./Ultimate.py --spec ../sv-benchmarks/c/properties/valid-memsafety.prp --file ../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version e2fb8bed Calling Ultimate with: /root/.sdkman/candidates/java/21.0.5-tem/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.6.800.v20240513-1750.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 --- Real Ultimate output --- This is Ultimate 0.3.0-?-e2fb8be-m [2025-03-08 22:55:55,267 INFO L188 SettingsManager]: Resetting all preferences to default values... [2025-03-08 22:55:55,321 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2025-03-08 22:55:55,324 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2025-03-08 22:55:55,324 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2025-03-08 22:55:55,337 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2025-03-08 22:55:55,338 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2025-03-08 22:55:55,338 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2025-03-08 22:55:55,338 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2025-03-08 22:55:55,338 INFO L153 SettingsManager]: * Use memory slicer=true [2025-03-08 22:55:55,338 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2025-03-08 22:55:55,338 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2025-03-08 22:55:55,338 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2025-03-08 22:55:55,339 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2025-03-08 22:55:55,339 INFO L153 SettingsManager]: * Use SBE=true [2025-03-08 22:55:55,339 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2025-03-08 22:55:55,339 INFO L153 SettingsManager]: * sizeof long=4 [2025-03-08 22:55:55,339 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2025-03-08 22:55:55,339 INFO L153 SettingsManager]: * sizeof POINTER=4 [2025-03-08 22:55:55,339 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2025-03-08 22:55:55,339 INFO L153 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2025-03-08 22:55:55,339 INFO L153 SettingsManager]: * Bitprecise bitfields=true [2025-03-08 22:55:55,339 INFO L153 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2025-03-08 22:55:55,339 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Check unreachability of reach_error function=false [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * sizeof long double=12 [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Behaviour of calls to undefined functions=OVERAPPROXIMATE_BEHAVIOUR [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Use constant arrays=true [2025-03-08 22:55:55,340 INFO L151 SettingsManager]: Preferences of IcfgBuilder differ from their defaults: [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-08 22:55:55,340 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2025-03-08 22:55:55,340 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 [2025-03-08 22:55:55,579 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2025-03-08 22:55:55,589 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2025-03-08 22:55:55,590 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2025-03-08 22:55:55,592 INFO L270 PluginConnector]: Initializing CDTParser... [2025-03-08 22:55:55,592 INFO L274 PluginConnector]: CDTParser initialized [2025-03-08 22:55:55,593 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2025-03-08 22:55:56,753 INFO L533 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/24cb56e92/c946596b80864ec9b3c2a36d3751bf38/FLAG3e145569c [2025-03-08 22:55:57,032 INFO L384 CDTParser]: Found 1 translation units. [2025-03-08 22:55:57,033 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2025-03-08 22:55:57,043 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/24cb56e92/c946596b80864ec9b3c2a36d3751bf38/FLAG3e145569c [2025-03-08 22:55:57,056 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/24cb56e92/c946596b80864ec9b3c2a36d3751bf38 [2025-03-08 22:55:57,058 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2025-03-08 22:55:57,059 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2025-03-08 22:55:57,060 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2025-03-08 22:55:57,060 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2025-03-08 22:55:57,063 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2025-03-08 22:55:57,064 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 08.03 10:55:57" (1/1) ... [2025-03-08 22:55:57,066 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@3b328b29 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:55:57, skipping insertion in model container [2025-03-08 22:55:57,066 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 08.03 10:55:57" (1/1) ... [2025-03-08 22:55:57,096 INFO L175 MainTranslator]: Built tables and reachable declarations [2025-03-08 22:55:57,329 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-08 22:55:57,365 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-08 22:55:57,366 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-08 22:55:57,367 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-08 22:55:57,380 ERROR L321 MainTranslator]: Unsupported Syntax: Found a cast between two array/pointer types of different sizes while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) [2025-03-08 22:55:57,380 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieTranslatorObserver@40c0a877 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:55:57, skipping insertion in model container [2025-03-08 22:55:57,381 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2025-03-08 22:55:57,381 INFO L186 ToolchainWalker]: Toolchain execution was canceled (user or tool) before executing de.uni_freiburg.informatik.ultimate.boogie.procedureinliner [2025-03-08 22:55:57,382 INFO L158 Benchmark]: Toolchain (without parser) took 322.17ms. Allocated memory is still 142.6MB. Free memory was 104.5MB in the beginning and 90.1MB in the end (delta: 14.4MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-03-08 22:55:57,382 INFO L158 Benchmark]: CDTParser took 0.23ms. Allocated memory is still 201.3MB. Free memory is still 126.4MB. There was no memory consumed. Max. memory is 16.1GB. [2025-03-08 22:55:57,382 INFO L158 Benchmark]: CACSL2BoogieTranslator took 320.63ms. Allocated memory is still 142.6MB. Free memory was 104.5MB in the beginning and 90.1MB in the end (delta: 14.4MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-03-08 22:55:57,383 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.23ms. Allocated memory is still 201.3MB. Free memory is still 126.4MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 320.63ms. Allocated memory is still 142.6MB. Free memory was 104.5MB in the beginning and 90.1MB in the end (delta: 14.4MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - UnsupportedSyntaxResult [Line: 607]: Unsupported Syntax Found a cast between two array/pointer types of different sizes while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /root/.sdkman/candidates/java/21.0.5-tem/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.6.800.v20240513-1750.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 --- Real Ultimate output --- This is Ultimate 0.3.0-?-e2fb8be-m [2025-03-08 22:55:59,042 INFO L188 SettingsManager]: Resetting all preferences to default values... [2025-03-08 22:55:59,123 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf [2025-03-08 22:55:59,131 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2025-03-08 22:55:59,132 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2025-03-08 22:55:59,153 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2025-03-08 22:55:59,154 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2025-03-08 22:55:59,154 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2025-03-08 22:55:59,154 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2025-03-08 22:55:59,154 INFO L153 SettingsManager]: * Use memory slicer=true [2025-03-08 22:55:59,155 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2025-03-08 22:55:59,155 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2025-03-08 22:55:59,155 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2025-03-08 22:55:59,156 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2025-03-08 22:55:59,156 INFO L153 SettingsManager]: * Use SBE=true [2025-03-08 22:55:59,156 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2025-03-08 22:55:59,156 INFO L153 SettingsManager]: * sizeof long=4 [2025-03-08 22:55:59,156 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2025-03-08 22:55:59,156 INFO L153 SettingsManager]: * sizeof POINTER=4 [2025-03-08 22:55:59,156 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2025-03-08 22:55:59,156 INFO L153 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2025-03-08 22:55:59,156 INFO L153 SettingsManager]: * Bitprecise bitfields=true [2025-03-08 22:55:59,156 INFO L153 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2025-03-08 22:55:59,157 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2025-03-08 22:55:59,157 INFO L153 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2025-03-08 22:55:59,157 INFO L153 SettingsManager]: * Use bitvectors instead of ints=true [2025-03-08 22:55:59,157 INFO L153 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2025-03-08 22:55:59,157 INFO L153 SettingsManager]: * Check unreachability of reach_error function=false [2025-03-08 22:55:59,157 INFO L153 SettingsManager]: * sizeof long double=12 [2025-03-08 22:55:59,157 INFO L153 SettingsManager]: * Behaviour of calls to undefined functions=OVERAPPROXIMATE_BEHAVIOUR [2025-03-08 22:55:59,157 INFO L153 SettingsManager]: * Use constant arrays=true [2025-03-08 22:55:59,158 INFO L151 SettingsManager]: Preferences of IcfgBuilder differ from their defaults: [2025-03-08 22:55:59,158 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2025-03-08 22:55:59,158 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2025-03-08 22:55:59,158 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2025-03-08 22:55:59,158 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-08 22:55:59,158 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2025-03-08 22:55:59,159 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2025-03-08 22:55:59,159 INFO L153 SettingsManager]: * Trace refinement strategy=FOX [2025-03-08 22:55:59,159 INFO L153 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2025-03-08 22:55:59,159 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2025-03-08 22:55:59,159 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2025-03-08 22:55:59,159 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2025-03-08 22:55:59,159 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2025-03-08 22:55:59,159 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 [2025-03-08 22:55:59,389 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2025-03-08 22:55:59,394 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2025-03-08 22:55:59,396 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2025-03-08 22:55:59,396 INFO L270 PluginConnector]: Initializing CDTParser... [2025-03-08 22:55:59,397 INFO L274 PluginConnector]: CDTParser initialized [2025-03-08 22:55:59,397 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2025-03-08 22:56:00,582 INFO L533 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/cbafb6407/587aa253cb04432298a450bb30a336a6/FLAGace8651d8 [2025-03-08 22:56:00,764 INFO L384 CDTParser]: Found 1 translation units. [2025-03-08 22:56:00,766 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2025-03-08 22:56:00,779 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/cbafb6407/587aa253cb04432298a450bb30a336a6/FLAGace8651d8 [2025-03-08 22:56:00,790 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/cbafb6407/587aa253cb04432298a450bb30a336a6 [2025-03-08 22:56:00,791 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2025-03-08 22:56:00,792 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2025-03-08 22:56:00,793 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2025-03-08 22:56:00,793 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2025-03-08 22:56:00,796 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2025-03-08 22:56:00,797 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 08.03 10:56:00" (1/1) ... [2025-03-08 22:56:00,797 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@63dbc800 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:00, skipping insertion in model container [2025-03-08 22:56:00,797 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 08.03 10:56:00" (1/1) ... [2025-03-08 22:56:00,821 INFO L175 MainTranslator]: Built tables and reachable declarations [2025-03-08 22:56:01,002 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-08 22:56:01,033 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-08 22:56:01,034 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-08 22:56:01,036 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-08 22:56:01,051 INFO L197 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2025-03-08 22:56:01,059 INFO L175 MainTranslator]: Built tables and reachable declarations [2025-03-08 22:56:01,086 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-08 22:56:01,107 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-08 22:56:01,112 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-08 22:56:01,113 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-08 22:56:01,121 INFO L200 MainTranslator]: Completed pre-run [2025-03-08 22:56:01,171 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-08 22:56:01,206 INFO L204 MainTranslator]: Completed translation [2025-03-08 22:56:01,207 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01 WrapperNode [2025-03-08 22:56:01,208 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2025-03-08 22:56:01,209 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2025-03-08 22:56:01,209 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2025-03-08 22:56:01,209 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2025-03-08 22:56:01,213 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,235 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,266 INFO L138 Inliner]: procedures = 165, calls = 70, calls flagged for inlining = 21, calls inlined = 3, statements flattened = 27 [2025-03-08 22:56:01,267 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2025-03-08 22:56:01,267 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2025-03-08 22:56:01,267 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2025-03-08 22:56:01,267 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2025-03-08 22:56:01,274 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,274 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,277 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,291 INFO L175 MemorySlicer]: Split 3 memory accesses to 2 slices as follows [2, 1]. 67 percent of accesses are in the largest equivalence class. The 2 initializations are split as follows [2, 0]. The 1 writes are split as follows [0, 1]. [2025-03-08 22:56:01,294 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,294 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,300 INFO L184 PluginConnector]: Executing the observer ReplaceArrayAssignments from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,301 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,301 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,302 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,303 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2025-03-08 22:56:01,303 INFO L112 PluginConnector]: ------------------------IcfgBuilder---------------------------- [2025-03-08 22:56:01,303 INFO L270 PluginConnector]: Initializing IcfgBuilder... [2025-03-08 22:56:01,304 INFO L274 PluginConnector]: IcfgBuilder initialized [2025-03-08 22:56:01,308 INFO L184 PluginConnector]: Executing the observer IcfgBuilderObserver from plugin IcfgBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (1/1) ... [2025-03-08 22:56:01,313 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-08 22:56:01,323 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:01,333 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2025-03-08 22:56:01,338 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2025-03-08 22:56:01,351 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_malloc [2025-03-08 22:56:01,351 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_malloc [2025-03-08 22:56:01,351 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2025-03-08 22:56:01,351 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2025-03-08 22:56:01,351 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$#0 [2025-03-08 22:56:01,351 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$#1 [2025-03-08 22:56:01,351 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$#0 [2025-03-08 22:56:01,351 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$#1 [2025-03-08 22:56:01,352 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2025-03-08 22:56:01,352 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2025-03-08 22:56:01,434 INFO L256 CfgBuilder]: Building ICFG [2025-03-08 22:56:01,436 INFO L286 CfgBuilder]: Building CFG for each procedure with an implementation [2025-03-08 22:56:01,466 INFO L1307 $ProcedureCfgBuilder]: dead code at ProgramPoint L527: havoc #t~malloc12.base, #t~malloc12.offset; [2025-03-08 22:56:01,550 INFO L? ?]: Removed 13 outVars from TransFormulas that were not future-live. [2025-03-08 22:56:01,550 INFO L307 CfgBuilder]: Performing block encoding [2025-03-08 22:56:01,557 INFO L331 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2025-03-08 22:56:01,558 INFO L336 CfgBuilder]: Removed 0 assume(true) statements. [2025-03-08 22:56:01,558 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 08.03 10:56:01 BoogieIcfgContainer [2025-03-08 22:56:01,559 INFO L131 PluginConnector]: ------------------------ END IcfgBuilder---------------------------- [2025-03-08 22:56:01,560 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2025-03-08 22:56:01,561 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2025-03-08 22:56:01,564 INFO L274 PluginConnector]: TraceAbstraction initialized [2025-03-08 22:56:01,565 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 08.03 10:56:00" (1/3) ... [2025-03-08 22:56:01,565 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2540f95d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 08.03 10:56:01, skipping insertion in model container [2025-03-08 22:56:01,565 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 08.03 10:56:01" (2/3) ... [2025-03-08 22:56:01,565 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2540f95d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 08.03 10:56:01, skipping insertion in model container [2025-03-08 22:56:01,566 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 08.03 10:56:01" (3/3) ... [2025-03-08 22:56:01,566 INFO L128 eAbstractionObserver]: Analyzing ICFG memleaks_test18_3.i [2025-03-08 22:56:01,576 INFO L216 ceAbstractionStarter]: Automizer settings: Hoare:None NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2025-03-08 22:56:01,577 INFO L151 ceAbstractionStarter]: Applying trace abstraction to ICFG memleaks_test18_3.i that has 2 procedures, 21 locations, 1 initial locations, 1 loop locations, and 3 error locations. [2025-03-08 22:56:01,607 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2025-03-08 22:56:01,617 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=None, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@4850e777, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2025-03-08 22:56:01,617 INFO L334 AbstractCegarLoop]: Starting to check reachability of 3 error locations. [2025-03-08 22:56:01,623 INFO L276 IsEmpty]: Start isEmpty. Operand has 21 states, 14 states have (on average 1.4285714285714286) internal successors, (20), 17 states have internal predecessors, (20), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2025-03-08 22:56:01,627 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2025-03-08 22:56:01,627 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:01,628 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:01,628 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:01,631 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:01,632 INFO L85 PathProgramCache]: Analyzing trace with hash 2125870286, now seen corresponding path program 1 times [2025-03-08 22:56:01,639 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:01,640 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [867653019] [2025-03-08 22:56:01,640 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 22:56:01,640 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:01,640 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:01,642 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:01,644 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2025-03-08 22:56:01,709 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 11 statements into 1 equivalence classes. [2025-03-08 22:56:01,723 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 11 of 11 statements. [2025-03-08 22:56:01,723 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 22:56:01,723 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:01,725 INFO L256 TraceCheckSpWp]: Trace formula consists of 40 conjuncts, 4 conjuncts are in the unsatisfiable core [2025-03-08 22:56:01,728 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:01,792 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-08 22:56:01,793 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-08 22:56:01,794 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:01,794 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [867653019] [2025-03-08 22:56:01,794 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [867653019] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-08 22:56:01,794 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-08 22:56:01,795 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-03-08 22:56:01,796 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1036039191] [2025-03-08 22:56:01,796 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-08 22:56:01,798 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-08 22:56:01,799 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:01,813 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-08 22:56:01,814 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-08 22:56:01,815 INFO L87 Difference]: Start difference. First operand has 21 states, 14 states have (on average 1.4285714285714286) internal successors, (20), 17 states have internal predecessors, (20), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Second operand has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-08 22:56:01,871 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:56:01,872 INFO L93 Difference]: Finished difference Result 31 states and 40 transitions. [2025-03-08 22:56:01,873 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-08 22:56:01,874 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2025-03-08 22:56:01,874 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:56:01,878 INFO L225 Difference]: With dead ends: 31 [2025-03-08 22:56:01,878 INFO L226 Difference]: Without dead ends: 29 [2025-03-08 22:56:01,879 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-08 22:56:01,883 INFO L435 NwaCegarLoop]: 20 mSDtfsCounter, 6 mSDsluCounter, 51 mSDsCounter, 0 mSdLazyCounter, 28 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 71 SdHoareTripleChecker+Invalid, 28 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 28 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-08 22:56:01,884 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 71 Invalid, 28 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 28 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-08 22:56:01,910 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 29 states. [2025-03-08 22:56:01,923 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 29 to 23. [2025-03-08 22:56:01,924 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 23 states, 16 states have (on average 1.3125) internal successors, (21), 18 states have internal predecessors, (21), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2025-03-08 22:56:01,928 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 23 states to 23 states and 27 transitions. [2025-03-08 22:56:01,928 INFO L78 Accepts]: Start accepts. Automaton has 23 states and 27 transitions. Word has length 11 [2025-03-08 22:56:01,929 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:56:01,929 INFO L471 AbstractCegarLoop]: Abstraction has 23 states and 27 transitions. [2025-03-08 22:56:01,929 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-08 22:56:01,929 INFO L276 IsEmpty]: Start isEmpty. Operand 23 states and 27 transitions. [2025-03-08 22:56:01,929 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2025-03-08 22:56:01,930 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:01,930 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:01,937 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2025-03-08 22:56:02,135 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:02,135 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:02,136 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:02,136 INFO L85 PathProgramCache]: Analyzing trace with hash -1281593329, now seen corresponding path program 1 times [2025-03-08 22:56:02,136 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:02,136 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [1377096657] [2025-03-08 22:56:02,136 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 22:56:02,136 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:02,136 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:02,138 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:02,139 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2025-03-08 22:56:02,183 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 11 statements into 1 equivalence classes. [2025-03-08 22:56:02,189 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 11 of 11 statements. [2025-03-08 22:56:02,190 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 22:56:02,190 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:02,190 INFO L256 TraceCheckSpWp]: Trace formula consists of 34 conjuncts, 4 conjuncts are in the unsatisfiable core [2025-03-08 22:56:02,191 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:02,221 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-08 22:56:02,222 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-08 22:56:02,222 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:02,223 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1377096657] [2025-03-08 22:56:02,223 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1377096657] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-08 22:56:02,223 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-08 22:56:02,223 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2025-03-08 22:56:02,223 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1466385009] [2025-03-08 22:56:02,223 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-08 22:56:02,224 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-03-08 22:56:02,224 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:02,224 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-03-08 22:56:02,224 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-03-08 22:56:02,224 INFO L87 Difference]: Start difference. First operand 23 states and 27 transitions. Second operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-08 22:56:02,270 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:56:02,270 INFO L93 Difference]: Finished difference Result 32 states and 38 transitions. [2025-03-08 22:56:02,271 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-03-08 22:56:02,271 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2025-03-08 22:56:02,271 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:56:02,272 INFO L225 Difference]: With dead ends: 32 [2025-03-08 22:56:02,272 INFO L226 Difference]: Without dead ends: 30 [2025-03-08 22:56:02,272 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-03-08 22:56:02,272 INFO L435 NwaCegarLoop]: 32 mSDtfsCounter, 8 mSDsluCounter, 34 mSDsCounter, 0 mSdLazyCounter, 26 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 66 SdHoareTripleChecker+Invalid, 28 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 26 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-08 22:56:02,272 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 66 Invalid, 28 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 26 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-08 22:56:02,273 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 30 states. [2025-03-08 22:56:02,275 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 30 to 28. [2025-03-08 22:56:02,276 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 28 states, 20 states have (on average 1.3) internal successors, (26), 22 states have internal predecessors, (26), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (6), 4 states have call predecessors, (6), 3 states have call successors, (6) [2025-03-08 22:56:02,277 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 28 states to 28 states and 35 transitions. [2025-03-08 22:56:02,277 INFO L78 Accepts]: Start accepts. Automaton has 28 states and 35 transitions. Word has length 11 [2025-03-08 22:56:02,277 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:56:02,277 INFO L471 AbstractCegarLoop]: Abstraction has 28 states and 35 transitions. [2025-03-08 22:56:02,278 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-08 22:56:02,279 INFO L276 IsEmpty]: Start isEmpty. Operand 28 states and 35 transitions. [2025-03-08 22:56:02,279 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 13 [2025-03-08 22:56:02,279 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:02,279 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:02,286 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2025-03-08 22:56:02,479 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:02,480 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:02,480 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:02,480 INFO L85 PathProgramCache]: Analyzing trace with hash 1477507903, now seen corresponding path program 1 times [2025-03-08 22:56:02,480 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:02,480 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [592333542] [2025-03-08 22:56:02,480 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 22:56:02,481 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:02,481 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:02,486 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:02,486 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2025-03-08 22:56:02,520 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 12 statements into 1 equivalence classes. [2025-03-08 22:56:02,526 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 12 of 12 statements. [2025-03-08 22:56:02,526 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 22:56:02,526 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:02,526 INFO L256 TraceCheckSpWp]: Trace formula consists of 40 conjuncts, 3 conjuncts are in the unsatisfiable core [2025-03-08 22:56:02,527 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:02,555 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-08 22:56:02,555 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-08 22:56:02,555 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:02,555 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [592333542] [2025-03-08 22:56:02,555 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [592333542] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-08 22:56:02,555 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-08 22:56:02,555 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2025-03-08 22:56:02,555 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1814410461] [2025-03-08 22:56:02,555 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-08 22:56:02,555 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-03-08 22:56:02,555 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:02,556 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-03-08 22:56:02,556 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=6, Invalid=6, Unknown=0, NotChecked=0, Total=12 [2025-03-08 22:56:02,556 INFO L87 Difference]: Start difference. First operand 28 states and 35 transitions. Second operand has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-08 22:56:02,591 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:56:02,592 INFO L93 Difference]: Finished difference Result 39 states and 53 transitions. [2025-03-08 22:56:02,592 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-03-08 22:56:02,592 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 12 [2025-03-08 22:56:02,592 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:56:02,593 INFO L225 Difference]: With dead ends: 39 [2025-03-08 22:56:02,593 INFO L226 Difference]: Without dead ends: 39 [2025-03-08 22:56:02,593 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=6, Invalid=6, Unknown=0, NotChecked=0, Total=12 [2025-03-08 22:56:02,594 INFO L435 NwaCegarLoop]: 16 mSDtfsCounter, 12 mSDsluCounter, 18 mSDsCounter, 0 mSdLazyCounter, 16 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 14 SdHoareTripleChecker+Valid, 34 SdHoareTripleChecker+Invalid, 16 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 16 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-08 22:56:02,594 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [14 Valid, 34 Invalid, 16 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 16 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-08 22:56:02,594 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 39 states. [2025-03-08 22:56:02,597 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 39 to 29. [2025-03-08 22:56:02,597 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 29 states, 21 states have (on average 1.2857142857142858) internal successors, (27), 23 states have internal predecessors, (27), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (6), 4 states have call predecessors, (6), 3 states have call successors, (6) [2025-03-08 22:56:02,597 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 29 states to 29 states and 36 transitions. [2025-03-08 22:56:02,598 INFO L78 Accepts]: Start accepts. Automaton has 29 states and 36 transitions. Word has length 12 [2025-03-08 22:56:02,598 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:56:02,598 INFO L471 AbstractCegarLoop]: Abstraction has 29 states and 36 transitions. [2025-03-08 22:56:02,598 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-08 22:56:02,598 INFO L276 IsEmpty]: Start isEmpty. Operand 29 states and 36 transitions. [2025-03-08 22:56:02,598 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2025-03-08 22:56:02,598 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:02,598 INFO L218 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:02,604 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Ended with exit code 0 [2025-03-08 22:56:02,799 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:02,799 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:02,799 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:02,799 INFO L85 PathProgramCache]: Analyzing trace with hash 957740076, now seen corresponding path program 1 times [2025-03-08 22:56:02,800 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:02,800 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [1619323086] [2025-03-08 22:56:02,800 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 22:56:02,800 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:02,800 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:02,802 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:02,803 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2025-03-08 22:56:02,838 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 17 statements into 1 equivalence classes. [2025-03-08 22:56:02,846 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 17 of 17 statements. [2025-03-08 22:56:02,847 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 22:56:02,847 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:02,847 INFO L256 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 9 conjuncts are in the unsatisfiable core [2025-03-08 22:56:02,849 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:02,868 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:56:02,978 INFO L349 Elim1Store]: treesize reduction 24, result has 33.3 percent of original size [2025-03-08 22:56:02,979 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 21 treesize of output 20 [2025-03-08 22:56:02,987 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-08 22:56:02,987 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:07,996 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-08 22:56:07,996 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:07,996 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1619323086] [2025-03-08 22:56:07,996 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1619323086] provided 0 perfect and 2 imperfect interpolant sequences [2025-03-08 22:56:07,996 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-08 22:56:07,996 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 5] total 7 [2025-03-08 22:56:07,996 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1323922027] [2025-03-08 22:56:07,996 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-08 22:56:07,996 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2025-03-08 22:56:07,996 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:07,997 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2025-03-08 22:56:07,997 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2025-03-08 22:56:07,997 INFO L87 Difference]: Start difference. First operand 29 states and 36 transitions. Second operand has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2025-03-08 22:56:08,214 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:56:08,214 INFO L93 Difference]: Finished difference Result 35 states and 46 transitions. [2025-03-08 22:56:08,215 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2025-03-08 22:56:08,216 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2025-03-08 22:56:08,216 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:56:08,216 INFO L225 Difference]: With dead ends: 35 [2025-03-08 22:56:08,217 INFO L226 Difference]: Without dead ends: 35 [2025-03-08 22:56:08,217 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 24 SyntacticMatches, 2 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 4.9s TimeCoverageRelationStatistics Valid=20, Invalid=52, Unknown=0, NotChecked=0, Total=72 [2025-03-08 22:56:08,218 INFO L435 NwaCegarLoop]: 17 mSDtfsCounter, 5 mSDsluCounter, 43 mSDsCounter, 0 mSdLazyCounter, 88 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 5 SdHoareTripleChecker+Valid, 60 SdHoareTripleChecker+Invalid, 91 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 88 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2025-03-08 22:56:08,218 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [5 Valid, 60 Invalid, 91 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 88 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2025-03-08 22:56:08,219 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 35 states. [2025-03-08 22:56:08,224 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 35 to 35. [2025-03-08 22:56:08,224 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 35 states, 26 states have (on average 1.3076923076923077) internal successors, (34), 27 states have internal predecessors, (34), 4 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (8), 6 states have call predecessors, (8), 4 states have call successors, (8) [2025-03-08 22:56:08,225 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 35 states to 35 states and 46 transitions. [2025-03-08 22:56:08,225 INFO L78 Accepts]: Start accepts. Automaton has 35 states and 46 transitions. Word has length 17 [2025-03-08 22:56:08,225 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:56:08,225 INFO L471 AbstractCegarLoop]: Abstraction has 35 states and 46 transitions. [2025-03-08 22:56:08,225 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2025-03-08 22:56:08,225 INFO L276 IsEmpty]: Start isEmpty. Operand 35 states and 46 transitions. [2025-03-08 22:56:08,225 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2025-03-08 22:56:08,225 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:08,225 INFO L218 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:08,232 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Ended with exit code 0 [2025-03-08 22:56:08,426 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:08,426 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:08,426 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:08,427 INFO L85 PathProgramCache]: Analyzing trace with hash 957740077, now seen corresponding path program 1 times [2025-03-08 22:56:08,427 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:08,427 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [1312063795] [2025-03-08 22:56:08,427 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 22:56:08,427 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:08,427 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:08,429 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:08,430 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2025-03-08 22:56:08,471 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 17 statements into 1 equivalence classes. [2025-03-08 22:56:08,482 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 17 of 17 statements. [2025-03-08 22:56:08,482 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 22:56:08,482 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:08,483 INFO L256 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 20 conjuncts are in the unsatisfiable core [2025-03-08 22:56:08,486 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:08,514 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:56:08,523 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:56:08,701 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-08 22:56:08,740 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:08,741 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:08,753 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:08,754 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:08,784 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2025-03-08 22:56:08,784 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:09,040 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:09,041 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1312063795] [2025-03-08 22:56:09,041 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1312063795] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:56:09,041 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1357106977] [2025-03-08 22:56:09,041 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 22:56:09,041 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-08 22:56:09,041 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-08 22:56:09,044 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-08 22:56:09,045 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (7)] Waiting until timeout for monitored process [2025-03-08 22:56:09,088 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 17 statements into 1 equivalence classes. [2025-03-08 22:56:09,112 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 17 of 17 statements. [2025-03-08 22:56:09,113 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 22:56:09,113 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:09,114 INFO L256 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 20 conjuncts are in the unsatisfiable core [2025-03-08 22:56:09,116 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:09,125 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:56:09,129 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:56:09,213 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:09,214 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:09,224 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:09,224 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:09,235 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2025-03-08 22:56:09,235 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:13,372 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1357106977] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:56:13,372 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-08 22:56:13,372 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 9 [2025-03-08 22:56:13,372 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [524923821] [2025-03-08 22:56:13,372 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-08 22:56:13,372 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2025-03-08 22:56:13,373 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:13,373 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2025-03-08 22:56:13,373 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=25, Invalid=88, Unknown=1, NotChecked=18, Total=132 [2025-03-08 22:56:13,373 INFO L87 Difference]: Start difference. First operand 35 states and 46 transitions. Second operand has 10 states, 8 states have (on average 1.625) internal successors, (13), 9 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2025-03-08 22:56:13,639 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:56:13,639 INFO L93 Difference]: Finished difference Result 41 states and 54 transitions. [2025-03-08 22:56:13,641 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2025-03-08 22:56:13,641 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 8 states have (on average 1.625) internal successors, (13), 9 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2025-03-08 22:56:13,641 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:56:13,641 INFO L225 Difference]: With dead ends: 41 [2025-03-08 22:56:13,641 INFO L226 Difference]: Without dead ends: 41 [2025-03-08 22:56:13,641 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 43 GetRequests, 27 SyntacticMatches, 1 SemanticMatches, 15 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 12 ImplicationChecksByTransitivity, 4.4s TimeCoverageRelationStatistics Valid=49, Invalid=194, Unknown=1, NotChecked=28, Total=272 [2025-03-08 22:56:13,642 INFO L435 NwaCegarLoop]: 14 mSDtfsCounter, 19 mSDsluCounter, 45 mSDsCounter, 0 mSdLazyCounter, 119 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 23 SdHoareTripleChecker+Valid, 59 SdHoareTripleChecker+Invalid, 158 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 119 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 33 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-03-08 22:56:13,642 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [23 Valid, 59 Invalid, 158 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 119 Invalid, 0 Unknown, 33 Unchecked, 0.1s Time] [2025-03-08 22:56:13,642 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 41 states. [2025-03-08 22:56:13,644 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 41 to 38. [2025-03-08 22:56:13,646 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 38 states, 28 states have (on average 1.2857142857142858) internal successors, (36), 29 states have internal predecessors, (36), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (10), 7 states have call predecessors, (10), 5 states have call successors, (10) [2025-03-08 22:56:13,647 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 38 states to 38 states and 51 transitions. [2025-03-08 22:56:13,647 INFO L78 Accepts]: Start accepts. Automaton has 38 states and 51 transitions. Word has length 17 [2025-03-08 22:56:13,647 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:56:13,647 INFO L471 AbstractCegarLoop]: Abstraction has 38 states and 51 transitions. [2025-03-08 22:56:13,648 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 8 states have (on average 1.625) internal successors, (13), 9 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2025-03-08 22:56:13,648 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states and 51 transitions. [2025-03-08 22:56:13,649 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2025-03-08 22:56:13,649 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:13,649 INFO L218 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:13,655 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2025-03-08 22:56:13,855 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (7)] Ended with exit code 0 [2025-03-08 22:56:14,053 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt [2025-03-08 22:56:14,053 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:14,054 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:14,054 INFO L85 PathProgramCache]: Analyzing trace with hash 664337069, now seen corresponding path program 1 times [2025-03-08 22:56:14,054 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:14,054 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [2225685] [2025-03-08 22:56:14,054 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 22:56:14,054 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:14,054 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:14,056 INFO L229 MonitoredProcess]: Starting monitored process 8 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:14,057 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (8)] Waiting until timeout for monitored process [2025-03-08 22:56:14,085 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 17 statements into 1 equivalence classes. [2025-03-08 22:56:14,091 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 17 of 17 statements. [2025-03-08 22:56:14,091 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 22:56:14,091 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:14,091 INFO L256 TraceCheckSpWp]: Trace formula consists of 53 conjuncts, 7 conjuncts are in the unsatisfiable core [2025-03-08 22:56:14,092 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:14,127 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-08 22:56:14,127 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-08 22:56:14,127 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:14,127 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2225685] [2025-03-08 22:56:14,127 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2225685] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-08 22:56:14,127 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-08 22:56:14,127 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-03-08 22:56:14,127 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [57138825] [2025-03-08 22:56:14,128 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-08 22:56:14,128 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-08 22:56:14,128 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:14,128 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-08 22:56:14,128 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-08 22:56:14,128 INFO L87 Difference]: Start difference. First operand 38 states and 51 transitions. Second operand has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2025-03-08 22:56:14,152 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:56:14,152 INFO L93 Difference]: Finished difference Result 26 states and 30 transitions. [2025-03-08 22:56:14,153 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-08 22:56:14,153 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2025-03-08 22:56:14,153 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:56:14,153 INFO L225 Difference]: With dead ends: 26 [2025-03-08 22:56:14,153 INFO L226 Difference]: Without dead ends: 24 [2025-03-08 22:56:14,153 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-08 22:56:14,154 INFO L435 NwaCegarLoop]: 23 mSDtfsCounter, 0 mSDsluCounter, 56 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 79 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-08 22:56:14,154 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 79 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-08 22:56:14,154 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 24 states. [2025-03-08 22:56:14,156 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 24 to 24. [2025-03-08 22:56:14,156 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 24 states, 17 states have (on average 1.1764705882352942) internal successors, (20), 19 states have internal predecessors, (20), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2025-03-08 22:56:14,156 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 24 states to 24 states and 28 transitions. [2025-03-08 22:56:14,156 INFO L78 Accepts]: Start accepts. Automaton has 24 states and 28 transitions. Word has length 17 [2025-03-08 22:56:14,156 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:56:14,156 INFO L471 AbstractCegarLoop]: Abstraction has 24 states and 28 transitions. [2025-03-08 22:56:14,156 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2025-03-08 22:56:14,156 INFO L276 IsEmpty]: Start isEmpty. Operand 24 states and 28 transitions. [2025-03-08 22:56:14,156 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2025-03-08 22:56:14,156 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:14,157 INFO L218 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:14,163 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (8)] Ended with exit code 0 [2025-03-08 22:56:14,357 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:14,357 INFO L396 AbstractCegarLoop]: === Iteration 7 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:14,358 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:14,358 INFO L85 PathProgramCache]: Analyzing trace with hash 392051441, now seen corresponding path program 1 times [2025-03-08 22:56:14,358 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:14,358 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [1046892608] [2025-03-08 22:56:14,358 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 22:56:14,358 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:14,358 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:14,360 INFO L229 MonitoredProcess]: Starting monitored process 9 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:14,361 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (9)] Waiting until timeout for monitored process [2025-03-08 22:56:14,393 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 21 statements into 1 equivalence classes. [2025-03-08 22:56:14,405 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 21 of 21 statements. [2025-03-08 22:56:14,405 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 22:56:14,405 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:14,406 INFO L256 TraceCheckSpWp]: Trace formula consists of 75 conjuncts, 4 conjuncts are in the unsatisfiable core [2025-03-08 22:56:14,407 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:14,465 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2025-03-08 22:56:14,465 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:14,516 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2025-03-08 22:56:14,516 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:14,516 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1046892608] [2025-03-08 22:56:14,516 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1046892608] provided 0 perfect and 2 imperfect interpolant sequences [2025-03-08 22:56:14,516 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-08 22:56:14,516 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [5, 5] total 8 [2025-03-08 22:56:14,516 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [590274330] [2025-03-08 22:56:14,516 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-08 22:56:14,516 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2025-03-08 22:56:14,517 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:14,517 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2025-03-08 22:56:14,517 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2025-03-08 22:56:14,517 INFO L87 Difference]: Start difference. First operand 24 states and 28 transitions. Second operand has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2025-03-08 22:56:14,600 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:56:14,600 INFO L93 Difference]: Finished difference Result 36 states and 46 transitions. [2025-03-08 22:56:14,600 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2025-03-08 22:56:14,600 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) Word has length 21 [2025-03-08 22:56:14,601 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:56:14,601 INFO L225 Difference]: With dead ends: 36 [2025-03-08 22:56:14,601 INFO L226 Difference]: Without dead ends: 36 [2025-03-08 22:56:14,601 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 34 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=38, Invalid=52, Unknown=0, NotChecked=0, Total=90 [2025-03-08 22:56:14,601 INFO L435 NwaCegarLoop]: 18 mSDtfsCounter, 38 mSDsluCounter, 31 mSDsCounter, 0 mSdLazyCounter, 35 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 39 SdHoareTripleChecker+Valid, 49 SdHoareTripleChecker+Invalid, 44 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 35 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-03-08 22:56:14,602 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [39 Valid, 49 Invalid, 44 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 35 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2025-03-08 22:56:14,602 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 36 states. [2025-03-08 22:56:14,604 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 36 to 36. [2025-03-08 22:56:14,604 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1851851851851851) internal successors, (32), 29 states have internal predecessors, (32), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2025-03-08 22:56:14,604 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 46 transitions. [2025-03-08 22:56:14,604 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 46 transitions. Word has length 21 [2025-03-08 22:56:14,604 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:56:14,604 INFO L471 AbstractCegarLoop]: Abstraction has 36 states and 46 transitions. [2025-03-08 22:56:14,604 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2025-03-08 22:56:14,604 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 46 transitions. [2025-03-08 22:56:14,605 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2025-03-08 22:56:14,605 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:14,605 INFO L218 NwaCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:14,611 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (9)] Ended with exit code 0 [2025-03-08 22:56:14,809 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:14,809 INFO L396 AbstractCegarLoop]: === Iteration 8 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:14,809 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:14,809 INFO L85 PathProgramCache]: Analyzing trace with hash -1292454981, now seen corresponding path program 1 times [2025-03-08 22:56:14,809 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:14,810 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [385525464] [2025-03-08 22:56:14,810 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 22:56:14,810 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:14,810 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:14,811 INFO L229 MonitoredProcess]: Starting monitored process 10 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:14,812 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (10)] Waiting until timeout for monitored process [2025-03-08 22:56:14,845 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 26 statements into 1 equivalence classes. [2025-03-08 22:56:14,859 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 26 of 26 statements. [2025-03-08 22:56:14,859 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 22:56:14,859 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:14,861 INFO L256 TraceCheckSpWp]: Trace formula consists of 94 conjuncts, 29 conjuncts are in the unsatisfiable core [2025-03-08 22:56:14,863 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:14,882 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:56:14,887 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:56:15,023 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-08 22:56:15,040 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:15,041 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:15,051 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:15,051 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:15,147 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:15,148 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:15,158 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:15,159 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:15,183 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 2 proven. 6 refuted. 0 times theorem prover too weak. 4 trivial. 4 not checked. [2025-03-08 22:56:15,183 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:15,365 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:15,365 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [385525464] [2025-03-08 22:56:15,365 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [385525464] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:56:15,365 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [42142097] [2025-03-08 22:56:15,365 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-08 22:56:15,365 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-08 22:56:15,365 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-08 22:56:15,367 INFO L229 MonitoredProcess]: Starting monitored process 11 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-08 22:56:15,367 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (11)] Waiting until timeout for monitored process [2025-03-08 22:56:15,413 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 26 statements into 1 equivalence classes. [2025-03-08 22:56:15,456 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 26 of 26 statements. [2025-03-08 22:56:15,456 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-08 22:56:15,456 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:15,463 INFO L256 TraceCheckSpWp]: Trace formula consists of 94 conjuncts, 28 conjuncts are in the unsatisfiable core [2025-03-08 22:56:15,464 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:15,477 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:56:15,481 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:56:15,552 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:15,552 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:15,561 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:15,562 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:15,655 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:15,656 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:15,670 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:15,670 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:15,686 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 2 proven. 6 refuted. 0 times theorem prover too weak. 4 trivial. 4 not checked. [2025-03-08 22:56:15,686 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:19,837 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [42142097] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:56:19,837 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-08 22:56:19,838 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 11] total 11 [2025-03-08 22:56:19,838 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1218227772] [2025-03-08 22:56:19,838 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-08 22:56:19,838 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2025-03-08 22:56:19,838 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:19,838 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2025-03-08 22:56:19,838 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=126, Unknown=1, NotChecked=22, Total=182 [2025-03-08 22:56:19,838 INFO L87 Difference]: Start difference. First operand 36 states and 46 transitions. Second operand has 12 states, 10 states have (on average 1.7) internal successors, (17), 11 states have internal predecessors, (17), 3 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) [2025-03-08 22:56:20,148 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:56:20,148 INFO L93 Difference]: Finished difference Result 40 states and 49 transitions. [2025-03-08 22:56:20,149 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2025-03-08 22:56:20,149 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 10 states have (on average 1.7) internal successors, (17), 11 states have internal predecessors, (17), 3 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) Word has length 26 [2025-03-08 22:56:20,149 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:56:20,149 INFO L225 Difference]: With dead ends: 40 [2025-03-08 22:56:20,149 INFO L226 Difference]: Without dead ends: 40 [2025-03-08 22:56:20,149 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 63 GetRequests, 43 SyntacticMatches, 1 SemanticMatches, 19 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 4.4s TimeCoverageRelationStatistics Valid=70, Invalid=313, Unknown=1, NotChecked=36, Total=420 [2025-03-08 22:56:20,150 INFO L435 NwaCegarLoop]: 16 mSDtfsCounter, 21 mSDsluCounter, 65 mSDsCounter, 0 mSdLazyCounter, 162 mSolverCounterSat, 10 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 81 SdHoareTripleChecker+Invalid, 210 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 10 IncrementalHoareTripleChecker+Valid, 162 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 38 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2025-03-08 22:56:20,150 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [24 Valid, 81 Invalid, 210 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [10 Valid, 162 Invalid, 0 Unknown, 38 Unchecked, 0.2s Time] [2025-03-08 22:56:20,150 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 40 states. [2025-03-08 22:56:20,152 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 40 to 36. [2025-03-08 22:56:20,152 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1481481481481481) internal successors, (31), 29 states have internal predecessors, (31), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2025-03-08 22:56:20,153 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 45 transitions. [2025-03-08 22:56:20,153 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 45 transitions. Word has length 26 [2025-03-08 22:56:20,153 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:56:20,153 INFO L471 AbstractCegarLoop]: Abstraction has 36 states and 45 transitions. [2025-03-08 22:56:20,153 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 10 states have (on average 1.7) internal successors, (17), 11 states have internal predecessors, (17), 3 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) [2025-03-08 22:56:20,153 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 45 transitions. [2025-03-08 22:56:20,154 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2025-03-08 22:56:20,154 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:20,154 INFO L218 NwaCegarLoop]: trace histogram [4, 4, 4, 3, 3, 3, 3, 2, 2, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:20,157 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (11)] Ended with exit code 0 [2025-03-08 22:56:20,361 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (10)] Ended with exit code 0 [2025-03-08 22:56:20,554 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 11 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt,10 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:20,555 INFO L396 AbstractCegarLoop]: === Iteration 9 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:20,555 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:20,555 INFO L85 PathProgramCache]: Analyzing trace with hash -1590062099, now seen corresponding path program 2 times [2025-03-08 22:56:20,555 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:20,555 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [1868562660] [2025-03-08 22:56:20,556 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2025-03-08 22:56:20,556 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:20,556 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:20,557 INFO L229 MonitoredProcess]: Starting monitored process 12 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:20,558 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (12)] Waiting until timeout for monitored process [2025-03-08 22:56:20,597 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 partitioned 35 statements into 2 equivalence classes. [2025-03-08 22:56:20,618 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) and asserted 35 of 35 statements. [2025-03-08 22:56:20,619 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2025-03-08 22:56:20,619 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:20,620 INFO L256 TraceCheckSpWp]: Trace formula consists of 129 conjuncts, 36 conjuncts are in the unsatisfiable core [2025-03-08 22:56:20,622 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:20,645 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:56:20,648 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:56:20,769 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-08 22:56:20,788 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:20,789 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:20,800 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:20,801 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:20,922 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:20,924 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:20,935 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:20,935 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:21,045 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:21,046 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:21,057 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:21,058 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:21,083 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 3 proven. 16 refuted. 0 times theorem prover too weak. 12 trivial. 6 not checked. [2025-03-08 22:56:21,083 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:21,258 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:21,258 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1868562660] [2025-03-08 22:56:21,258 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1868562660] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:56:21,258 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [139259433] [2025-03-08 22:56:21,258 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2025-03-08 22:56:21,258 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-08 22:56:21,258 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-08 22:56:21,260 INFO L229 MonitoredProcess]: Starting monitored process 13 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-08 22:56:21,261 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (13)] Waiting until timeout for monitored process [2025-03-08 22:56:21,304 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 partitioned 35 statements into 2 equivalence classes. [2025-03-08 22:56:21,358 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) and asserted 35 of 35 statements. [2025-03-08 22:56:21,358 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2025-03-08 22:56:21,358 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:21,360 INFO L256 TraceCheckSpWp]: Trace formula consists of 129 conjuncts, 36 conjuncts are in the unsatisfiable core [2025-03-08 22:56:21,362 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:21,372 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:56:21,377 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:56:21,470 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:21,471 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:21,482 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:21,482 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:21,554 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:21,554 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:21,567 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:21,567 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:21,639 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:21,640 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:21,648 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:21,648 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:21,654 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 3 proven. 16 refuted. 0 times theorem prover too weak. 12 trivial. 6 not checked. [2025-03-08 22:56:21,654 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:21,781 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [139259433] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:56:21,782 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-08 22:56:21,782 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 13] total 13 [2025-03-08 22:56:21,782 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1873809895] [2025-03-08 22:56:21,782 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-08 22:56:21,782 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2025-03-08 22:56:21,782 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:21,782 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2025-03-08 22:56:21,782 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=41, Invalid=172, Unknown=1, NotChecked=26, Total=240 [2025-03-08 22:56:21,783 INFO L87 Difference]: Start difference. First operand 36 states and 45 transitions. Second operand has 14 states, 12 states have (on average 1.75) internal successors, (21), 13 states have internal predecessors, (21), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2025-03-08 22:56:22,220 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:56:22,220 INFO L93 Difference]: Finished difference Result 42 states and 50 transitions. [2025-03-08 22:56:22,220 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2025-03-08 22:56:22,221 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 12 states have (on average 1.75) internal successors, (21), 13 states have internal predecessors, (21), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) Word has length 35 [2025-03-08 22:56:22,221 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:56:22,221 INFO L225 Difference]: With dead ends: 42 [2025-03-08 22:56:22,221 INFO L226 Difference]: Without dead ends: 42 [2025-03-08 22:56:22,221 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 83 GetRequests, 59 SyntacticMatches, 1 SemanticMatches, 23 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 44 ImplicationChecksByTransitivity, 0.5s TimeCoverageRelationStatistics Valid=91, Invalid=464, Unknown=1, NotChecked=44, Total=600 [2025-03-08 22:56:22,222 INFO L435 NwaCegarLoop]: 19 mSDtfsCounter, 26 mSDsluCounter, 100 mSDsCounter, 0 mSdLazyCounter, 266 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 29 SdHoareTripleChecker+Valid, 119 SdHoareTripleChecker+Invalid, 326 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 266 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 47 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2025-03-08 22:56:22,222 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [29 Valid, 119 Invalid, 326 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 266 Invalid, 0 Unknown, 47 Unchecked, 0.3s Time] [2025-03-08 22:56:22,222 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 42 states. [2025-03-08 22:56:22,224 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 42 to 36. [2025-03-08 22:56:22,224 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1111111111111112) internal successors, (30), 29 states have internal predecessors, (30), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2025-03-08 22:56:22,225 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 44 transitions. [2025-03-08 22:56:22,225 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 44 transitions. Word has length 35 [2025-03-08 22:56:22,225 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:56:22,225 INFO L471 AbstractCegarLoop]: Abstraction has 36 states and 44 transitions. [2025-03-08 22:56:22,225 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 12 states have (on average 1.75) internal successors, (21), 13 states have internal predecessors, (21), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2025-03-08 22:56:22,225 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 44 transitions. [2025-03-08 22:56:22,225 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2025-03-08 22:56:22,225 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:22,226 INFO L218 NwaCegarLoop]: trace histogram [5, 5, 5, 4, 4, 4, 4, 3, 3, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:22,232 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (12)] Ended with exit code 0 [2025-03-08 22:56:22,429 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (13)] Ended with exit code 0 [2025-03-08 22:56:22,626 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 12 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,13 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt [2025-03-08 22:56:22,626 INFO L396 AbstractCegarLoop]: === Iteration 10 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:22,627 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:22,627 INFO L85 PathProgramCache]: Analyzing trace with hash -1769288709, now seen corresponding path program 3 times [2025-03-08 22:56:22,627 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:22,627 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [2036147425] [2025-03-08 22:56:22,627 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2025-03-08 22:56:22,627 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:22,627 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:22,629 INFO L229 MonitoredProcess]: Starting monitored process 14 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:22,629 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (14)] Waiting until timeout for monitored process [2025-03-08 22:56:22,673 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 partitioned 44 statements into 5 equivalence classes. [2025-03-08 22:56:22,770 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) and asserted 44 of 44 statements. [2025-03-08 22:56:22,771 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) [2025-03-08 22:56:22,771 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:22,773 INFO L256 TraceCheckSpWp]: Trace formula consists of 164 conjuncts, 45 conjuncts are in the unsatisfiable core [2025-03-08 22:56:22,775 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:22,791 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:56:22,795 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:56:22,892 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-08 22:56:22,908 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:22,909 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:22,918 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:22,918 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:23,004 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:23,005 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:23,018 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:23,018 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:23,107 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:23,108 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:23,115 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:23,116 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:23,237 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:23,237 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:23,247 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:23,247 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:23,272 INFO L134 CoverageAnalysis]: Checked inductivity of 67 backedges. 4 proven. 31 refuted. 0 times theorem prover too weak. 24 trivial. 8 not checked. [2025-03-08 22:56:23,272 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:27,451 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:27,452 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2036147425] [2025-03-08 22:56:27,452 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2036147425] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:56:27,452 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1558616582] [2025-03-08 22:56:27,452 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2025-03-08 22:56:27,452 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-08 22:56:27,452 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-08 22:56:27,454 INFO L229 MonitoredProcess]: Starting monitored process 15 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-08 22:56:27,455 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (15)] Waiting until timeout for monitored process [2025-03-08 22:56:27,509 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 partitioned 44 statements into 5 equivalence classes. [2025-03-08 22:56:27,613 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) and asserted 44 of 44 statements. [2025-03-08 22:56:27,613 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) [2025-03-08 22:56:27,613 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:27,616 INFO L256 TraceCheckSpWp]: Trace formula consists of 164 conjuncts, 54 conjuncts are in the unsatisfiable core [2025-03-08 22:56:27,618 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:27,631 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:56:27,635 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:56:27,736 INFO L349 Elim1Store]: treesize reduction 13, result has 40.9 percent of original size [2025-03-08 22:56:27,736 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 14 treesize of output 13 [2025-03-08 22:56:27,748 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:27,748 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:27,880 INFO L349 Elim1Store]: treesize reduction 13, result has 40.9 percent of original size [2025-03-08 22:56:27,880 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 14 treesize of output 13 [2025-03-08 22:56:27,894 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:27,894 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:28,012 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:28,012 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:28,020 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:28,159 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:28,160 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:28,171 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:28,171 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:28,184 INFO L134 CoverageAnalysis]: Checked inductivity of 67 backedges. 4 proven. 37 refuted. 0 times theorem prover too weak. 18 trivial. 8 not checked. [2025-03-08 22:56:28,184 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:28,382 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1558616582] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:56:28,382 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-08 22:56:28,382 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [15, 19] total 22 [2025-03-08 22:56:28,382 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1463317296] [2025-03-08 22:56:28,382 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-08 22:56:28,383 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 23 states [2025-03-08 22:56:28,383 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:28,383 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 23 interpolants. [2025-03-08 22:56:28,383 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=75, Invalid=479, Unknown=2, NotChecked=44, Total=600 [2025-03-08 22:56:28,384 INFO L87 Difference]: Start difference. First operand 36 states and 44 transitions. Second operand has 23 states, 21 states have (on average 1.5714285714285714) internal successors, (33), 19 states have internal predecessors, (33), 5 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (8), 8 states have call predecessors, (8), 5 states have call successors, (8) [2025-03-08 22:56:29,418 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:56:29,419 INFO L93 Difference]: Finished difference Result 48 states and 58 transitions. [2025-03-08 22:56:29,419 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2025-03-08 22:56:29,419 INFO L78 Accepts]: Start accepts. Automaton has has 23 states, 21 states have (on average 1.5714285714285714) internal successors, (33), 19 states have internal predecessors, (33), 5 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (8), 8 states have call predecessors, (8), 5 states have call successors, (8) Word has length 44 [2025-03-08 22:56:29,420 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:56:29,420 INFO L225 Difference]: With dead ends: 48 [2025-03-08 22:56:29,420 INFO L226 Difference]: Without dead ends: 48 [2025-03-08 22:56:29,421 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 106 GetRequests, 68 SyntacticMatches, 1 SemanticMatches, 37 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 237 ImplicationChecksByTransitivity, 4.9s TimeCoverageRelationStatistics Valid=157, Invalid=1251, Unknown=2, NotChecked=72, Total=1482 [2025-03-08 22:56:29,421 INFO L435 NwaCegarLoop]: 19 mSDtfsCounter, 37 mSDsluCounter, 146 mSDsCounter, 0 mSdLazyCounter, 661 mSolverCounterSat, 16 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 40 SdHoareTripleChecker+Valid, 165 SdHoareTripleChecker+Invalid, 733 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 16 IncrementalHoareTripleChecker+Valid, 661 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 56 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2025-03-08 22:56:29,421 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [40 Valid, 165 Invalid, 733 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [16 Valid, 661 Invalid, 0 Unknown, 56 Unchecked, 0.7s Time] [2025-03-08 22:56:29,421 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 48 states. [2025-03-08 22:56:29,423 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 48 to 39. [2025-03-08 22:56:29,424 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 39 states, 29 states have (on average 1.103448275862069) internal successors, (32), 31 states have internal predecessors, (32), 6 states have call successors, (6), 1 states have call predecessors, (6), 2 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) [2025-03-08 22:56:29,424 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 39 states to 39 states and 49 transitions. [2025-03-08 22:56:29,424 INFO L78 Accepts]: Start accepts. Automaton has 39 states and 49 transitions. Word has length 44 [2025-03-08 22:56:29,424 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:56:29,425 INFO L471 AbstractCegarLoop]: Abstraction has 39 states and 49 transitions. [2025-03-08 22:56:29,425 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 23 states, 21 states have (on average 1.5714285714285714) internal successors, (33), 19 states have internal predecessors, (33), 5 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (8), 8 states have call predecessors, (8), 5 states have call successors, (8) [2025-03-08 22:56:29,425 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 49 transitions. [2025-03-08 22:56:29,425 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2025-03-08 22:56:29,425 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:29,426 INFO L218 NwaCegarLoop]: trace histogram [5, 5, 5, 4, 4, 4, 4, 4, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:29,433 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (14)] Forceful destruction successful, exit code 0 [2025-03-08 22:56:29,630 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (15)] Ended with exit code 0 [2025-03-08 22:56:29,826 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 14 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,15 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt [2025-03-08 22:56:29,826 INFO L396 AbstractCegarLoop]: === Iteration 11 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:29,827 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:29,827 INFO L85 PathProgramCache]: Analyzing trace with hash 2078702527, now seen corresponding path program 2 times [2025-03-08 22:56:29,827 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:29,827 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [743149930] [2025-03-08 22:56:29,827 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2025-03-08 22:56:29,827 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:29,827 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:29,830 INFO L229 MonitoredProcess]: Starting monitored process 16 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:29,831 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (16)] Waiting until timeout for monitored process [2025-03-08 22:56:29,875 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 partitioned 48 statements into 2 equivalence classes. [2025-03-08 22:56:29,897 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) and asserted 48 of 48 statements. [2025-03-08 22:56:29,898 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2025-03-08 22:56:29,898 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:29,900 INFO L256 TraceCheckSpWp]: Trace formula consists of 180 conjuncts, 7 conjuncts are in the unsatisfiable core [2025-03-08 22:56:29,901 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:30,011 INFO L134 CoverageAnalysis]: Checked inductivity of 74 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2025-03-08 22:56:30,011 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:30,174 INFO L134 CoverageAnalysis]: Checked inductivity of 74 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2025-03-08 22:56:30,175 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:30,175 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [743149930] [2025-03-08 22:56:30,175 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [743149930] provided 0 perfect and 2 imperfect interpolant sequences [2025-03-08 22:56:30,175 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-08 22:56:30,175 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 8] total 14 [2025-03-08 22:56:30,175 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1872423150] [2025-03-08 22:56:30,175 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-08 22:56:30,175 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2025-03-08 22:56:30,175 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:30,175 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2025-03-08 22:56:30,175 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=61, Invalid=121, Unknown=0, NotChecked=0, Total=182 [2025-03-08 22:56:30,176 INFO L87 Difference]: Start difference. First operand 39 states and 49 transitions. Second operand has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) [2025-03-08 22:56:30,463 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:56:30,463 INFO L93 Difference]: Finished difference Result 66 states and 91 transitions. [2025-03-08 22:56:30,464 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2025-03-08 22:56:30,464 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) Word has length 48 [2025-03-08 22:56:30,464 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:56:30,465 INFO L225 Difference]: With dead ends: 66 [2025-03-08 22:56:30,465 INFO L226 Difference]: Without dead ends: 66 [2025-03-08 22:56:30,465 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 99 GetRequests, 82 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 45 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=131, Invalid=211, Unknown=0, NotChecked=0, Total=342 [2025-03-08 22:56:30,465 INFO L435 NwaCegarLoop]: 27 mSDtfsCounter, 77 mSDsluCounter, 100 mSDsCounter, 0 mSdLazyCounter, 149 mSolverCounterSat, 18 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 78 SdHoareTripleChecker+Valid, 127 SdHoareTripleChecker+Invalid, 167 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 18 IncrementalHoareTripleChecker+Valid, 149 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2025-03-08 22:56:30,466 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [78 Valid, 127 Invalid, 167 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [18 Valid, 149 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2025-03-08 22:56:30,466 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 66 states. [2025-03-08 22:56:30,470 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 66 to 66. [2025-03-08 22:56:30,470 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1568627450980393) internal successors, (59), 53 states have internal predecessors, (59), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2025-03-08 22:56:30,470 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 91 transitions. [2025-03-08 22:56:30,471 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 91 transitions. Word has length 48 [2025-03-08 22:56:30,471 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:56:30,471 INFO L471 AbstractCegarLoop]: Abstraction has 66 states and 91 transitions. [2025-03-08 22:56:30,471 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) [2025-03-08 22:56:30,471 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 91 transitions. [2025-03-08 22:56:30,471 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2025-03-08 22:56:30,471 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:56:30,471 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 6, 5, 5, 5, 5, 4, 4, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:56:30,478 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (16)] Ended with exit code 0 [2025-03-08 22:56:30,672 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 16 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:30,672 INFO L396 AbstractCegarLoop]: === Iteration 12 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:56:30,672 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:56:30,672 INFO L85 PathProgramCache]: Analyzing trace with hash 2031928237, now seen corresponding path program 4 times [2025-03-08 22:56:30,673 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:56:30,673 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [108630432] [2025-03-08 22:56:30,673 INFO L95 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2025-03-08 22:56:30,673 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:56:30,673 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:56:30,674 INFO L229 MonitoredProcess]: Starting monitored process 17 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:56:30,675 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (17)] Waiting until timeout for monitored process [2025-03-08 22:56:30,728 INFO L108 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST partitioned 53 statements into 2 equivalence classes. [2025-03-08 22:56:30,761 INFO L111 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 1 check-sat command(s) and asserted 53 of 53 statements. [2025-03-08 22:56:30,762 INFO L114 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 1 check-sat command(s) [2025-03-08 22:56:30,762 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:30,772 INFO L256 TraceCheckSpWp]: Trace formula consists of 199 conjuncts, 56 conjuncts are in the unsatisfiable core [2025-03-08 22:56:30,776 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:30,799 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:56:30,803 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:56:30,896 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-08 22:56:30,910 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:30,911 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:30,920 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:30,920 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:30,994 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:30,994 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:31,003 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:31,003 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:31,111 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:31,112 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:31,128 INFO L349 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2025-03-08 22:56:31,128 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2025-03-08 22:56:35,448 INFO L349 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2025-03-08 22:56:35,448 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2025-03-08 22:56:35,458 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:35,916 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:35,917 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:35,969 INFO L349 Elim1Store]: treesize reduction 18, result has 41.9 percent of original size [2025-03-08 22:56:35,969 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 4 select indices, 4 select index equivalence classes, 3 disjoint index pairs (out of 6 index pairs), introduced 4 new quantified variables, introduced 3 case distinctions, treesize of input 27 treesize of output 31 [2025-03-08 22:56:36,030 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 5 proven. 55 refuted. 0 times theorem prover too weak. 28 trivial. 18 not checked. [2025-03-08 22:56:36,031 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:44,363 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:56:44,363 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [108630432] [2025-03-08 22:56:44,363 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [108630432] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:56:44,363 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1969801295] [2025-03-08 22:56:44,363 INFO L95 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2025-03-08 22:56:44,363 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-08 22:56:44,364 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-08 22:56:44,365 INFO L229 MonitoredProcess]: Starting monitored process 18 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-08 22:56:44,366 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (18)] Waiting until timeout for monitored process [2025-03-08 22:56:44,423 INFO L108 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST partitioned 53 statements into 2 equivalence classes. [2025-03-08 22:56:44,516 INFO L111 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 1 check-sat command(s) and asserted 53 of 53 statements. [2025-03-08 22:56:44,516 INFO L114 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 1 check-sat command(s) [2025-03-08 22:56:44,516 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:56:44,519 INFO L256 TraceCheckSpWp]: Trace formula consists of 199 conjuncts, 52 conjuncts are in the unsatisfiable core [2025-03-08 22:56:44,521 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:56:44,538 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:56:44,545 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:56:44,649 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:44,650 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:44,666 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:44,666 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:44,780 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:44,781 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:44,801 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:44,802 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:44,921 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:44,922 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:44,945 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:44,945 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:45,140 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:45,140 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:45,156 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:45,156 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:45,372 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:56:45,372 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:56:45,387 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:56:45,387 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:56:45,405 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 5 proven. 51 refuted. 0 times theorem prover too weak. 40 trivial. 10 not checked. [2025-03-08 22:56:45,405 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:56:45,695 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1969801295] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:56:45,695 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-08 22:56:45,695 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [18, 17] total 22 [2025-03-08 22:56:45,695 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1584403938] [2025-03-08 22:56:45,695 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-08 22:56:45,696 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 23 states [2025-03-08 22:56:45,696 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:56:45,696 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 23 interpolants. [2025-03-08 22:56:45,696 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=84, Invalid=468, Unknown=4, NotChecked=44, Total=600 [2025-03-08 22:56:45,696 INFO L87 Difference]: Start difference. First operand 66 states and 91 transitions. Second operand has 23 states, 21 states have (on average 1.8571428571428572) internal successors, (39), 22 states have internal predecessors, (39), 8 states have call successors, (8), 2 states have call predecessors, (8), 3 states have return successors, (9), 8 states have call predecessors, (9), 8 states have call successors, (9) [2025-03-08 22:56:47,929 WARN L539 Checker$ProtectedHtc]: IncrementalHoareTripleChecker took 1.40s for a HTC check with result INVALID. Formula has sorts [Array, Bool, BitVec], hasArrays=true, hasNonlinArith=false, quantifiers [0] [2025-03-08 22:56:52,187 WARN L539 Checker$ProtectedHtc]: IncrementalHoareTripleChecker took 4.00s for a HTC check with result UNKNOWN. Formula has sorts [Array, Bool, BitVec], hasArrays=true, hasNonlinArith=false, quantifiers [0] [2025-03-08 22:56:59,614 WARN L539 Checker$ProtectedHtc]: IncrementalHoareTripleChecker took 4.00s for a HTC check with result UNKNOWN. Formula has sorts [Array, Bool, BitVec], hasArrays=true, hasNonlinArith=false, quantifiers [0] [2025-03-08 22:57:00,456 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:57:00,456 INFO L93 Difference]: Finished difference Result 82 states and 110 transitions. [2025-03-08 22:57:00,457 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2025-03-08 22:57:00,457 INFO L78 Accepts]: Start accepts. Automaton has has 23 states, 21 states have (on average 1.8571428571428572) internal successors, (39), 22 states have internal predecessors, (39), 8 states have call successors, (8), 2 states have call predecessors, (8), 3 states have return successors, (9), 8 states have call predecessors, (9), 8 states have call successors, (9) Word has length 53 [2025-03-08 22:57:00,457 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:57:00,458 INFO L225 Difference]: With dead ends: 82 [2025-03-08 22:57:00,458 INFO L226 Difference]: Without dead ends: 82 [2025-03-08 22:57:00,458 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 122 GetRequests, 86 SyntacticMatches, 1 SemanticMatches, 35 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 182 ImplicationChecksByTransitivity, 14.8s TimeCoverageRelationStatistics Valid=169, Invalid=1091, Unknown=4, NotChecked=68, Total=1332 [2025-03-08 22:57:00,459 INFO L435 NwaCegarLoop]: 20 mSDtfsCounter, 56 mSDsluCounter, 155 mSDsCounter, 0 mSdLazyCounter, 582 mSolverCounterSat, 31 mSolverCounterUnsat, 2 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 12.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 59 SdHoareTripleChecker+Valid, 175 SdHoareTripleChecker+Invalid, 690 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 31 IncrementalHoareTripleChecker+Valid, 582 IncrementalHoareTripleChecker+Invalid, 2 IncrementalHoareTripleChecker+Unknown, 75 IncrementalHoareTripleChecker+Unchecked, 13.0s IncrementalHoareTripleChecker+Time [2025-03-08 22:57:00,459 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [59 Valid, 175 Invalid, 690 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [31 Valid, 582 Invalid, 2 Unknown, 75 Unchecked, 13.0s Time] [2025-03-08 22:57:00,459 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 82 states. [2025-03-08 22:57:00,462 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 82 to 66. [2025-03-08 22:57:00,462 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1372549019607843) internal successors, (58), 53 states have internal predecessors, (58), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2025-03-08 22:57:00,463 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 90 transitions. [2025-03-08 22:57:00,463 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 90 transitions. Word has length 53 [2025-03-08 22:57:00,463 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:57:00,463 INFO L471 AbstractCegarLoop]: Abstraction has 66 states and 90 transitions. [2025-03-08 22:57:00,463 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 23 states, 21 states have (on average 1.8571428571428572) internal successors, (39), 22 states have internal predecessors, (39), 8 states have call successors, (8), 2 states have call predecessors, (8), 3 states have return successors, (9), 8 states have call predecessors, (9), 8 states have call successors, (9) [2025-03-08 22:57:00,463 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 90 transitions. [2025-03-08 22:57:00,464 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2025-03-08 22:57:00,465 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:57:00,465 INFO L218 NwaCegarLoop]: trace histogram [7, 7, 7, 6, 6, 6, 6, 5, 5, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:57:00,472 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (17)] Ended with exit code 0 [2025-03-08 22:57:00,670 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (18)] Forceful destruction successful, exit code 0 [2025-03-08 22:57:00,866 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 17 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,18 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt [2025-03-08 22:57:00,866 INFO L396 AbstractCegarLoop]: === Iteration 13 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:57:00,866 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:57:00,866 INFO L85 PathProgramCache]: Analyzing trace with hash -1595845573, now seen corresponding path program 5 times [2025-03-08 22:57:00,867 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:57:00,867 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [1836348707] [2025-03-08 22:57:00,867 INFO L95 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2025-03-08 22:57:00,867 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:57:00,867 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:57:00,869 INFO L229 MonitoredProcess]: Starting monitored process 19 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:57:00,869 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (19)] Waiting until timeout for monitored process [2025-03-08 22:57:00,920 INFO L108 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 partitioned 62 statements into 7 equivalence classes. [2025-03-08 22:57:01,270 INFO L111 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) and asserted 62 of 62 statements. [2025-03-08 22:57:01,270 INFO L114 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) [2025-03-08 22:57:01,270 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:57:01,274 INFO L256 TraceCheckSpWp]: Trace formula consists of 234 conjuncts, 60 conjuncts are in the unsatisfiable core [2025-03-08 22:57:01,277 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:57:01,390 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:57:01,417 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:57:02,147 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-08 22:57:02,226 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:02,227 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:02,301 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:02,302 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:02,919 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:02,920 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:03,000 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:03,000 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:03,685 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:03,685 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:03,762 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:03,762 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:04,431 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:04,432 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:04,505 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:04,505 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:05,209 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#valid)| |ldv_malloc_#res.base| (select |c_#valid| |ldv_malloc_#res.base|)) |c_#valid|) (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-08 22:57:05,292 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:05,293 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:05,445 INFO L349 Elim1Store]: treesize reduction 24, result has 33.3 percent of original size [2025-03-08 22:57:05,445 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 21 treesize of output 20 [2025-03-08 22:57:06,087 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:06,088 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:06,167 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:06,167 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:06,414 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 76 refuted. 0 times theorem prover too weak. 50 trivial. 22 not checked. [2025-03-08 22:57:06,414 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:57:07,654 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:57:07,654 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1836348707] [2025-03-08 22:57:07,654 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1836348707] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:57:07,654 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [395042568] [2025-03-08 22:57:07,654 INFO L95 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2025-03-08 22:57:07,654 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-08 22:57:07,654 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-08 22:57:07,656 INFO L229 MonitoredProcess]: Starting monitored process 20 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-08 22:57:07,657 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (20)] Waiting until timeout for monitored process [2025-03-08 22:57:07,727 INFO L108 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 partitioned 62 statements into 7 equivalence classes. [2025-03-08 22:57:07,933 INFO L111 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) and asserted 62 of 62 statements. [2025-03-08 22:57:07,933 INFO L114 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) [2025-03-08 22:57:07,933 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:57:07,949 INFO L256 TraceCheckSpWp]: Trace formula consists of 234 conjuncts, 65 conjuncts are in the unsatisfiable core [2025-03-08 22:57:07,952 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:57:08,012 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:57:09,606 INFO L349 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2025-03-08 22:57:09,606 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2025-03-08 22:57:11,428 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:11,548 INFO L349 Elim1Store]: treesize reduction 21, result has 30.0 percent of original size [2025-03-08 22:57:11,548 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 26 treesize of output 26 [2025-03-08 22:57:11,630 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:11,630 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:12,659 INFO L349 Elim1Store]: treesize reduction 24, result has 33.3 percent of original size [2025-03-08 22:57:12,659 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 21 treesize of output 20 [2025-03-08 22:57:12,677 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:13,174 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:13,175 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:13,354 INFO L349 Elim1Store]: treesize reduction 24, result has 33.3 percent of original size [2025-03-08 22:57:13,354 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 21 treesize of output 20 [2025-03-08 22:57:13,811 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:13,811 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:13,895 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:13,895 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:14,633 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:14,634 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:14,716 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:14,717 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:14,793 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 12 proven. 82 refuted. 0 times theorem prover too weak. 28 trivial. 32 not checked. [2025-03-08 22:57:14,793 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:57:15,588 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [395042568] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:57:15,588 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-08 22:57:15,588 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [19, 24] total 30 [2025-03-08 22:57:15,588 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [984120791] [2025-03-08 22:57:15,588 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-08 22:57:15,589 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 31 states [2025-03-08 22:57:15,589 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-08 22:57:15,589 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 31 interpolants. [2025-03-08 22:57:15,589 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=99, Invalid=837, Unknown=2, NotChecked=118, Total=1056 [2025-03-08 22:57:15,589 INFO L87 Difference]: Start difference. First operand 66 states and 90 transitions. Second operand has 31 states, 29 states have (on average 1.896551724137931) internal successors, (55), 27 states have internal predecessors, (55), 9 states have call successors, (9), 3 states have call predecessors, (9), 5 states have return successors, (13), 13 states have call predecessors, (13), 9 states have call successors, (13) [2025-03-08 22:57:25,416 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-08 22:57:25,416 INFO L93 Difference]: Finished difference Result 74 states and 99 transitions. [2025-03-08 22:57:25,417 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 17 states. [2025-03-08 22:57:25,417 INFO L78 Accepts]: Start accepts. Automaton has has 31 states, 29 states have (on average 1.896551724137931) internal successors, (55), 27 states have internal predecessors, (55), 9 states have call successors, (9), 3 states have call predecessors, (9), 5 states have return successors, (13), 13 states have call predecessors, (13), 9 states have call successors, (13) Word has length 62 [2025-03-08 22:57:25,417 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-08 22:57:25,418 INFO L225 Difference]: With dead ends: 74 [2025-03-08 22:57:25,418 INFO L226 Difference]: Without dead ends: 74 [2025-03-08 22:57:25,418 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 141 GetRequests, 96 SyntacticMatches, 1 SemanticMatches, 44 ConstructedPredicates, 2 IntricatePredicates, 0 DeprecatedPredicates, 253 ImplicationChecksByTransitivity, 10.1s TimeCoverageRelationStatistics Valid=199, Invalid=1699, Unknown=2, NotChecked=170, Total=2070 [2025-03-08 22:57:25,419 INFO L435 NwaCegarLoop]: 21 mSDtfsCounter, 53 mSDsluCounter, 191 mSDsCounter, 0 mSdLazyCounter, 861 mSolverCounterSat, 34 mSolverCounterUnsat, 2 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 6.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 56 SdHoareTripleChecker+Valid, 212 SdHoareTripleChecker+Invalid, 1041 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 34 IncrementalHoareTripleChecker+Valid, 861 IncrementalHoareTripleChecker+Invalid, 2 IncrementalHoareTripleChecker+Unknown, 144 IncrementalHoareTripleChecker+Unchecked, 6.4s IncrementalHoareTripleChecker+Time [2025-03-08 22:57:25,419 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [56 Valid, 212 Invalid, 1041 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [34 Valid, 861 Invalid, 2 Unknown, 144 Unchecked, 6.4s Time] [2025-03-08 22:57:25,419 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 74 states. [2025-03-08 22:57:25,422 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 74 to 66. [2025-03-08 22:57:25,422 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1176470588235294) internal successors, (57), 53 states have internal predecessors, (57), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2025-03-08 22:57:25,423 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 89 transitions. [2025-03-08 22:57:25,423 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 89 transitions. Word has length 62 [2025-03-08 22:57:25,423 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-08 22:57:25,423 INFO L471 AbstractCegarLoop]: Abstraction has 66 states and 89 transitions. [2025-03-08 22:57:25,423 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 31 states, 29 states have (on average 1.896551724137931) internal successors, (55), 27 states have internal predecessors, (55), 9 states have call successors, (9), 3 states have call predecessors, (9), 5 states have return successors, (13), 13 states have call predecessors, (13), 9 states have call successors, (13) [2025-03-08 22:57:25,423 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 89 transitions. [2025-03-08 22:57:25,423 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2025-03-08 22:57:25,424 INFO L210 NwaCegarLoop]: Found error trace [2025-03-08 22:57:25,424 INFO L218 NwaCegarLoop]: trace histogram [8, 8, 8, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1] [2025-03-08 22:57:25,432 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (20)] Forceful destruction successful, exit code 0 [2025-03-08 22:57:25,632 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (19)] Ended with exit code 0 [2025-03-08 22:57:25,824 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 20 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt,19 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:57:25,824 INFO L396 AbstractCegarLoop]: === Iteration 14 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-08 22:57:25,825 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-08 22:57:25,825 INFO L85 PathProgramCache]: Analyzing trace with hash -973372563, now seen corresponding path program 6 times [2025-03-08 22:57:25,825 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-08 22:57:25,825 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [886771949] [2025-03-08 22:57:25,825 INFO L95 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2025-03-08 22:57:25,825 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-08 22:57:25,825 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-08 22:57:25,827 INFO L229 MonitoredProcess]: Starting monitored process 21 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-08 22:57:25,829 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (21)] Waiting until timeout for monitored process [2025-03-08 22:57:25,888 INFO L108 AnnotateAndAsserter]: Assert order MIX_INSIDE_OUTSIDE partitioned 71 statements into 8 equivalence classes. [2025-03-08 22:57:28,186 INFO L111 AnnotateAndAsserter]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) and asserted 71 of 71 statements. [2025-03-08 22:57:28,186 INFO L114 AnnotateAndAsserter]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2025-03-08 22:57:28,186 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:57:28,193 INFO L256 TraceCheckSpWp]: Trace formula consists of 269 conjuncts, 69 conjuncts are in the unsatisfiable core [2025-03-08 22:57:28,196 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:57:28,323 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:57:28,353 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:57:29,170 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-08 22:57:29,252 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:29,253 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:29,327 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:29,327 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:30,003 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:30,004 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:30,080 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:30,081 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:30,794 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:30,795 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:30,868 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:30,868 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:31,616 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:31,617 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:31,694 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:31,694 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:32,456 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:32,457 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:32,509 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:32,509 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:33,339 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:33,340 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:33,402 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:33,403 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:34,262 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:34,263 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:34,334 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-08 22:57:34,335 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-08 22:57:34,603 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 106 refuted. 0 times theorem prover too weak. 84 trivial. 14 not checked. [2025-03-08 22:57:34,603 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-08 22:57:35,959 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-08 22:57:35,959 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [886771949] [2025-03-08 22:57:35,959 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [886771949] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-08 22:57:35,959 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [415049278] [2025-03-08 22:57:35,959 INFO L95 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2025-03-08 22:57:35,959 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-08 22:57:35,959 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-08 22:57:35,961 INFO L229 MonitoredProcess]: Starting monitored process 22 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-08 22:57:35,962 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (22)] Waiting until timeout for monitored process [2025-03-08 22:57:36,034 INFO L108 AnnotateAndAsserter]: Assert order MIX_INSIDE_OUTSIDE partitioned 71 statements into 8 equivalence classes. [2025-03-08 22:57:36,327 INFO L111 AnnotateAndAsserter]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) and asserted 71 of 71 statements. [2025-03-08 22:57:36,328 INFO L114 AnnotateAndAsserter]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2025-03-08 22:57:36,328 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-08 22:57:36,334 INFO L256 TraceCheckSpWp]: Trace formula consists of 269 conjuncts, 81 conjuncts are in the unsatisfiable core [2025-03-08 22:57:36,337 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-08 22:57:36,392 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-08 22:57:36,418 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-08 22:57:37,296 INFO L349 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2025-03-08 22:57:37,296 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2025-03-08 22:57:37,361 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:39,142 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#valid)| |ldv_malloc_#res.base| (select |c_#valid| |ldv_malloc_#res.base|)) |c_#valid|) (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-08 22:57:39,224 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-08 22:57:39,224 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-08 22:57:39,489 INFO L349 Elim1Store]: treesize reduction 48, result has 32.4 percent of original size [2025-03-08 22:57:39,489 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 28 treesize of output 36 [2025-03-08 22:57:40,777 INFO L349 Elim1Store]: treesize reduction 13, result has 40.9 percent of original size [2025-03-08 22:57:40,778 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 14 treesize of output 13 [2025-03-08 22:57:41,082 INFO L349 Elim1Store]: treesize reduction 48, result has 32.4 percent of original size [2025-03-08 22:57:41,082 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 28 treesize of output 36