheckUtils]: 28: Hoare triple {4079#false} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4079#false} is VALID [2018-11-23 11:10:59,198 INFO L273 TraceCheckUtils]: 29: Hoare triple {4079#false} assume !(2bv32 == #t~mem34);havoc #t~mem34; {4079#false} is VALID [2018-11-23 11:10:59,198 INFO L273 TraceCheckUtils]: 30: Hoare triple {4079#false} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4079#false} is VALID [2018-11-23 11:10:59,199 INFO L273 TraceCheckUtils]: 31: Hoare triple {4079#false} assume !(1bv32 == #t~mem36);havoc #t~mem36; {4079#false} is VALID [2018-11-23 11:10:59,199 INFO L273 TraceCheckUtils]: 32: Hoare triple {4079#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4079#false} is VALID [2018-11-23 11:10:59,199 INFO L273 TraceCheckUtils]: 33: Hoare triple {4079#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {4079#false} is VALID [2018-11-23 11:10:59,199 INFO L273 TraceCheckUtils]: 34: Hoare triple {4079#false} assume !false; {4079#false} is VALID [2018-11-23 11:10:59,201 INFO L134 CoverageAnalysis]: Checked inductivity of 8 backedges. 4 proven. 3 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:10:59,201 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:10:59,497 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:59,522 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:59,534 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:59,555 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:59,641 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 48 treesize of output 32 [2018-11-23 11:10:59,649 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 1 [2018-11-23 11:10:59,650 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,658 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,665 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 38 treesize of output 22 [2018-11-23 11:10:59,673 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 1 [2018-11-23 11:10:59,673 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,680 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,720 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,728 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:10:59,738 INFO L267 ElimStorePlain]: Start of recursive call 13: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:59,779 INFO L267 ElimStorePlain]: Start of recursive call 12: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:10:59,799 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: 2 dim-0 vars, and 2 xjuncts. [2018-11-23 11:10:59,800 INFO L202 ElimStorePlain]: Needed 13 recursive calls to eliminate 3 variables, input treesize:63, output treesize:35 [2018-11-23 11:11:00,557 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:00,557 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_int|, |v_#memory_$Pointer$.base_62|, |v_#memory_$Pointer$.offset_60|]. (or (not (= |v_#memory_$Pointer$.offset_60| (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.offset_60| main_~p~0.base) main_~p~0.offset))))) (not (= (bvadd (let ((.cse0 (bvadd main_~a~0.offset (_ bv4 32)))) (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))) (select (select |v_#memory_$Pointer$.base_62| main_~a~0.base) .cse0)) (select (select |v_#memory_$Pointer$.offset_60| main_~a~0.base) .cse0))) (_ bv4294967294 32)) (_ bv0 32))) (not (= |v_#memory_$Pointer$.base_62| (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.base_62| main_~p~0.base) main_~p~0.offset)))))) [2018-11-23 11:11:00,557 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_32, v_DerPreprocessor_28]. (let ((.cse0 (bvadd main_~a~0.offset (_ bv4 32)))) (and (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_32)) main_~a~0.base) .cse0)) (= main_~p~0.base (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_28)) main_~a~0.base) .cse0)))) [2018-11-23 11:11:00,740 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 29 [2018-11-23 11:11:00,808 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 10 [2018-11-23 11:11:00,809 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:00,951 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 20 treesize of output 24 [2018-11-23 11:11:00,960 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 11 [2018-11-23 11:11:00,962 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:01,003 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 11 [2018-11-23 11:11:01,005 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:01,033 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2018-11-23 11:11:01,035 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:01,044 INFO L267 ElimStorePlain]: Start of recursive call 4: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:11:01,049 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 19 [2018-11-23 11:11:01,055 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:11:01,056 INFO L267 ElimStorePlain]: Start of recursive call 9: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:01,063 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:01,103 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 7 xjuncts. [2018-11-23 11:11:01,245 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 29 [2018-11-23 11:11:01,324 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 10 [2018-11-23 11:11:01,326 INFO L267 ElimStorePlain]: Start of recursive call 11: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:01,402 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 20 treesize of output 24 [2018-11-23 11:11:01,412 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 11 [2018-11-23 11:11:01,414 INFO L267 ElimStorePlain]: Start of recursive call 13: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:01,449 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2018-11-23 11:11:01,450 INFO L267 ElimStorePlain]: Start of recursive call 14: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:01,479 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 11 [2018-11-23 11:11:01,481 INFO L267 ElimStorePlain]: Start of recursive call 15: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:01,492 INFO L267 ElimStorePlain]: Start of recursive call 12: 3 dim-1 vars, End of recursive call: and 2 xjuncts. [2018-11-23 11:11:01,496 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 21 treesize of output 19 [2018-11-23 11:11:01,503 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 1 [2018-11-23 11:11:01,504 INFO L267 ElimStorePlain]: Start of recursive call 17: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:01,511 INFO L267 ElimStorePlain]: Start of recursive call 16: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:01,547 INFO L267 ElimStorePlain]: Start of recursive call 10: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 7 xjuncts. [2018-11-23 11:11:01,707 INFO L267 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 2 dim-2 vars, End of recursive call: and 5 xjuncts. [2018-11-23 11:11:01,707 INFO L202 ElimStorePlain]: Needed 17 recursive calls to eliminate 6 variables, input treesize:75, output treesize:33 [2018-11-23 11:11:01,733 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:01,734 WARN L384 uantifierElimination]: Input elimination task: ∀ [|#memory_$Pointer$.offset|, v_prenex_15, v_DerPreprocessor_32, |#memory_$Pointer$.base|, main_~t~0.offset, v_DerPreprocessor_28]. (let ((.cse1 (bvadd main_~p~0.offset (_ bv4 32))) (.cse2 (bvadd main_~a~0.offset (_ bv4 32)))) (and (= v_prenex_15 (select (select (let ((.cse0 (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) .cse1 v_prenex_15)))) (store .cse0 main_~t~0.base (store (select .cse0 main_~t~0.base) v_prenex_15 v_DerPreprocessor_32))) main_~a~0.base) .cse2)) (= main_~t~0.base (select (select (let ((.cse3 (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) .cse1 main_~t~0.base)))) (store .cse3 main_~t~0.base (store (select .cse3 main_~t~0.base) main_~t~0.offset v_DerPreprocessor_28))) main_~a~0.base) .cse2)))) [2018-11-23 11:11:01,734 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ []. (let ((.cse0 (= main_~p~0.base main_~a~0.base)) (.cse1 (= (bvadd main_~p~0.offset (_ bv4 32)) (bvadd main_~a~0.offset (_ bv4 32)))) (.cse2 (= main_~t~0.base main_~a~0.base))) (and .cse0 .cse1 (not .cse2) (or .cse0 .cse2) (or .cse1 .cse2))) [2018-11-23 11:11:01,966 INFO L273 TraceCheckUtils]: 34: Hoare triple {4079#false} assume !false; {4079#false} is VALID [2018-11-23 11:11:01,966 INFO L273 TraceCheckUtils]: 33: Hoare triple {4079#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {4079#false} is VALID [2018-11-23 11:11:01,966 INFO L273 TraceCheckUtils]: 32: Hoare triple {4079#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4079#false} is VALID [2018-11-23 11:11:01,967 INFO L273 TraceCheckUtils]: 31: Hoare triple {4079#false} assume !(1bv32 == #t~mem36);havoc #t~mem36; {4079#false} is VALID [2018-11-23 11:11:01,967 INFO L273 TraceCheckUtils]: 30: Hoare triple {4079#false} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4079#false} is VALID [2018-11-23 11:11:01,967 INFO L273 TraceCheckUtils]: 29: Hoare triple {4079#false} assume !(2bv32 == #t~mem34);havoc #t~mem34; {4079#false} is VALID [2018-11-23 11:11:01,967 INFO L273 TraceCheckUtils]: 28: Hoare triple {4079#false} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4079#false} is VALID [2018-11-23 11:11:01,968 INFO L273 TraceCheckUtils]: 27: Hoare triple {4213#(not (= (bvadd |main_#t~mem34| (_ bv4294967294 32)) (_ bv0 32)))} assume !!(2bv32 == #t~mem34);havoc #t~mem34;call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4079#false} is VALID [2018-11-23 11:11:01,969 INFO L273 TraceCheckUtils]: 26: Hoare triple {4217#(not (= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4213#(not (= (bvadd |main_#t~mem34| (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:11:01,970 INFO L273 TraceCheckUtils]: 25: Hoare triple {4221#(not (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967294 32)) (_ bv0 32)))} assume !!(2bv32 == #t~mem34);havoc #t~mem34;call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4217#(not (= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2018-11-23 11:11:01,970 INFO L273 TraceCheckUtils]: 24: Hoare triple {4221#(not (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967294 32)) (_ bv0 32)))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4221#(not (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:11:01,975 INFO L273 TraceCheckUtils]: 23: Hoare triple {4228#(and (forall ((v_DerPreprocessor_28 (_ BitVec 32))) (= main_~p~0.base (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_28)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (forall ((v_DerPreprocessor_32 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_32)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4221#(not (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (bvadd main_~p~0.offset (_ bv4 32)))) (_ bv4294967294 32)) (_ bv0 32)))} is VALID [2018-11-23 11:11:01,976 INFO L273 TraceCheckUtils]: 22: Hoare triple {4228#(and (forall ((v_DerPreprocessor_28 (_ BitVec 32))) (= main_~p~0.base (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_28)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (forall ((v_DerPreprocessor_32 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_32)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {4228#(and (forall ((v_DerPreprocessor_28 (_ BitVec 32))) (= main_~p~0.base (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_28)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (forall ((v_DerPreprocessor_32 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_32)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} is VALID [2018-11-23 11:11:01,979 INFO L273 TraceCheckUtils]: 21: Hoare triple {4235#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem33.base, #t~mem33.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem33.base, #t~mem33.offset;havoc #t~mem33.base, #t~mem33.offset; {4228#(and (forall ((v_DerPreprocessor_28 (_ BitVec 32))) (= main_~p~0.base (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_28)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (forall ((v_DerPreprocessor_32 (_ BitVec 32))) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_32)) main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} is VALID [2018-11-23 11:11:01,979 INFO L273 TraceCheckUtils]: 20: Hoare triple {4235#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {4235#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:11:01,982 INFO L273 TraceCheckUtils]: 19: Hoare triple {4242#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((v_main_~t~0.base_18 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_18) (_ bv0 1))))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_18 (_ BitVec 32))) (not (= (select |#valid| v_prenex_18) (_ bv0 1))))))} assume !!(0bv32 != #t~nondet31);havoc #t~nondet31;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc32.base, #t~malloc32.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc32.base, #t~malloc32.offset; {4235#(and (= main_~p~0.base main_~a~0.base) (= main_~p~0.offset main_~a~0.offset) (not (= main_~t~0.base main_~a~0.base)))} is VALID [2018-11-23 11:11:01,982 INFO L273 TraceCheckUtils]: 18: Hoare triple {4242#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((v_main_~t~0.base_18 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_18) (_ bv0 1))))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_18 (_ BitVec 32))) (not (= (select |#valid| v_prenex_18) (_ bv0 1))))))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {4242#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((v_main_~t~0.base_18 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_18) (_ bv0 1))))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_18 (_ BitVec 32))) (not (= (select |#valid| v_prenex_18) (_ bv0 1))))))} is VALID [2018-11-23 11:11:01,983 INFO L273 TraceCheckUtils]: 17: Hoare triple {4249#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4242#(and (not (= (select |#valid| main_~a~0.base) (_ bv0 1))) (or (= main_~p~0.offset main_~a~0.offset) (forall ((v_main_~t~0.base_18 (_ BitVec 32))) (not (= (select |#valid| v_main_~t~0.base_18) (_ bv0 1))))) (or (= main_~p~0.base main_~a~0.base) (forall ((v_prenex_18 (_ BitVec 32))) (not (= (select |#valid| v_prenex_18) (_ bv0 1))))))} is VALID [2018-11-23 11:11:01,983 INFO L273 TraceCheckUtils]: 16: Hoare triple {4249#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {4249#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:11:01,984 INFO L273 TraceCheckUtils]: 15: Hoare triple {4078#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {4249#(not (= (select |#valid| main_~a~0.base) (_ bv0 1)))} is VALID [2018-11-23 11:11:01,984 INFO L273 TraceCheckUtils]: 14: Hoare triple {4078#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {4078#true} is VALID [2018-11-23 11:11:01,984 INFO L273 TraceCheckUtils]: 13: Hoare triple {4078#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {4078#true} is VALID [2018-11-23 11:11:01,984 INFO L273 TraceCheckUtils]: 12: Hoare triple {4078#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {4078#true} is VALID [2018-11-23 11:11:01,985 INFO L273 TraceCheckUtils]: 11: Hoare triple {4078#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {4078#true} is VALID [2018-11-23 11:11:01,985 INFO L273 TraceCheckUtils]: 10: Hoare triple {4078#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {4078#true} is VALID [2018-11-23 11:11:01,985 INFO L273 TraceCheckUtils]: 9: Hoare triple {4078#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {4078#true} is VALID [2018-11-23 11:11:01,985 INFO L273 TraceCheckUtils]: 8: Hoare triple {4078#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {4078#true} is VALID [2018-11-23 11:11:01,985 INFO L273 TraceCheckUtils]: 7: Hoare triple {4078#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {4078#true} is VALID [2018-11-23 11:11:01,985 INFO L273 TraceCheckUtils]: 6: Hoare triple {4078#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {4078#true} is VALID [2018-11-23 11:11:01,985 INFO L273 TraceCheckUtils]: 5: Hoare triple {4078#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {4078#true} is VALID [2018-11-23 11:11:01,985 INFO L256 TraceCheckUtils]: 4: Hoare triple {4078#true} call #t~ret39 := main(); {4078#true} is VALID [2018-11-23 11:11:01,986 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {4078#true} {4078#true} #200#return; {4078#true} is VALID [2018-11-23 11:11:01,986 INFO L273 TraceCheckUtils]: 2: Hoare triple {4078#true} assume true; {4078#true} is VALID [2018-11-23 11:11:01,986 INFO L273 TraceCheckUtils]: 1: Hoare triple {4078#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {4078#true} is VALID [2018-11-23 11:11:01,986 INFO L256 TraceCheckUtils]: 0: Hoare triple {4078#true} call ULTIMATE.init(); {4078#true} is VALID [2018-11-23 11:11:01,988 INFO L134 CoverageAnalysis]: Checked inductivity of 8 backedges. 4 proven. 3 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:11:01,990 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:11:01,990 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 16 [2018-11-23 11:11:01,991 INFO L78 Accepts]: Start accepts. Automaton has 16 states. Word has length 35 [2018-11-23 11:11:01,991 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-11-23 11:11:01,991 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 16 states. [2018-11-23 11:11:02,070 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:11:02,071 INFO L459 AbstractCegarLoop]: Interpolant automaton has 16 states [2018-11-23 11:11:02,071 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 16 interpolants. [2018-11-23 11:11:02,071 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=201, Unknown=0, NotChecked=0, Total=240 [2018-11-23 11:11:02,072 INFO L87 Difference]: Start difference. First operand 72 states and 98 transitions. Second operand 16 states. [2018-11-23 11:11:09,771 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:11:09,772 INFO L93 Difference]: Finished difference Result 88 states and 115 transitions. [2018-11-23 11:11:09,772 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2018-11-23 11:11:09,772 INFO L78 Accepts]: Start accepts. Automaton has 16 states. Word has length 35 [2018-11-23 11:11:09,772 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:11:09,772 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 16 states. [2018-11-23 11:11:09,774 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 91 transitions. [2018-11-23 11:11:09,774 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 16 states. [2018-11-23 11:11:09,776 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 91 transitions. [2018-11-23 11:11:09,776 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 91 transitions. [2018-11-23 11:11:09,900 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 91 edges. 91 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-11-23 11:11:09,902 INFO L225 Difference]: With dead ends: 88 [2018-11-23 11:11:09,902 INFO L226 Difference]: Without dead ends: 75 [2018-11-23 11:11:09,903 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 77 GetRequests, 55 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 55 ImplicationChecksByTransitivity, 0.8s TimeCoverageRelationStatistics Valid=111, Invalid=441, Unknown=0, NotChecked=0, Total=552 [2018-11-23 11:11:09,903 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 75 states. [2018-11-23 11:11:10,413 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 75 to 69. [2018-11-23 11:11:10,414 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-11-23 11:11:10,414 INFO L82 GeneralOperation]: Start isEquivalent. First operand 75 states. Second operand 69 states. [2018-11-23 11:11:10,414 INFO L74 IsIncluded]: Start isIncluded. First operand 75 states. Second operand 69 states. [2018-11-23 11:11:10,414 INFO L87 Difference]: Start difference. First operand 75 states. Second operand 69 states. [2018-11-23 11:11:10,416 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:11:10,416 INFO L93 Difference]: Finished difference Result 75 states and 99 transitions. [2018-11-23 11:11:10,416 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 99 transitions. [2018-11-23 11:11:10,417 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:11:10,417 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:11:10,417 INFO L74 IsIncluded]: Start isIncluded. First operand 69 states. Second operand 75 states. [2018-11-23 11:11:10,417 INFO L87 Difference]: Start difference. First operand 69 states. Second operand 75 states. [2018-11-23 11:11:10,418 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:11:10,418 INFO L93 Difference]: Finished difference Result 75 states and 99 transitions. [2018-11-23 11:11:10,419 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 99 transitions. [2018-11-23 11:11:10,419 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-11-23 11:11:10,419 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-11-23 11:11:10,419 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-11-23 11:11:10,419 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-11-23 11:11:10,419 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 69 states. [2018-11-23 11:11:10,420 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 69 states to 69 states and 93 transitions. [2018-11-23 11:11:10,421 INFO L78 Accepts]: Start accepts. Automaton has 69 states and 93 transitions. Word has length 35 [2018-11-23 11:11:10,421 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:11:10,421 INFO L480 AbstractCegarLoop]: Abstraction has 69 states and 93 transitions. [2018-11-23 11:11:10,421 INFO L481 AbstractCegarLoop]: Interpolant automaton has 16 states. [2018-11-23 11:11:10,421 INFO L276 IsEmpty]: Start isEmpty. Operand 69 states and 93 transitions. [2018-11-23 11:11:10,421 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 37 [2018-11-23 11:11:10,422 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:11:10,422 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:11:10,422 INFO L423 AbstractCegarLoop]: === Iteration 11 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:11:10,422 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:11:10,422 INFO L82 PathProgramCache]: Analyzing trace with hash -2009854868, now seen corresponding path program 3 times [2018-11-23 11:11:10,423 INFO L223 ckRefinementStrategy]: Switched to mode CVC4_FPBP [2018-11-23 11:11:10,423 INFO L69 tionRefinementEngine]: Using refinement strategy WolfRefinementStrategy No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4nyu Starting monitored process 12 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 12 with cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:11:10,442 INFO L101 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2018-11-23 11:11:10,611 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 3 check-sat command(s) [2018-11-23 11:11:10,612 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-11-23 11:11:10,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:11:10,653 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:11:10,724 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:11:10,726 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:10,735 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:10,735 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2018-11-23 11:11:10,737 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:10,737 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_56|]. (and (= main_~a~0.offset (_ bv0 32)) (= (store |v_#valid_56| main_~a~0.base (_ bv1 1)) |#valid|)) [2018-11-23 11:11:10,738 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.offset (_ bv0 32)) (= (select |#valid| main_~a~0.base) (_ bv1 1))) [2018-11-23 11:11:10,833 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:10,835 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:10,836 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 23 [2018-11-23 11:11:10,838 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:10,861 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:10,861 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:31, output treesize:29 [2018-11-23 11:11:10,867 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:10,867 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#valid_57|]. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (select |v_#valid_57| main_~t~0.base) (_ bv0 1)) (= main_~t~0.offset (_ bv0 32)) (= |#valid| (store |v_#valid_57| main_~t~0.base (_ bv1 1))) (= main_~a~0.offset main_~p~0.offset) (= (bvadd (select |v_#valid_57| main_~a~0.base) (_ bv1 1)) (_ bv0 1))) [2018-11-23 11:11:10,867 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~t~0.offset (_ bv0 32)) (= main_~a~0.offset main_~p~0.offset) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= (select |#valid| main_~t~0.base) (_ bv1 1)) (not (= main_~t~0.base main_~a~0.base))) [2018-11-23 11:11:10,942 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:11:10,949 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:11:10,950 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:10,957 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,003 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 10 [2018-11-23 11:11:11,009 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 9 [2018-11-23 11:11:11,010 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,014 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,049 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,049 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 3 variables, input treesize:66, output treesize:61 [2018-11-23 11:11:11,157 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:11,157 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_65|, main_~t~0.base, |v_#memory_$Pointer$.offset_63|]. (let ((.cse0 (bvadd main_~a~0.offset (_ bv4 32)))) (and (= (store |v_#memory_$Pointer$.offset_63| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_63| main_~a~0.base) .cse0 (_ bv0 32))) |#memory_$Pointer$.offset|) (= main_~a~0.offset (_ bv0 32)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse0) main_~p~0.base) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse0)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (not (= main_~t~0.base main_~a~0.base)) (= (bvadd (select |#valid| main_~t~0.base) (_ bv1 1)) (_ bv0 1)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_65| main_~a~0.base (store (select |v_#memory_$Pointer$.base_65| main_~a~0.base) .cse0 main_~t~0.base))))) [2018-11-23 11:11:11,157 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse2 (bvadd main_~a~0.offset (_ bv4 32)))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse2)) (.cse1 (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse2))) (and (= main_~a~0.offset (_ bv0 32)) (not (= .cse0 main_~a~0.base)) (= .cse0 main_~p~0.base) (= (_ bv0 32) .cse1) (= (bvadd (select |#valid| .cse0) (_ bv1 1)) (_ bv0 1)) (= main_~p~0.offset .cse1) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1))))) [2018-11-23 11:11:11,240 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:11,246 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:11,252 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:11,253 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 4 disjoint index pairs (out of 3 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 25 [2018-11-23 11:11:11,255 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,421 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:11,455 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 45 treesize of output 46 [2018-11-23 11:11:11,478 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 17 [2018-11-23 11:11:11,480 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,511 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,602 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:11,620 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 34 treesize of output 41 [2018-11-23 11:11:11,630 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 18 treesize of output 23 [2018-11-23 11:11:11,632 INFO L267 ElimStorePlain]: Start of recursive call 6: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,649 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,709 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 14 [2018-11-23 11:11:11,719 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 19 [2018-11-23 11:11:11,722 INFO L267 ElimStorePlain]: Start of recursive call 8: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,730 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,771 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:11,771 INFO L202 ElimStorePlain]: Needed 8 recursive calls to eliminate 4 variables, input treesize:110, output treesize:77 [2018-11-23 11:11:11,806 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:11,807 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_63|, |v_#valid_58|, |v_#memory_$Pointer$.base_66|, |v_#memory_$Pointer$.offset_64|]. (let ((.cse2 (bvadd main_~a~0.offset (_ bv4 32)))) (let ((.cse0 (select (select |v_#memory_$Pointer$.base_66| main_~a~0.base) .cse2)) (.cse1 (select (select |v_#memory_$Pointer$.offset_64| main_~a~0.base) .cse2))) (and (= (store |v_#memory_int_63| main_~p~0.base (store (select |v_#memory_int_63| main_~p~0.base) main_~p~0.offset (_ bv2 32))) |#memory_int|) (= (_ bv0 1) (bvadd (select |v_#valid_58| main_~a~0.base) (_ bv1 1))) (= main_~a~0.offset (_ bv0 32)) (not (= .cse0 main_~a~0.base)) (= .cse0 main_~p~0.base) (= main_~t~0.offset (_ bv0 32)) (= (select |v_#valid_58| main_~t~0.base) (_ bv0 1)) (= (store |v_#memory_$Pointer$.offset_64| main_~p~0.base (store (select |v_#memory_$Pointer$.offset_64| main_~p~0.base) main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset))) |#memory_$Pointer$.offset|) (= .cse1 main_~p~0.offset) (= (bvadd (select |v_#valid_58| .cse0) (_ bv1 1)) (_ bv0 1)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_66| main_~p~0.base (store (select |v_#memory_$Pointer$.base_66| main_~p~0.base) main_~p~0.offset (select (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset)))) (= .cse1 (_ bv0 32))))) [2018-11-23 11:11:11,807 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse2 (bvadd main_~a~0.offset (_ bv4 32)))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse2)) (.cse1 (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse2))) (and (not (= .cse0 main_~t~0.base)) (= main_~a~0.offset (_ bv0 32)) (not (= .cse0 main_~a~0.base)) (= .cse0 main_~p~0.base) (= (_ bv0 32) .cse1) (= main_~p~0.offset .cse1) (= main_~t~0.offset (_ bv0 32)) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| .cse0) .cse1))))) [2018-11-23 11:11:11,989 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 182 treesize of output 183 [2018-11-23 11:11:12,007 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 21 [2018-11-23 11:11:12,009 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,081 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,201 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 69 treesize of output 52 [2018-11-23 11:11:12,217 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:12,223 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 52 treesize of output 38 [2018-11-23 11:11:12,225 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,240 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,331 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:12,333 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 4 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 134 treesize of output 145 [2018-11-23 11:11:12,349 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 40 treesize of output 36 [2018-11-23 11:11:12,352 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,387 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,437 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:12,438 INFO L202 ElimStorePlain]: Needed 7 recursive calls to eliminate 4 variables, input treesize:209, output treesize:145 [2018-11-23 11:11:12,505 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:12,505 WARN L384 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_67|, |v_#memory_$Pointer$.offset_65|, |v_#memory_int_64|, main_~t~0.base]. (let ((.cse4 (bvadd main_~a~0.offset (_ bv4 32)))) (let ((.cse0 (select (select |v_#memory_$Pointer$.offset_65| main_~a~0.base) .cse4)) (.cse1 (select (select |v_#memory_$Pointer$.base_67| main_~a~0.base) .cse4))) (let ((.cse3 (select |v_#memory_int_64| .cse1)) (.cse2 (bvadd .cse0 (_ bv4 32)))) (and (= (_ bv0 32) .cse0) (= main_~a~0.offset (_ bv0 32)) (= |#memory_$Pointer$.offset| (store |v_#memory_$Pointer$.offset_65| .cse1 (store (select |v_#memory_$Pointer$.offset_65| .cse1) .cse2 (_ bv0 32)))) (= (select .cse3 .cse0) (_ bv2 32)) (= |#memory_int| (store |v_#memory_int_64| .cse1 (store .cse3 .cse2 (select (select |#memory_int| .cse1) .cse2)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| .cse1) .cse2)) (not (= main_~t~0.base .cse1)) (not (= main_~t~0.base main_~a~0.base)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_67| .cse1 (store (select |v_#memory_$Pointer$.base_67| .cse1) .cse2 main_~t~0.base))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| .cse1) .cse2)) (not (= .cse1 main_~a~0.base)))))) [2018-11-23 11:11:12,505 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse5 (bvadd main_~a~0.offset (_ bv4 32)))) (let ((.cse1 (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse5))) (let ((.cse3 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse5)) (.cse4 (bvadd .cse1 (_ bv4 32)))) (let ((.cse0 (select (select |#memory_$Pointer$.offset| .cse3) .cse4)) (.cse2 (select (select |#memory_$Pointer$.base| .cse3) .cse4))) (and (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 32) .cse0) (= (_ bv0 32) .cse1) (= main_~p~0.base .cse2) (= main_~p~0.offset .cse0) (not (= .cse3 .cse2)) (= (_ bv2 32) (select (select |#memory_int| .cse3) .cse1)) (not (= main_~a~0.base .cse2))))))) [2018-11-23 11:11:12,638 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:12,716 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 3 select indices, 3 select index equivalence classes, 3 disjoint index pairs (out of 3 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 303 treesize of output 297 [2018-11-23 11:11:12,780 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 68 treesize of output 1 [2018-11-23 11:11:12,803 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,026 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,104 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:13,111 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 69 treesize of output 101 [2018-11-23 11:11:13,122 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 64 treesize of output 62 [2018-11-23 11:11:13,123 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,146 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,198 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:13,200 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:13,207 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:13,227 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 3 select indices, 3 select index equivalence classes, 4 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 0 case distinctions, treesize of input 171 treesize of output 182 [2018-11-23 11:11:13,239 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 68 treesize of output 1 [2018-11-23 11:11:13,239 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,261 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,285 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:13,286 INFO L202 ElimStorePlain]: Needed 7 recursive calls to eliminate 3 variables, input treesize:306, output treesize:98 [2018-11-23 11:11:14,845 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:14,850 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 104 treesize of output 86 [2018-11-23 11:11:14,868 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 37 treesize of output 21 [2018-11-23 11:11:14,869 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:14,896 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 47 treesize of output 36 [2018-11-23 11:11:14,898 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:14,913 INFO L267 ElimStorePlain]: Start of recursive call 2: 2 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:14,940 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:14,942 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:14,943 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 40 treesize of output 40 [2018-11-23 11:11:14,967 INFO L478 Elim1Store]: Elim1 applied some preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 3 new quantified variables, introduced 1 case distinctions, treesize of input 18 treesize of output 26 [2018-11-23 11:11:15,012 INFO L267 ElimStorePlain]: Start of recursive call 6: 3 dim-0 vars, End of recursive call: 3 dim-0 vars, and 2 xjuncts. [2018-11-23 11:11:15,064 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 38 treesize of output 35 [2018-11-23 11:11:15,069 INFO L267 ElimStorePlain]: Start of recursive call 7: End of recursive call: and 2 xjuncts. [2018-11-23 11:11:15,074 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 32 treesize of output 23 [2018-11-23 11:11:15,075 INFO L267 ElimStorePlain]: Start of recursive call 8: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:15,114 INFO L267 ElimStorePlain]: Start of recursive call 5: 2 dim-1 vars, End of recursive call: 2 dim-0 vars, and 2 xjuncts. [2018-11-23 11:11:15,154 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: 4 dim-0 vars, and 2 xjuncts. [2018-11-23 11:11:15,155 INFO L202 ElimStorePlain]: Needed 8 recursive calls to eliminate 3 variables, input treesize:118, output treesize:67 [2018-11-23 11:11:15,175 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:15,176 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_56, |#memory_$Pointer$.offset|]. (let ((.cse0 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_56) (_ bv4 32)))) (let ((.cse1 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_56) (_ bv4 32))) (.cse4 (bvadd .cse0 (_ bv4 32)))) (let ((.cse2 (select (select |#memory_$Pointer$.offset| .cse1) .cse4)) (.cse3 (select (select |#memory_$Pointer$.base| .cse1) .cse4))) (and (= main_~p~0.offset .cse0) (= main_~p~0.base .cse1) (= (_ bv2 32) (select (select |#memory_int| v_main_~p~0.base_56) (_ bv0 32))) (= (_ bv0 32) .cse0) (= (_ bv0 32) .cse2) (= (_ bv0 32) (bvadd (select (select |#memory_int| .cse3) .cse2) (_ bv4294967293 32))) (not (= v_main_~p~0.base_56 .cse3)) (= (bvadd (select (select |#memory_int| .cse1) .cse0) (_ bv4294967294 32)) (_ bv0 32)))))) [2018-11-23 11:11:15,176 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ [v_prenex_19, v_arrayElimCell_112, v_main_~p~0.base_56, v_arrayElimCell_111]. (let ((.cse0 (= (_ bv0 32) (bvadd (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) (_ bv4294967294 32)))) (.cse1 (= main_~p~0.offset (_ bv0 32)))) (or (and .cse0 .cse1 (= (_ bv2 32) (select (select |#memory_int| v_prenex_19) (_ bv0 32))) (= (_ bv0 32) (bvadd (select (select |#memory_int| v_arrayElimCell_112) (_ bv0 32)) (_ bv4294967293 32))) (not (= v_prenex_19 main_~p~0.base))) (and .cse0 .cse1 (= (_ bv2 32) (select (select |#memory_int| v_main_~p~0.base_56) (_ bv0 32))) (= (bvadd (select (select |#memory_int| v_arrayElimCell_111) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)) (not (= v_main_~p~0.base_56 main_~p~0.base))))) [2018-11-23 11:11:15,358 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:15,359 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:15,363 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:15,366 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:11:15,367 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 3 select indices, 3 select index equivalence classes, 5 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 0 case distinctions, treesize of input 33 treesize of output 45 [2018-11-23 11:11:15,397 INFO L478 Elim1Store]: Elim1 applied some preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 20 [2018-11-23 11:11:15,401 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 2 xjuncts. [2018-11-23 11:11:15,438 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 1 [2018-11-23 11:11:15,439 INFO L267 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:15,454 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 1 [2018-11-23 11:11:15,455 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:11:15,463 INFO L267 ElimStorePlain]: Start of recursive call 2: 3 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:15,477 INFO L267 ElimStorePlain]: Start of recursive call 1: 3 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:11:15,477 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 4 variables, input treesize:37, output treesize:5 [2018-11-23 11:11:15,482 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:15,482 WARN L384 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, v_main_~p~0.base_56, v_arrayElimCell_111]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) (_ bv0 32)))) (and (= (_ bv2 32) (select (select |#memory_int| v_main_~p~0.base_56) (_ bv0 32))) (= (bvadd (select (select |#memory_int| v_arrayElimCell_111) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd .cse0 (_ bv4294967294 32)) (_ bv0 32)) (= |main_#t~mem34| .cse0) (not (= v_main_~p~0.base_56 main_~p~0.base)))) [2018-11-23 11:11:15,482 WARN L385 uantifierElimination]: ElimStorePlain result: ∃ []. (= (_ bv0 32) (bvadd |main_#t~mem34| (_ bv4294967294 32))) [2018-11-23 11:11:15,510 INFO L256 TraceCheckUtils]: 0: Hoare triple {4661#true} call ULTIMATE.init(); {4661#true} is VALID [2018-11-23 11:11:15,511 INFO L273 TraceCheckUtils]: 1: Hoare triple {4661#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1]; {4661#true} is VALID [2018-11-23 11:11:15,511 INFO L273 TraceCheckUtils]: 2: Hoare triple {4661#true} assume true; {4661#true} is VALID [2018-11-23 11:11:15,511 INFO L268 TraceCheckUtils]: 3: Hoare quadruple {4661#true} {4661#true} #200#return; {4661#true} is VALID [2018-11-23 11:11:15,511 INFO L256 TraceCheckUtils]: 4: Hoare triple {4661#true} call #t~ret39 := main(); {4661#true} is VALID [2018-11-23 11:11:15,511 INFO L273 TraceCheckUtils]: 5: Hoare triple {4661#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.alloc(8bv32);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~root~0.offset, 4bv32);call write~$Pointer$(0bv32, 0bv32, ~root~0.base, ~bvadd32(4bv32, ~root~0.offset), 4bv32); {4661#true} is VALID [2018-11-23 11:11:15,511 INFO L273 TraceCheckUtils]: 6: Hoare triple {4661#true} assume !(0bv32 != #t~nondet3);havoc #t~nondet3; {4661#true} is VALID [2018-11-23 11:11:15,512 INFO L273 TraceCheckUtils]: 7: Hoare triple {4661#true} ~n~0.base, ~n~0.offset := 0bv32, 0bv32;havoc ~pred~0.base, ~pred~0.offset; {4661#true} is VALID [2018-11-23 11:11:15,512 INFO L273 TraceCheckUtils]: 8: Hoare triple {4661#true} assume !!(~root~0.base != 0bv32 || ~root~0.offset != 0bv32);~pred~0.base, ~pred~0.offset := 0bv32, 0bv32;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {4661#true} is VALID [2018-11-23 11:11:15,512 INFO L273 TraceCheckUtils]: 9: Hoare triple {4661#true} call #t~mem20.base, #t~mem20.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4bv32);#t~short22 := #t~mem20.base != 0bv32 || #t~mem20.offset != 0bv32; {4661#true} is VALID [2018-11-23 11:11:15,512 INFO L273 TraceCheckUtils]: 10: Hoare triple {4661#true} assume !#t~short22;call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~n~0.base, ~bvadd32(4bv32, ~n~0.offset), 4bv32);#t~short22 := #t~mem21.base != 0bv32 || #t~mem21.offset != 0bv32; {4661#true} is VALID [2018-11-23 11:11:15,512 INFO L273 TraceCheckUtils]: 11: Hoare triple {4661#true} assume !#t~short22;havoc #t~short22;havoc #t~mem20.base, #t~mem20.offset;havoc #t~mem21.base, #t~mem21.offset; {4661#true} is VALID [2018-11-23 11:11:15,512 INFO L273 TraceCheckUtils]: 12: Hoare triple {4661#true} assume !(~pred~0.base != 0bv32 || ~pred~0.offset != 0bv32);~root~0.base, ~root~0.offset := 0bv32, 0bv32; {4661#true} is VALID [2018-11-23 11:11:15,513 INFO L273 TraceCheckUtils]: 13: Hoare triple {4661#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {4661#true} is VALID [2018-11-23 11:11:15,513 INFO L273 TraceCheckUtils]: 14: Hoare triple {4661#true} assume !(~root~0.base != 0bv32 || ~root~0.offset != 0bv32); {4661#true} is VALID [2018-11-23 11:11:15,514 INFO L273 TraceCheckUtils]: 15: Hoare triple {4661#true} call #t~malloc27.base, #t~malloc27.offset := #Ultimate.alloc(8bv32);~a~0.base, ~a~0.offset := #t~malloc27.base, #t~malloc27.offset; {4711#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:11:15,514 INFO L273 TraceCheckUtils]: 16: Hoare triple {4711#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~a~0.base == 0bv32 && ~a~0.offset == 0bv32); {4711#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:11:15,515 INFO L273 TraceCheckUtils]: 17: Hoare triple {4711#(and (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4718#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:11:15,515 INFO L273 TraceCheckUtils]: 18: Hoare triple {4718#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !(0bv32 != #t~nondet28);havoc #t~nondet28; {4718#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2018-11-23 11:11:15,519 INFO L273 TraceCheckUtils]: 19: Hoare triple {4718#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0bv32 != #t~nondet31);havoc #t~nondet31;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc32.base, #t~malloc32.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc32.base, #t~malloc32.offset; {4725#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~t~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (bvadd (select |#valid| main_~t~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:11:15,520 INFO L273 TraceCheckUtils]: 20: Hoare triple {4725#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~t~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (bvadd (select |#valid| main_~t~0.base) (_ bv1 1)) (_ bv0 1)))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {4725#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~t~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (bvadd (select |#valid| main_~t~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:11:15,522 INFO L273 TraceCheckUtils]: 21: Hoare triple {4725#(and (= main_~p~0.base main_~a~0.base) (= main_~a~0.offset (_ bv0 32)) (= main_~t~0.offset (_ bv0 32)) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)) (= main_~a~0.offset main_~p~0.offset) (not (= main_~t~0.base main_~a~0.base)) (= (bvadd (select |#valid| main_~t~0.base) (_ bv1 1)) (_ bv0 1)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem33.base, #t~mem33.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem33.base, #t~mem33.offset;havoc #t~mem33.base, #t~mem33.offset; {4732#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= (bvadd (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (_ bv1 1)) (_ bv0 1)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} is VALID [2018-11-23 11:11:15,526 INFO L273 TraceCheckUtils]: 22: Hoare triple {4732#(and (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= (bvadd (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (_ bv1 1)) (_ bv0 1)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= (bvadd (select |#valid| main_~a~0.base) (_ bv1 1)) (_ bv0 1)))} assume !!(0bv32 != #t~nondet31);havoc #t~nondet31;call write~intINTTYPE4(2bv32, ~p~0.base, ~p~0.offset, 4bv32);call #t~malloc32.base, #t~malloc32.offset := #Ultimate.alloc(8bv32);~t~0.base, ~t~0.offset := #t~malloc32.base, #t~malloc32.offset; {4736#(and (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~t~0.base)) (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~t~0.offset (_ bv0 32)) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} is VALID [2018-11-23 11:11:15,528 INFO L273 TraceCheckUtils]: 23: Hoare triple {4736#(and (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~t~0.base)) (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~t~0.offset (_ bv0 32)) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} assume !(~t~0.base == 0bv32 && ~t~0.offset == 0bv32); {4736#(and (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~t~0.base)) (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~t~0.offset (_ bv0 32)) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} is VALID [2018-11-23 11:11:15,531 INFO L273 TraceCheckUtils]: 24: Hoare triple {4736#(and (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~t~0.base)) (= main_~a~0.offset (_ bv0 32)) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~a~0.base)) (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) main_~p~0.base) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~t~0.offset (_ bv0 32)) (not (= main_~t~0.base main_~a~0.base)) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);call #t~mem33.base, #t~mem33.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem33.base, #t~mem33.offset;havoc #t~mem33.base, #t~mem33.offset; {4743#(and (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32))))) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32))))))} is VALID [2018-11-23 11:11:15,533 INFO L273 TraceCheckUtils]: 25: Hoare triple {4743#(and (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32))))) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32))))))} assume !(0bv32 != #t~nondet31);havoc #t~nondet31; {4743#(and (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32))))) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32))))))} is VALID [2018-11-23 11:11:15,536 INFO L273 TraceCheckUtils]: 26: Hoare triple {4743#(and (= main_~a~0.offset (_ bv0 32)) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32)))) (not (= (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32))))) (= (_ bv2 32) (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32)))) (bvadd (select (select |#memory_$Pointer$.offset| main_~a~0.base) (bvadd main_~a~0.offset (_ bv4 32))) (_ bv4 32))))))} call write~intINTTYPE4(3bv32, ~p~0.base, ~p~0.offset, 4bv32);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4750#(and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (= main_~p~0.offset (_ bv0 32)) (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967294 32)) (_ bv0 32)) (not (= main_~p~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32))))))} is VALID [2018-11-23 11:11:15,538 INFO L273 TraceCheckUtils]: 27: Hoare triple {4750#(and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (= main_~p~0.offset (_ bv0 32)) (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967294 32)) (_ bv0 32)) (not (= main_~p~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32))))))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4754#(and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (= main_~p~0.offset (_ bv0 32)) (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967294 32)) (_ bv0 32)) (not (= main_~p~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32))))) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem34|))} is VALID [2018-11-23 11:11:15,543 INFO L273 TraceCheckUtils]: 28: Hoare triple {4754#(and (= (_ bv0 32) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (= main_~p~0.offset (_ bv0 32)) (= (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32)))) (_ bv4294967293 32)) (_ bv0 32)) (= (bvadd (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32))) (_ bv4294967294 32)) (_ bv0 32)) (not (= main_~p~0.base (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) (_ bv4 32))) (bvadd (select (select |#memory_$Pointer$.offset| main_~p~0.base) (_ bv4 32)) (_ bv4 32))))) (= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem34|))} assume !!(2bv32 == #t~mem34);havoc #t~mem34;call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, ~bvadd32(4bv32, ~p~0.offset), 4bv32);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4758#(and (= main_~p~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_56 (_ BitVec 32))) (and (= (_ bv2 32) (select (select |#memory_int| v_main_~p~0.base_56) (_ bv0 32))) (not (= v_main_~p~0.base_56 main_~p~0.base)))) (exists ((v_arrayElimCell_111 (_ BitVec 32))) (= (bvadd (select (select |#memory_int| v_arrayElimCell_111) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32))))} is VALID [2018-11-23 11:11:15,543 INFO L273 TraceCheckUtils]: 29: Hoare triple {4758#(and (= main_~p~0.offset (_ bv0 32)) (= (_ bv2 32) (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_56 (_ BitVec 32))) (and (= (_ bv2 32) (select (select |#memory_int| v_main_~p~0.base_56) (_ bv0 32))) (not (= v_main_~p~0.base_56 main_~p~0.base)))) (exists ((v_arrayElimCell_111 (_ BitVec 32))) (= (bvadd (select (select |#memory_int| v_arrayElimCell_111) (_ bv0 32)) (_ bv4294967293 32)) (_ bv0 32))))} call #t~mem34 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4762#(= (_ bv2 32) |main_#t~mem34|)} is VALID [2018-11-23 11:11:15,544 INFO L273 TraceCheckUtils]: 30: Hoare triple {4762#(= (_ bv2 32) |main_#t~mem34|)} assume !(2bv32 == #t~mem34);havoc #t~mem34; {4662#false} is VALID [2018-11-23 11:11:15,544 INFO L273 TraceCheckUtils]: 31: Hoare triple {4662#false} call #t~mem36 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4662#false} is VALID [2018-11-23 11:11:15,544 INFO L273 TraceCheckUtils]: 32: Hoare triple {4662#false} assume !(1bv32 == #t~mem36);havoc #t~mem36; {4662#false} is VALID [2018-11-23 11:11:15,544 INFO L273 TraceCheckUtils]: 33: Hoare triple {4662#false} call #t~mem38 := read~intINTTYPE4(~p~0.base, ~p~0.offset, 4bv32); {4662#false} is VALID [2018-11-23 11:11:15,544 INFO L273 TraceCheckUtils]: 34: Hoare triple {4662#false} assume 3bv32 != #t~mem38;havoc #t~mem38; {4662#false} is VALID [2018-11-23 11:11:15,544 INFO L273 TraceCheckUtils]: 35: Hoare triple {4662#false} assume !false; {4662#false} is VALID [2018-11-23 11:11:15,548 INFO L134 CoverageAnalysis]: Checked inductivity of 8 backedges. 0 proven. 7 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:11:15,548 INFO L316 TraceCheckSpWp]: Computing backward predicates... [2018-11-23 11:11:15,834 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:15,851 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:15,913 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:15,929 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:15,962 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:15,963 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:80, output treesize:62 [2018-11-23 11:11:16,259 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:16,260 WARN L384 uantifierElimination]: Input elimination task: ∀ [|v_#memory_$Pointer$.base_69|, |v_#memory_$Pointer$.offset_67|]. (let ((.cse0 (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))))) (or (not (= |v_#memory_$Pointer$.offset_67| (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.offset_67| main_~p~0.base) main_~p~0.offset))))) (not (= |v_#memory_$Pointer$.base_69| (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset (select (select |v_#memory_$Pointer$.base_69| main_~p~0.base) main_~p~0.offset))))) (= (bvadd (let ((.cse1 (bvadd main_~a~0.offset (_ bv4 32)))) (select (select .cse0 (select (select |v_#memory_$Pointer$.base_69| main_~a~0.base) .cse1)) (select (select |v_#memory_$Pointer$.offset_67| main_~a~0.base) .cse1))) (_ bv4294967294 32)) (_ bv0 32)) (not (= (bvadd (select (select .cse0 main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32))))) [2018-11-23 11:11:16,260 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_DerPreprocessor_36, v_DerPreprocessor_34]. (let ((.cse0 (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset (_ bv3 32))))) (or (= (_ bv2 32) (let ((.cse1 (bvadd main_~a~0.offset (_ bv4 32)))) (select (select .cse0 (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_36)) main_~a~0.base) .cse1)) (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset v_DerPreprocessor_34)) main_~a~0.base) .cse1)))) (not (= (bvadd (select (select .cse0 main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32))))) [2018-11-23 11:11:16,593 WARN L180 SmtUtils]: Spent 169.00 ms on a formula simplification that was a NOOP. DAG size: 60 [2018-11-23 11:11:16,608 INFO L267 ElimStorePlain]: Start of recursive call 3: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:16,700 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:16,711 INFO L267 ElimStorePlain]: Start of recursive call 5: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:16,778 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:16,813 INFO L267 ElimStorePlain]: Start of recursive call 7: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:16,886 INFO L267 ElimStorePlain]: Start of recursive call 6: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:16,918 INFO L267 ElimStorePlain]: Start of recursive call 9: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:16,966 INFO L267 ElimStorePlain]: Start of recursive call 8: 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2018-11-23 11:11:17,295 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 12 dim-0 vars, and 4 xjuncts. [2018-11-23 11:11:17,295 INFO L202 ElimStorePlain]: Needed 9 recursive calls to eliminate 3 variables, input treesize:120, output treesize:423 [2018-11-23 11:11:19,860 WARN L383 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2018-11-23 11:11:19,860 WARN L384 uantifierElimination]: Input elimination task: ∀ [v_DerPreprocessor_36, |v_#memory_int_67|, v_DerPreprocessor_34]. (let ((.cse0 (store |v_#memory_int_67| main_~t~0.base (store (select |v_#memory_int_67| main_~t~0.base) main_~t~0.offset (_ bv3 32)))) (.cse2 (bvadd main_~p~0.offset (_ bv4 32)))) (or (= (_ bv2 32) (let ((.cse3 (bvadd main_~a~0.offset (_ bv4 32)))) (select (select .cse0 (select (select (let ((.cse1 (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) .cse2 main_~t~0.base)))) (store .cse1 main_~t~0.base (store (select .cse1 main_~t~0.base) main_~t~0.offset v_DerPreprocessor_36))) main_~a~0.base) .cse3)) (select (select (let ((.cse4 (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) .cse2 main_~t~0.offset)))) (store .cse4 main_~t~0.base (store (select .cse4 main_~t~0.base) main_~t~0.offset v_DerPreprocessor_34))) main_~a~0.base) .cse3)))) (not (= (_ bv2 32) (select (select .cse0 main_~a~0.base) main_~a~0.offset))) (not (= |v_#memory_int_67| (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) .cse2 (select (select |v_#memory_int_67| main_~p~0.base) .cse2))))))) [2018-11-23 11:11:19,861 WARN L385 uantifierElimination]: ElimStorePlain result: ∀ [v_prenex_20, v_prenex_21, v_DerPreprocessor_40, v_DerPreprocessor_36, v_DerPreprocessor_42, v_DerPreprocessor_34, v_prenex_24, v_DerPreprocessor_38, v_prenex_25, v_prenex_22, v_DerPreprocessor_44, v_prenex_23]. (let ((.cse7 (bvadd main_~p~0.offset (_ bv4 32)))) (let ((.cse3 (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) .cse7 main_~t~0.offset))) (.cse0 (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) .cse7 main_~t~0.base)))) (let ((.cse8 (= main_~a~0.offset main_~t~0.offset)) (.cse5 (= main_~t~0.base main_~a~0.base)) (.cse1 (select .cse0 main_~t~0.base)) (.cse4 (select .cse3 main_~t~0.base)) (.cse2 (bvadd main_~a~0.offset (_ bv4 32))) (.cse6 (select |#memory_int| main_~p~0.base))) (and (or (not (= main_~t~0.base (select (select (store .cse0 main_~t~0.base (store .cse1 main_~t~0.offset v_prenex_20)) main_~a~0.base) .cse2))) (not (= main_~t~0.offset (select (select (store .cse3 main_~t~0.base (store .cse4 main_~t~0.offset v_prenex_21)) main_~a~0.base) .cse2))) .cse5 (not (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store .cse6 .cse7 v_DerPreprocessor_40)) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32)))) (let ((.cse9 (store |#memory_int| main_~p~0.base (store .cse6 .cse7 v_DerPreprocessor_42)))) (or .cse8 (= (bvadd (select (select .cse9 (select (select (store .cse0 main_~t~0.base (store .cse1 main_~t~0.offset v_DerPreprocessor_36)) main_~a~0.base) .cse2)) (select (select (store .cse3 main_~t~0.base (store .cse4 main_~t~0.offset v_DerPreprocessor_34)) main_~a~0.base) .cse2)) (_ bv4294967294 32)) (_ bv0 32)) (not (= (bvadd (select (select .cse9 main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32))))) (or (not (= main_~t~0.base (select (select (store .cse0 main_~t~0.base (store .cse1 main_~t~0.offset v_prenex_24)) main_~a~0.base) .cse2))) .cse8 (not (= (bvadd (select (select (store |#memory_int| main_~p~0.base (store .cse6 .cse7 v_DerPreprocessor_38)) main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32))) (not (= main_~t~0.offset (select (select (store .cse3 main_~t~0.base (store .cse4 main_~t~0.offset v_prenex_25)) main_~a~0.base) .cse2)))) (let ((.cse10 (store |#memory_int| main_~p~0.base (store .cse6 .cse7 v_DerPreprocessor_44)))) (or (not (= (bvadd (select (select .cse10 main_~a~0.base) main_~a~0.offset) (_ bv4294967294 32)) (_ bv0 32))) .cse5 (= (bvadd (select (select .cse10 (select (select (store .cse0 main_~t~0.base (store .cse1 main_~t~0.offset v_prenex_22)) main_~a~0.base) .cse2)) (select (select (store .cse3 main_~t~0.base (store .cse4 main_~t~0.offset v_prenex_23)) main_~a~0.base) .cse2)) (_ bv4294967294 32)) (_ bv0 32)))))))) [2018-11-23 11:11:20,699 WARN L180 SmtUtils]: Spent 441.00 ms on a formula simplification that was a NOOP. DAG size: 128 [2018-11-23 11:11:32,311 WARN L180 SmtUtils]: Spent 10.29 s on a formula simplification that was a NOOP. DAG size: 250 [2018-11-23 11:11:32,546 WARN L521 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 12 cvc4nyu --tear-down-incremental --print-success --lang smt --rewrite-divk [2018-11-23 11:11:32,548 FATAL L292 ToolchainWalker]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.NullPointerException at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSort.areDimensionsConsistent(MultiDimensionalSort.java:84) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelect.classInvariant(MultiDimensionalSelect.java:113) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelect.(MultiDimensionalSelect.java:90) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalStore.isCompatibleSelect(MultiDimensionalStore.java:105) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalStore.(MultiDimensionalStore.java:73) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelectOverStore.(MultiDimensionalSelectOverStore.java:48) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSelectOverStore.convert(MultiDimensionalSelectOverStore.java:75) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ArrayQuantifierEliminationUtils.elimAllSos(ArrayQuantifierEliminationUtils.java:57) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.doElimAllRec(ElimStorePlain.java:232) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.doElimOneRec(ElimStorePlain.java:225) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.doElimAllRec(ElimStorePlain.java:247) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.ElimStorePlain.elimAllRec(ElimStorePlain.java:199) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.PartialQuantifierElimination.elim(PartialQuantifierElimination.java:293) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.PartialQuantifierElimination.tryToEliminate(PartialQuantifierElimination.java:101) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer$QuantifierEliminationPostprocessor.postprocess(IterativePredicateTransformer.java:245) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer.applyPostprocessors(IterativePredicateTransformer.java:439) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer.computeBackwardSequence(IterativePredicateTransformer.java:418) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.predicates.IterativePredicateTransformer.computeWeakestPreconditionSequence(IterativePredicateTransformer.java:290) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.singletracecheck.TraceCheckSpWp.computeInterpolantsUsingUnsatCore(TraceCheckSpWp.java:330) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.singletracecheck.TraceCheckSpWp.computeInterpolants(TraceCheckSpWp.java:175) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.singletracecheck.TraceCheckSpWp.(TraceCheckSpWp.java:162) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceCheckConstructor.constructForwardBackward(TraceCheckConstructor.java:224) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceCheckConstructor.constructTraceCheck(TraceCheckConstructor.java:188) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceCheckConstructor.get(TraceCheckConstructor.java:165) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.MultiTrackRefinementStrategy.getTraceCheck(MultiTrackRefinementStrategy.java:232) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseRefinementStrategy.checkFeasibility(BaseRefinementStrategy.java:223) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseRefinementStrategy.executeStrategy(BaseRefinementStrategy.java:197) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceAbstractionRefinementEngine.(TraceAbstractionRefinementEngine.java:70) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.BasicCegarLoop.isCounterexampleFeasible(BasicCegarLoop.java:456) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.AbstractCegarLoop.iterateInternal(AbstractCegarLoop.java:434) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.AbstractCegarLoop.iterate(AbstractCegarLoop.java:376) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.iterate(TraceAbstractionStarter.java:334) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:174) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:126) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:316) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55) [2018-11-23 11:11:32,554 INFO L168 Benchmark]: Toolchain (without parser) took 90063.62 ms. Allocated memory was 1.5 GB in the beginning and 2.6 GB in the end (delta: 1.1 GB). Free memory was 1.4 GB in the beginning and 2.4 GB in the end (delta: -974.8 MB). Peak memory consumption was 143.5 MB. Max. memory is 7.1 GB. [2018-11-23 11:11:32,555 INFO L168 Benchmark]: CDTParser took 0.20 ms. Allocated memory is still 1.5 GB. Free memory is still 1.4 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-11-23 11:11:32,555 INFO L168 Benchmark]: CACSL2BoogieTranslator took 765.95 ms. Allocated memory was 1.5 GB in the beginning and 2.2 GB in the end (delta: 717.2 MB). Free memory was 1.4 GB in the beginning and 2.2 GB in the end (delta: -772.9 MB). Peak memory consumption was 41.2 MB. Max. memory is 7.1 GB. [2018-11-23 11:11:32,555 INFO L168 Benchmark]: Boogie Procedure Inliner took 39.18 ms. Allocated memory is still 2.2 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-11-23 11:11:32,556 INFO L168 Benchmark]: Boogie Preprocessor took 64.37 ms. Allocated memory is still 2.2 GB. Free memory was 2.2 GB in the beginning and 2.2 GB in the end (delta: 13.6 MB). Peak memory consumption was 13.6 MB. Max. memory is 7.1 GB. [2018-11-23 11:11:32,556 INFO L168 Benchmark]: RCFGBuilder took 1751.87 ms. Allocated memory is still 2.2 GB. Free memory was 2.2 GB in the beginning and 2.1 GB in the end (delta: 49.8 MB). Peak memory consumption was 49.8 MB. Max. memory is 7.1 GB. [2018-11-23 11:11:32,556 INFO L168 Benchmark]: TraceAbstraction took 87435.56 ms. Allocated memory was 2.2 GB in the beginning and 2.6 GB in the end (delta: 401.1 MB). Free memory was 2.1 GB in the beginning and 2.4 GB in the end (delta: -265.3 MB). Peak memory consumption was 135.8 MB. Max. memory is 7.1 GB. [2018-11-23 11:11:32,558 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - GenericResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.20 ms. Allocated memory is still 1.5 GB. Free memory is still 1.4 GB. There was no memory consumed. Max. memory is 7.1 GB. * CACSL2BoogieTranslator took 765.95 ms. Allocated memory was 1.5 GB in the beginning and 2.2 GB in the end (delta: 717.2 MB). Free memory was 1.4 GB in the beginning and 2.2 GB in the end (delta: -772.9 MB). Peak memory consumption was 41.2 MB. Max. memory is 7.1 GB. * Boogie Procedure Inliner took 39.18 ms. Allocated memory is still 2.2 GB. Free memory is still 2.2 GB. There was no memory consumed. Max. memory is 7.1 GB. * Boogie Preprocessor took 64.37 ms. Allocated memory is still 2.2 GB. Free memory was 2.2 GB in the beginning and 2.2 GB in the end (delta: 13.6 MB). Peak memory consumption was 13.6 MB. Max. memory is 7.1 GB. * RCFGBuilder took 1751.87 ms. Allocated memory is still 2.2 GB. Free memory was 2.2 GB in the beginning and 2.1 GB in the end (delta: 49.8 MB). Peak memory consumption was 49.8 MB. Max. memory is 7.1 GB. * TraceAbstraction took 87435.56 ms. Allocated memory was 2.2 GB in the beginning and 2.6 GB in the end (delta: 401.1 MB). Free memory was 2.1 GB in the beginning and 2.4 GB in the end (delta: -265.3 MB). Peak memory consumption was 135.8 MB. Max. memory is 7.1 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - ExceptionOrErrorResult: NullPointerException: null de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: NullPointerException: null: de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.arrays.MultiDimensionalSort.areDimensionsConsistent(MultiDimensionalSort.java:84) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request...