./Ultimate.py --spec ../sv-benchmarks/c/properties/valid-memsafety.prp --file ../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version 798a7b37 Calling Ultimate with: /root/.sdkman/candidates/java/21.0.5-tem/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.6.800.v20240513-1750.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 --- Real Ultimate output --- This is Ultimate 0.3.0-?-798a7b3-m [2025-03-04 07:44:03,388 INFO L188 SettingsManager]: Resetting all preferences to default values... [2025-03-04 07:44:03,424 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2025-03-04 07:44:03,427 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2025-03-04 07:44:03,427 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2025-03-04 07:44:03,439 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2025-03-04 07:44:03,439 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2025-03-04 07:44:03,440 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2025-03-04 07:44:03,440 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2025-03-04 07:44:03,440 INFO L153 SettingsManager]: * Use memory slicer=true [2025-03-04 07:44:03,440 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2025-03-04 07:44:03,440 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2025-03-04 07:44:03,441 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2025-03-04 07:44:03,441 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2025-03-04 07:44:03,441 INFO L153 SettingsManager]: * Use SBE=true [2025-03-04 07:44:03,441 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2025-03-04 07:44:03,441 INFO L153 SettingsManager]: * sizeof long=4 [2025-03-04 07:44:03,441 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2025-03-04 07:44:03,441 INFO L153 SettingsManager]: * sizeof POINTER=4 [2025-03-04 07:44:03,441 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2025-03-04 07:44:03,441 INFO L153 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2025-03-04 07:44:03,441 INFO L153 SettingsManager]: * Bitprecise bitfields=true [2025-03-04 07:44:03,441 INFO L153 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2025-03-04 07:44:03,442 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2025-03-04 07:44:03,442 INFO L153 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2025-03-04 07:44:03,442 INFO L153 SettingsManager]: * Check unreachability of reach_error function=false [2025-03-04 07:44:03,442 INFO L153 SettingsManager]: * sizeof long double=12 [2025-03-04 07:44:03,442 INFO L153 SettingsManager]: * Behaviour of calls to undefined functions=OVERAPPROXIMATE_BEHAVIOUR [2025-03-04 07:44:03,442 INFO L153 SettingsManager]: * Use constant arrays=true [2025-03-04 07:44:03,442 INFO L151 SettingsManager]: Preferences of IcfgBuilder differ from their defaults: [2025-03-04 07:44:03,442 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2025-03-04 07:44:03,442 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2025-03-04 07:44:03,442 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2025-03-04 07:44:03,442 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-04 07:44:03,443 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2025-03-04 07:44:03,443 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2025-03-04 07:44:03,443 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2025-03-04 07:44:03,443 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2025-03-04 07:44:03,443 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2025-03-04 07:44:03,443 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2025-03-04 07:44:03,443 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2025-03-04 07:44:03,443 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2025-03-04 07:44:03,443 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 [2025-03-04 07:44:03,638 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2025-03-04 07:44:03,647 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2025-03-04 07:44:03,648 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2025-03-04 07:44:03,650 INFO L270 PluginConnector]: Initializing CDTParser... [2025-03-04 07:44:03,650 INFO L274 PluginConnector]: CDTParser initialized [2025-03-04 07:44:03,651 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2025-03-04 07:44:04,752 INFO L533 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/a827a112f/de875a9bcfa9458e85e7ead0372dffd9/FLAGc0ae29318 [2025-03-04 07:44:05,040 INFO L384 CDTParser]: Found 1 translation units. [2025-03-04 07:44:05,041 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2025-03-04 07:44:05,050 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/a827a112f/de875a9bcfa9458e85e7ead0372dffd9/FLAGc0ae29318 [2025-03-04 07:44:05,331 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/a827a112f/de875a9bcfa9458e85e7ead0372dffd9 [2025-03-04 07:44:05,333 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2025-03-04 07:44:05,334 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2025-03-04 07:44:05,335 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2025-03-04 07:44:05,335 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2025-03-04 07:44:05,339 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2025-03-04 07:44:05,339 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 04.03 07:44:05" (1/1) ... [2025-03-04 07:44:05,341 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@1e06f84 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:05, skipping insertion in model container [2025-03-04 07:44:05,341 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 04.03 07:44:05" (1/1) ... [2025-03-04 07:44:05,372 INFO L175 MainTranslator]: Built tables and reachable declarations [2025-03-04 07:44:05,552 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-04 07:44:05,587 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-04 07:44:05,587 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-04 07:44:05,589 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-04 07:44:05,602 ERROR L321 MainTranslator]: Unsupported Syntax: Found a cast between two array/pointer types of different sizes while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) [2025-03-04 07:44:05,602 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieTranslatorObserver@4335f71e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:05, skipping insertion in model container [2025-03-04 07:44:05,602 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2025-03-04 07:44:05,603 INFO L186 ToolchainWalker]: Toolchain execution was canceled (user or tool) before executing de.uni_freiburg.informatik.ultimate.boogie.procedureinliner [2025-03-04 07:44:05,604 INFO L158 Benchmark]: Toolchain (without parser) took 269.15ms. Allocated memory is still 167.8MB. Free memory was 123.1MB in the beginning and 109.4MB in the end (delta: 13.6MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-03-04 07:44:05,604 INFO L158 Benchmark]: CDTParser took 0.19ms. Allocated memory is still 201.3MB. Free memory is still 115.6MB. There was no memory consumed. Max. memory is 16.1GB. [2025-03-04 07:44:05,604 INFO L158 Benchmark]: CACSL2BoogieTranslator took 267.66ms. Allocated memory is still 167.8MB. Free memory was 123.1MB in the beginning and 109.4MB in the end (delta: 13.6MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-03-04 07:44:05,605 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.19ms. Allocated memory is still 201.3MB. Free memory is still 115.6MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 267.66ms. Allocated memory is still 167.8MB. Free memory was 123.1MB in the beginning and 109.4MB in the end (delta: 13.6MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - UnsupportedSyntaxResult [Line: 607]: Unsupported Syntax Found a cast between two array/pointer types of different sizes while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /root/.sdkman/candidates/java/21.0.5-tem/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.6.800.v20240513-1750.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 --- Real Ultimate output --- This is Ultimate 0.3.0-?-798a7b3-m [2025-03-04 07:44:07,228 INFO L188 SettingsManager]: Resetting all preferences to default values... [2025-03-04 07:44:07,309 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf [2025-03-04 07:44:07,316 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2025-03-04 07:44:07,316 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2025-03-04 07:44:07,341 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2025-03-04 07:44:07,342 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2025-03-04 07:44:07,342 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2025-03-04 07:44:07,342 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2025-03-04 07:44:07,342 INFO L153 SettingsManager]: * Use memory slicer=true [2025-03-04 07:44:07,342 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2025-03-04 07:44:07,343 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2025-03-04 07:44:07,343 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2025-03-04 07:44:07,343 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2025-03-04 07:44:07,343 INFO L153 SettingsManager]: * Use SBE=true [2025-03-04 07:44:07,343 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2025-03-04 07:44:07,343 INFO L153 SettingsManager]: * sizeof long=4 [2025-03-04 07:44:07,343 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2025-03-04 07:44:07,345 INFO L153 SettingsManager]: * sizeof POINTER=4 [2025-03-04 07:44:07,345 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2025-03-04 07:44:07,345 INFO L153 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2025-03-04 07:44:07,345 INFO L153 SettingsManager]: * Bitprecise bitfields=true [2025-03-04 07:44:07,346 INFO L153 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2025-03-04 07:44:07,346 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2025-03-04 07:44:07,346 INFO L153 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2025-03-04 07:44:07,346 INFO L153 SettingsManager]: * Use bitvectors instead of ints=true [2025-03-04 07:44:07,346 INFO L153 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2025-03-04 07:44:07,346 INFO L153 SettingsManager]: * Check unreachability of reach_error function=false [2025-03-04 07:44:07,346 INFO L153 SettingsManager]: * sizeof long double=12 [2025-03-04 07:44:07,346 INFO L153 SettingsManager]: * Behaviour of calls to undefined functions=OVERAPPROXIMATE_BEHAVIOUR [2025-03-04 07:44:07,347 INFO L153 SettingsManager]: * Use constant arrays=true [2025-03-04 07:44:07,347 INFO L151 SettingsManager]: Preferences of IcfgBuilder differ from their defaults: [2025-03-04 07:44:07,347 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2025-03-04 07:44:07,347 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2025-03-04 07:44:07,347 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2025-03-04 07:44:07,347 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-04 07:44:07,347 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2025-03-04 07:44:07,348 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2025-03-04 07:44:07,348 INFO L153 SettingsManager]: * Trace refinement strategy=FOX [2025-03-04 07:44:07,348 INFO L153 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2025-03-04 07:44:07,348 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2025-03-04 07:44:07,348 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2025-03-04 07:44:07,348 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2025-03-04 07:44:07,348 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2025-03-04 07:44:07,348 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 [2025-03-04 07:44:07,589 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2025-03-04 07:44:07,600 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2025-03-04 07:44:07,602 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2025-03-04 07:44:07,603 INFO L270 PluginConnector]: Initializing CDTParser... [2025-03-04 07:44:07,603 INFO L274 PluginConnector]: CDTParser initialized [2025-03-04 07:44:07,604 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2025-03-04 07:44:08,723 INFO L533 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2007b75dd/14e5607dbc1d455db46889bd5e6d8825/FLAG3867ebdc0 [2025-03-04 07:44:08,975 INFO L384 CDTParser]: Found 1 translation units. [2025-03-04 07:44:08,975 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2025-03-04 07:44:08,987 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2007b75dd/14e5607dbc1d455db46889bd5e6d8825/FLAG3867ebdc0 [2025-03-04 07:44:09,288 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/2007b75dd/14e5607dbc1d455db46889bd5e6d8825 [2025-03-04 07:44:09,290 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2025-03-04 07:44:09,291 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2025-03-04 07:44:09,292 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2025-03-04 07:44:09,292 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2025-03-04 07:44:09,295 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2025-03-04 07:44:09,295 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,296 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@21d6e95 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09, skipping insertion in model container [2025-03-04 07:44:09,296 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,317 INFO L175 MainTranslator]: Built tables and reachable declarations [2025-03-04 07:44:09,502 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-04 07:44:09,530 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-04 07:44:09,532 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-04 07:44:09,533 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-04 07:44:09,546 INFO L197 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2025-03-04 07:44:09,555 INFO L175 MainTranslator]: Built tables and reachable declarations [2025-03-04 07:44:09,574 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-04 07:44:09,589 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-04 07:44:09,590 WARN L1100 CHandler]: saw a pointer cast to a type that we could not get a type size for, not adapting memory model [2025-03-04 07:44:09,591 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-04 07:44:09,595 INFO L200 MainTranslator]: Completed pre-run [2025-03-04 07:44:09,640 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-04 07:44:09,669 INFO L204 MainTranslator]: Completed translation [2025-03-04 07:44:09,670 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09 WrapperNode [2025-03-04 07:44:09,670 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2025-03-04 07:44:09,671 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2025-03-04 07:44:09,671 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2025-03-04 07:44:09,671 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2025-03-04 07:44:09,675 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,691 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,704 INFO L138 Inliner]: procedures = 165, calls = 70, calls flagged for inlining = 21, calls inlined = 3, statements flattened = 27 [2025-03-04 07:44:09,705 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2025-03-04 07:44:09,705 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2025-03-04 07:44:09,706 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2025-03-04 07:44:09,706 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2025-03-04 07:44:09,711 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,711 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,713 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,726 INFO L175 MemorySlicer]: Split 3 memory accesses to 2 slices as follows [2, 1]. 67 percent of accesses are in the largest equivalence class. The 2 initializations are split as follows [2, 0]. The 1 writes are split as follows [0, 1]. [2025-03-04 07:44:09,729 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,730 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,734 INFO L184 PluginConnector]: Executing the observer ReplaceArrayAssignments from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,738 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,739 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,739 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,740 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2025-03-04 07:44:09,741 INFO L112 PluginConnector]: ------------------------IcfgBuilder---------------------------- [2025-03-04 07:44:09,741 INFO L270 PluginConnector]: Initializing IcfgBuilder... [2025-03-04 07:44:09,741 INFO L274 PluginConnector]: IcfgBuilder initialized [2025-03-04 07:44:09,745 INFO L184 PluginConnector]: Executing the observer IcfgBuilderObserver from plugin IcfgBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (1/1) ... [2025-03-04 07:44:09,749 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-04 07:44:09,757 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:09,768 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2025-03-04 07:44:09,773 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2025-03-04 07:44:09,789 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_malloc [2025-03-04 07:44:09,789 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_malloc [2025-03-04 07:44:09,789 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2025-03-04 07:44:09,789 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2025-03-04 07:44:09,789 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$#0 [2025-03-04 07:44:09,789 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$#1 [2025-03-04 07:44:09,789 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$#0 [2025-03-04 07:44:09,789 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$#1 [2025-03-04 07:44:09,789 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2025-03-04 07:44:09,789 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2025-03-04 07:44:09,886 INFO L256 CfgBuilder]: Building ICFG [2025-03-04 07:44:09,888 INFO L286 CfgBuilder]: Building CFG for each procedure with an implementation [2025-03-04 07:44:09,927 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L527: havoc #t~malloc12.base, #t~malloc12.offset; [2025-03-04 07:44:10,024 INFO L? ?]: Removed 13 outVars from TransFormulas that were not future-live. [2025-03-04 07:44:10,026 INFO L307 CfgBuilder]: Performing block encoding [2025-03-04 07:44:10,034 INFO L331 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2025-03-04 07:44:10,034 INFO L336 CfgBuilder]: Removed 0 assume(true) statements. [2025-03-04 07:44:10,035 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 04.03 07:44:10 BoogieIcfgContainer [2025-03-04 07:44:10,035 INFO L131 PluginConnector]: ------------------------ END IcfgBuilder---------------------------- [2025-03-04 07:44:10,037 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2025-03-04 07:44:10,037 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2025-03-04 07:44:10,041 INFO L274 PluginConnector]: TraceAbstraction initialized [2025-03-04 07:44:10,041 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 04.03 07:44:09" (1/3) ... [2025-03-04 07:44:10,042 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@724cd44e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 04.03 07:44:10, skipping insertion in model container [2025-03-04 07:44:10,042 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 04.03 07:44:09" (2/3) ... [2025-03-04 07:44:10,042 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@724cd44e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 04.03 07:44:10, skipping insertion in model container [2025-03-04 07:44:10,042 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 04.03 07:44:10" (3/3) ... [2025-03-04 07:44:10,043 INFO L128 eAbstractionObserver]: Analyzing ICFG memleaks_test18_3.i [2025-03-04 07:44:10,053 INFO L216 ceAbstractionStarter]: Automizer settings: Hoare:None NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2025-03-04 07:44:10,054 INFO L151 ceAbstractionStarter]: Applying trace abstraction to ICFG memleaks_test18_3.i that has 2 procedures, 21 locations, 1 initial locations, 1 loop locations, and 3 error locations. [2025-03-04 07:44:10,084 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2025-03-04 07:44:10,093 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=None, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@4deeb62a, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2025-03-04 07:44:10,094 INFO L334 AbstractCegarLoop]: Starting to check reachability of 3 error locations. [2025-03-04 07:44:10,098 INFO L276 IsEmpty]: Start isEmpty. Operand has 21 states, 14 states have (on average 1.4285714285714286) internal successors, (20), 17 states have internal predecessors, (20), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2025-03-04 07:44:10,103 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2025-03-04 07:44:10,103 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:10,104 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:10,104 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:10,108 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:10,109 INFO L85 PathProgramCache]: Analyzing trace with hash 2125870286, now seen corresponding path program 1 times [2025-03-04 07:44:10,116 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:10,117 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [992374178] [2025-03-04 07:44:10,117 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-04 07:44:10,117 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:10,117 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:10,119 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:10,121 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2025-03-04 07:44:10,193 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 11 statements into 1 equivalence classes. [2025-03-04 07:44:10,206 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 11 of 11 statements. [2025-03-04 07:44:10,206 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-04 07:44:10,206 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:10,208 INFO L256 TraceCheckSpWp]: Trace formula consists of 40 conjuncts, 4 conjuncts are in the unsatisfiable core [2025-03-04 07:44:10,211 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:10,268 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-04 07:44:10,269 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-04 07:44:10,269 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:44:10,269 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [992374178] [2025-03-04 07:44:10,269 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [992374178] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-04 07:44:10,269 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-04 07:44:10,270 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-03-04 07:44:10,271 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1162119995] [2025-03-04 07:44:10,271 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-04 07:44:10,273 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-04 07:44:10,273 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:44:10,290 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-04 07:44:10,290 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-04 07:44:10,291 INFO L87 Difference]: Start difference. First operand has 21 states, 14 states have (on average 1.4285714285714286) internal successors, (20), 17 states have internal predecessors, (20), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Second operand has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-04 07:44:10,332 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:44:10,333 INFO L93 Difference]: Finished difference Result 31 states and 40 transitions. [2025-03-04 07:44:10,334 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-04 07:44:10,335 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2025-03-04 07:44:10,335 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:44:10,338 INFO L225 Difference]: With dead ends: 31 [2025-03-04 07:44:10,338 INFO L226 Difference]: Without dead ends: 29 [2025-03-04 07:44:10,339 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-04 07:44:10,341 INFO L435 NwaCegarLoop]: 20 mSDtfsCounter, 6 mSDsluCounter, 51 mSDsCounter, 0 mSdLazyCounter, 28 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 71 SdHoareTripleChecker+Invalid, 28 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 28 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-04 07:44:10,341 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 71 Invalid, 28 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 28 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-04 07:44:10,349 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 29 states. [2025-03-04 07:44:10,358 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 29 to 23. [2025-03-04 07:44:10,359 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 23 states, 16 states have (on average 1.3125) internal successors, (21), 18 states have internal predecessors, (21), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2025-03-04 07:44:10,361 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 23 states to 23 states and 27 transitions. [2025-03-04 07:44:10,361 INFO L78 Accepts]: Start accepts. Automaton has 23 states and 27 transitions. Word has length 11 [2025-03-04 07:44:10,361 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:44:10,361 INFO L471 AbstractCegarLoop]: Abstraction has 23 states and 27 transitions. [2025-03-04 07:44:10,362 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-04 07:44:10,362 INFO L276 IsEmpty]: Start isEmpty. Operand 23 states and 27 transitions. [2025-03-04 07:44:10,362 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2025-03-04 07:44:10,362 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:10,362 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:10,368 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2025-03-04 07:44:10,567 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:10,567 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:10,568 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:10,568 INFO L85 PathProgramCache]: Analyzing trace with hash -1281593329, now seen corresponding path program 1 times [2025-03-04 07:44:10,568 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:10,568 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [992951468] [2025-03-04 07:44:10,568 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-04 07:44:10,568 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:10,568 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:10,570 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:10,571 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2025-03-04 07:44:10,604 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 11 statements into 1 equivalence classes. [2025-03-04 07:44:10,609 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 11 of 11 statements. [2025-03-04 07:44:10,609 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-04 07:44:10,609 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:10,610 INFO L256 TraceCheckSpWp]: Trace formula consists of 34 conjuncts, 4 conjuncts are in the unsatisfiable core [2025-03-04 07:44:10,610 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:10,641 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-04 07:44:10,642 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-04 07:44:10,642 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:44:10,643 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [992951468] [2025-03-04 07:44:10,643 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [992951468] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-04 07:44:10,643 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-04 07:44:10,643 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2025-03-04 07:44:10,643 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [579982789] [2025-03-04 07:44:10,643 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-04 07:44:10,644 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-03-04 07:44:10,645 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:44:10,645 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-03-04 07:44:10,645 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-03-04 07:44:10,645 INFO L87 Difference]: Start difference. First operand 23 states and 27 transitions. Second operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-04 07:44:10,690 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:44:10,690 INFO L93 Difference]: Finished difference Result 32 states and 38 transitions. [2025-03-04 07:44:10,691 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-03-04 07:44:10,691 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2025-03-04 07:44:10,691 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:44:10,691 INFO L225 Difference]: With dead ends: 32 [2025-03-04 07:44:10,692 INFO L226 Difference]: Without dead ends: 30 [2025-03-04 07:44:10,692 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-03-04 07:44:10,693 INFO L435 NwaCegarLoop]: 32 mSDtfsCounter, 8 mSDsluCounter, 34 mSDsCounter, 0 mSdLazyCounter, 26 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 66 SdHoareTripleChecker+Invalid, 28 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 26 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-04 07:44:10,694 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 66 Invalid, 28 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 26 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-04 07:44:10,695 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 30 states. [2025-03-04 07:44:10,696 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 30 to 28. [2025-03-04 07:44:10,699 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 28 states, 20 states have (on average 1.3) internal successors, (26), 22 states have internal predecessors, (26), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (6), 4 states have call predecessors, (6), 3 states have call successors, (6) [2025-03-04 07:44:10,699 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 28 states to 28 states and 35 transitions. [2025-03-04 07:44:10,699 INFO L78 Accepts]: Start accepts. Automaton has 28 states and 35 transitions. Word has length 11 [2025-03-04 07:44:10,699 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:44:10,699 INFO L471 AbstractCegarLoop]: Abstraction has 28 states and 35 transitions. [2025-03-04 07:44:10,699 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-04 07:44:10,700 INFO L276 IsEmpty]: Start isEmpty. Operand 28 states and 35 transitions. [2025-03-04 07:44:10,700 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 13 [2025-03-04 07:44:10,700 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:10,701 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:10,707 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2025-03-04 07:44:10,901 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:10,901 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:10,902 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:10,902 INFO L85 PathProgramCache]: Analyzing trace with hash 1477507903, now seen corresponding path program 1 times [2025-03-04 07:44:10,902 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:10,902 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [358930099] [2025-03-04 07:44:10,902 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-04 07:44:10,902 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:10,902 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:10,906 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:10,907 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2025-03-04 07:44:10,958 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 12 statements into 1 equivalence classes. [2025-03-04 07:44:10,969 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 12 of 12 statements. [2025-03-04 07:44:10,969 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-04 07:44:10,969 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:10,970 INFO L256 TraceCheckSpWp]: Trace formula consists of 40 conjuncts, 3 conjuncts are in the unsatisfiable core [2025-03-04 07:44:10,971 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:11,003 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-04 07:44:11,003 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-04 07:44:11,003 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:44:11,003 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [358930099] [2025-03-04 07:44:11,003 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [358930099] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-04 07:44:11,003 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-04 07:44:11,003 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2025-03-04 07:44:11,003 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [605523191] [2025-03-04 07:44:11,003 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-04 07:44:11,003 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-03-04 07:44:11,004 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:44:11,004 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-03-04 07:44:11,004 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=6, Invalid=6, Unknown=0, NotChecked=0, Total=12 [2025-03-04 07:44:11,004 INFO L87 Difference]: Start difference. First operand 28 states and 35 transitions. Second operand has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-04 07:44:11,033 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:44:11,033 INFO L93 Difference]: Finished difference Result 39 states and 53 transitions. [2025-03-04 07:44:11,033 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-03-04 07:44:11,033 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 12 [2025-03-04 07:44:11,034 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:44:11,034 INFO L225 Difference]: With dead ends: 39 [2025-03-04 07:44:11,034 INFO L226 Difference]: Without dead ends: 39 [2025-03-04 07:44:11,034 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=6, Invalid=6, Unknown=0, NotChecked=0, Total=12 [2025-03-04 07:44:11,035 INFO L435 NwaCegarLoop]: 16 mSDtfsCounter, 12 mSDsluCounter, 18 mSDsCounter, 0 mSdLazyCounter, 16 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 14 SdHoareTripleChecker+Valid, 34 SdHoareTripleChecker+Invalid, 16 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 16 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-04 07:44:11,035 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [14 Valid, 34 Invalid, 16 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 16 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-04 07:44:11,036 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 39 states. [2025-03-04 07:44:11,038 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 39 to 29. [2025-03-04 07:44:11,038 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 29 states, 21 states have (on average 1.2857142857142858) internal successors, (27), 23 states have internal predecessors, (27), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (6), 4 states have call predecessors, (6), 3 states have call successors, (6) [2025-03-04 07:44:11,039 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 29 states to 29 states and 36 transitions. [2025-03-04 07:44:11,039 INFO L78 Accepts]: Start accepts. Automaton has 29 states and 36 transitions. Word has length 12 [2025-03-04 07:44:11,039 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:44:11,039 INFO L471 AbstractCegarLoop]: Abstraction has 29 states and 36 transitions. [2025-03-04 07:44:11,039 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-03-04 07:44:11,040 INFO L276 IsEmpty]: Start isEmpty. Operand 29 states and 36 transitions. [2025-03-04 07:44:11,040 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2025-03-04 07:44:11,040 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:11,040 INFO L218 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:11,046 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2025-03-04 07:44:11,244 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:11,244 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:11,244 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:11,244 INFO L85 PathProgramCache]: Analyzing trace with hash 957740076, now seen corresponding path program 1 times [2025-03-04 07:44:11,245 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:11,245 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [1904811364] [2025-03-04 07:44:11,245 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-04 07:44:11,245 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:11,245 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:11,246 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:11,248 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2025-03-04 07:44:11,289 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 17 statements into 1 equivalence classes. [2025-03-04 07:44:11,301 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 17 of 17 statements. [2025-03-04 07:44:11,301 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-04 07:44:11,301 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:11,302 INFO L256 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 9 conjuncts are in the unsatisfiable core [2025-03-04 07:44:11,304 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:11,325 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:44:11,450 INFO L349 Elim1Store]: treesize reduction 24, result has 33.3 percent of original size [2025-03-04 07:44:11,450 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 21 treesize of output 20 [2025-03-04 07:44:11,459 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-04 07:44:11,460 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:44:20,162 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-04 07:44:20,163 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:44:20,163 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1904811364] [2025-03-04 07:44:20,163 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1904811364] provided 0 perfect and 2 imperfect interpolant sequences [2025-03-04 07:44:20,163 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-04 07:44:20,163 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 6] total 8 [2025-03-04 07:44:20,163 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [746902175] [2025-03-04 07:44:20,164 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-04 07:44:20,164 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2025-03-04 07:44:20,164 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:44:20,164 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2025-03-04 07:44:20,165 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=50, Unknown=2, NotChecked=0, Total=72 [2025-03-04 07:44:20,165 INFO L87 Difference]: Start difference. First operand 29 states and 36 transitions. Second operand has 9 states, 8 states have (on average 2.0) internal successors, (16), 8 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2025-03-04 07:44:20,354 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:44:20,354 INFO L93 Difference]: Finished difference Result 35 states and 46 transitions. [2025-03-04 07:44:20,359 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2025-03-04 07:44:20,359 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 2.0) internal successors, (16), 8 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2025-03-04 07:44:20,359 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:44:20,359 INFO L225 Difference]: With dead ends: 35 [2025-03-04 07:44:20,359 INFO L226 Difference]: Without dead ends: 35 [2025-03-04 07:44:20,360 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 24 SyntacticMatches, 1 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 8.6s TimeCoverageRelationStatistics Valid=26, Invalid=62, Unknown=2, NotChecked=0, Total=90 [2025-03-04 07:44:20,360 INFO L435 NwaCegarLoop]: 17 mSDtfsCounter, 5 mSDsluCounter, 43 mSDsCounter, 0 mSdLazyCounter, 88 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 5 SdHoareTripleChecker+Valid, 60 SdHoareTripleChecker+Invalid, 91 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 88 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2025-03-04 07:44:20,360 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [5 Valid, 60 Invalid, 91 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 88 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2025-03-04 07:44:20,361 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 35 states. [2025-03-04 07:44:20,362 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 35 to 35. [2025-03-04 07:44:20,362 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 35 states, 26 states have (on average 1.3076923076923077) internal successors, (34), 27 states have internal predecessors, (34), 4 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (8), 6 states have call predecessors, (8), 4 states have call successors, (8) [2025-03-04 07:44:20,363 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 35 states to 35 states and 46 transitions. [2025-03-04 07:44:20,363 INFO L78 Accepts]: Start accepts. Automaton has 35 states and 46 transitions. Word has length 17 [2025-03-04 07:44:20,363 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:44:20,363 INFO L471 AbstractCegarLoop]: Abstraction has 35 states and 46 transitions. [2025-03-04 07:44:20,363 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 2.0) internal successors, (16), 8 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2025-03-04 07:44:20,363 INFO L276 IsEmpty]: Start isEmpty. Operand 35 states and 46 transitions. [2025-03-04 07:44:20,364 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2025-03-04 07:44:20,364 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:20,364 INFO L218 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:20,370 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2025-03-04 07:44:20,564 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:20,564 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:20,567 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:20,567 INFO L85 PathProgramCache]: Analyzing trace with hash 957740077, now seen corresponding path program 1 times [2025-03-04 07:44:20,567 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:20,567 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [426395752] [2025-03-04 07:44:20,567 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-04 07:44:20,567 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:20,568 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:20,569 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:20,570 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2025-03-04 07:44:20,611 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 17 statements into 1 equivalence classes. [2025-03-04 07:44:20,621 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 17 of 17 statements. [2025-03-04 07:44:20,621 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-04 07:44:20,621 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:20,622 INFO L256 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 20 conjuncts are in the unsatisfiable core [2025-03-04 07:44:20,626 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:20,653 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:44:20,660 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:44:20,850 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-04 07:44:20,878 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:20,880 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:20,892 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:20,892 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:20,917 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2025-03-04 07:44:20,917 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:44:25,139 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:44:25,139 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [426395752] [2025-03-04 07:44:25,139 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [426395752] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:44:25,139 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [254784538] [2025-03-04 07:44:25,139 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-04 07:44:25,139 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-04 07:44:25,139 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-04 07:44:25,163 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-04 07:44:25,165 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (7)] Waiting until timeout for monitored process [2025-03-04 07:44:25,214 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 17 statements into 1 equivalence classes. [2025-03-04 07:44:25,241 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 17 of 17 statements. [2025-03-04 07:44:25,241 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-04 07:44:25,241 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:25,246 INFO L256 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 20 conjuncts are in the unsatisfiable core [2025-03-04 07:44:25,248 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:25,264 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:44:25,271 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:44:25,384 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:25,385 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:25,399 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:25,400 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:25,415 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2025-03-04 07:44:25,416 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:44:29,569 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [254784538] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:44:29,569 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-04 07:44:29,569 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 9 [2025-03-04 07:44:29,569 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1935244998] [2025-03-04 07:44:29,570 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-04 07:44:29,570 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2025-03-04 07:44:29,570 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:44:29,570 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2025-03-04 07:44:29,570 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=25, Invalid=87, Unknown=2, NotChecked=18, Total=132 [2025-03-04 07:44:29,570 INFO L87 Difference]: Start difference. First operand 35 states and 46 transitions. Second operand has 10 states, 8 states have (on average 1.625) internal successors, (13), 9 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2025-03-04 07:44:29,824 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:44:29,825 INFO L93 Difference]: Finished difference Result 41 states and 54 transitions. [2025-03-04 07:44:29,827 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2025-03-04 07:44:29,827 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 8 states have (on average 1.625) internal successors, (13), 9 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2025-03-04 07:44:29,827 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:44:29,827 INFO L225 Difference]: With dead ends: 41 [2025-03-04 07:44:29,827 INFO L226 Difference]: Without dead ends: 41 [2025-03-04 07:44:29,828 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 43 GetRequests, 27 SyntacticMatches, 1 SemanticMatches, 15 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 12 ImplicationChecksByTransitivity, 8.4s TimeCoverageRelationStatistics Valid=49, Invalid=193, Unknown=2, NotChecked=28, Total=272 [2025-03-04 07:44:29,828 INFO L435 NwaCegarLoop]: 14 mSDtfsCounter, 20 mSDsluCounter, 40 mSDsCounter, 0 mSdLazyCounter, 102 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 54 SdHoareTripleChecker+Invalid, 142 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 102 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 33 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-03-04 07:44:29,829 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [24 Valid, 54 Invalid, 142 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 102 Invalid, 0 Unknown, 33 Unchecked, 0.1s Time] [2025-03-04 07:44:29,829 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 41 states. [2025-03-04 07:44:29,832 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 41 to 38. [2025-03-04 07:44:29,832 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 38 states, 28 states have (on average 1.2857142857142858) internal successors, (36), 29 states have internal predecessors, (36), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (10), 7 states have call predecessors, (10), 5 states have call successors, (10) [2025-03-04 07:44:29,832 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 38 states to 38 states and 51 transitions. [2025-03-04 07:44:29,832 INFO L78 Accepts]: Start accepts. Automaton has 38 states and 51 transitions. Word has length 17 [2025-03-04 07:44:29,833 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:44:29,833 INFO L471 AbstractCegarLoop]: Abstraction has 38 states and 51 transitions. [2025-03-04 07:44:29,833 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 8 states have (on average 1.625) internal successors, (13), 9 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2025-03-04 07:44:29,833 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states and 51 transitions. [2025-03-04 07:44:29,833 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2025-03-04 07:44:29,833 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:29,833 INFO L218 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:29,840 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Ended with exit code 0 [2025-03-04 07:44:30,036 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (7)] Ended with exit code 0 [2025-03-04 07:44:30,234 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt [2025-03-04 07:44:30,235 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:30,236 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:30,236 INFO L85 PathProgramCache]: Analyzing trace with hash 664337069, now seen corresponding path program 1 times [2025-03-04 07:44:30,236 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:30,236 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [710679980] [2025-03-04 07:44:30,236 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-04 07:44:30,236 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:30,236 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:30,237 INFO L229 MonitoredProcess]: Starting monitored process 8 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:30,238 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (8)] Waiting until timeout for monitored process [2025-03-04 07:44:30,268 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 17 statements into 1 equivalence classes. [2025-03-04 07:44:30,274 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 17 of 17 statements. [2025-03-04 07:44:30,274 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-04 07:44:30,274 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:30,274 INFO L256 TraceCheckSpWp]: Trace formula consists of 53 conjuncts, 7 conjuncts are in the unsatisfiable core [2025-03-04 07:44:30,275 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:30,317 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-03-04 07:44:30,317 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-04 07:44:30,317 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:44:30,317 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [710679980] [2025-03-04 07:44:30,318 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [710679980] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-04 07:44:30,318 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-04 07:44:30,318 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-03-04 07:44:30,318 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [139139272] [2025-03-04 07:44:30,318 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-04 07:44:30,318 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-04 07:44:30,318 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:44:30,318 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-04 07:44:30,318 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-04 07:44:30,319 INFO L87 Difference]: Start difference. First operand 38 states and 51 transitions. Second operand has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2025-03-04 07:44:30,341 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:44:30,341 INFO L93 Difference]: Finished difference Result 26 states and 30 transitions. [2025-03-04 07:44:30,342 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-04 07:44:30,342 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2025-03-04 07:44:30,342 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:44:30,342 INFO L225 Difference]: With dead ends: 26 [2025-03-04 07:44:30,342 INFO L226 Difference]: Without dead ends: 24 [2025-03-04 07:44:30,342 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-04 07:44:30,343 INFO L435 NwaCegarLoop]: 23 mSDtfsCounter, 0 mSDsluCounter, 56 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 79 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-04 07:44:30,343 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 79 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-04 07:44:30,343 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 24 states. [2025-03-04 07:44:30,344 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 24 to 24. [2025-03-04 07:44:30,345 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 24 states, 17 states have (on average 1.1764705882352942) internal successors, (20), 19 states have internal predecessors, (20), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2025-03-04 07:44:30,345 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 24 states to 24 states and 28 transitions. [2025-03-04 07:44:30,345 INFO L78 Accepts]: Start accepts. Automaton has 24 states and 28 transitions. Word has length 17 [2025-03-04 07:44:30,345 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:44:30,345 INFO L471 AbstractCegarLoop]: Abstraction has 24 states and 28 transitions. [2025-03-04 07:44:30,345 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2025-03-04 07:44:30,345 INFO L276 IsEmpty]: Start isEmpty. Operand 24 states and 28 transitions. [2025-03-04 07:44:30,345 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2025-03-04 07:44:30,345 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:30,345 INFO L218 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:30,354 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (8)] Ended with exit code 0 [2025-03-04 07:44:30,548 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:30,549 INFO L396 AbstractCegarLoop]: === Iteration 7 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:30,549 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:30,549 INFO L85 PathProgramCache]: Analyzing trace with hash 392051441, now seen corresponding path program 1 times [2025-03-04 07:44:30,550 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:30,550 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [91627653] [2025-03-04 07:44:30,550 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-04 07:44:30,550 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:30,550 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:30,554 INFO L229 MonitoredProcess]: Starting monitored process 9 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:30,555 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (9)] Waiting until timeout for monitored process [2025-03-04 07:44:30,594 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 21 statements into 1 equivalence classes. [2025-03-04 07:44:30,603 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 21 of 21 statements. [2025-03-04 07:44:30,604 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-04 07:44:30,604 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:30,605 INFO L256 TraceCheckSpWp]: Trace formula consists of 75 conjuncts, 4 conjuncts are in the unsatisfiable core [2025-03-04 07:44:30,606 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:30,655 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2025-03-04 07:44:30,656 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:44:30,710 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2025-03-04 07:44:30,711 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:44:30,711 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [91627653] [2025-03-04 07:44:30,711 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [91627653] provided 0 perfect and 2 imperfect interpolant sequences [2025-03-04 07:44:30,711 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-04 07:44:30,711 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [5, 5] total 8 [2025-03-04 07:44:30,711 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [908449888] [2025-03-04 07:44:30,711 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-04 07:44:30,712 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2025-03-04 07:44:30,712 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:44:30,713 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2025-03-04 07:44:30,713 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2025-03-04 07:44:30,713 INFO L87 Difference]: Start difference. First operand 24 states and 28 transitions. Second operand has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2025-03-04 07:44:30,796 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:44:30,796 INFO L93 Difference]: Finished difference Result 36 states and 46 transitions. [2025-03-04 07:44:30,796 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2025-03-04 07:44:30,796 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) Word has length 21 [2025-03-04 07:44:30,797 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:44:30,797 INFO L225 Difference]: With dead ends: 36 [2025-03-04 07:44:30,797 INFO L226 Difference]: Without dead ends: 36 [2025-03-04 07:44:30,797 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 34 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=38, Invalid=52, Unknown=0, NotChecked=0, Total=90 [2025-03-04 07:44:30,798 INFO L435 NwaCegarLoop]: 18 mSDtfsCounter, 22 mSDsluCounter, 49 mSDsCounter, 0 mSdLazyCounter, 42 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 23 SdHoareTripleChecker+Valid, 67 SdHoareTripleChecker+Invalid, 48 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 42 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-03-04 07:44:30,798 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [23 Valid, 67 Invalid, 48 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 42 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2025-03-04 07:44:30,799 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 36 states. [2025-03-04 07:44:30,800 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 36 to 36. [2025-03-04 07:44:30,800 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1851851851851851) internal successors, (32), 29 states have internal predecessors, (32), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2025-03-04 07:44:30,801 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 46 transitions. [2025-03-04 07:44:30,801 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 46 transitions. Word has length 21 [2025-03-04 07:44:30,801 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:44:30,801 INFO L471 AbstractCegarLoop]: Abstraction has 36 states and 46 transitions. [2025-03-04 07:44:30,801 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2025-03-04 07:44:30,801 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 46 transitions. [2025-03-04 07:44:30,802 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2025-03-04 07:44:30,802 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:30,802 INFO L218 NwaCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:30,808 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (9)] Ended with exit code 0 [2025-03-04 07:44:31,002 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:31,003 INFO L396 AbstractCegarLoop]: === Iteration 8 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:31,003 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:31,003 INFO L85 PathProgramCache]: Analyzing trace with hash -1292454981, now seen corresponding path program 1 times [2025-03-04 07:44:31,003 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:31,003 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [750196262] [2025-03-04 07:44:31,003 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-04 07:44:31,003 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:31,004 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:31,005 INFO L229 MonitoredProcess]: Starting monitored process 10 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:31,006 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (10)] Waiting until timeout for monitored process [2025-03-04 07:44:31,040 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 26 statements into 1 equivalence classes. [2025-03-04 07:44:31,053 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 26 of 26 statements. [2025-03-04 07:44:31,053 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-04 07:44:31,053 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:31,061 INFO L256 TraceCheckSpWp]: Trace formula consists of 94 conjuncts, 29 conjuncts are in the unsatisfiable core [2025-03-04 07:44:31,064 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:31,082 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:44:31,087 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:44:31,220 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-04 07:44:31,252 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:31,253 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:31,270 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:31,270 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:31,405 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:31,406 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:31,418 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:31,418 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:31,444 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 2 proven. 6 refuted. 0 times theorem prover too weak. 4 trivial. 4 not checked. [2025-03-04 07:44:31,444 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:44:39,654 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:44:39,654 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [750196262] [2025-03-04 07:44:39,654 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [750196262] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:44:39,654 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1649615248] [2025-03-04 07:44:39,654 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-04 07:44:39,654 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-04 07:44:39,654 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-04 07:44:39,656 INFO L229 MonitoredProcess]: Starting monitored process 11 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-04 07:44:39,656 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (11)] Waiting until timeout for monitored process [2025-03-04 07:44:39,696 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 26 statements into 1 equivalence classes. [2025-03-04 07:44:39,736 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 26 of 26 statements. [2025-03-04 07:44:39,736 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-04 07:44:39,736 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:39,738 INFO L256 TraceCheckSpWp]: Trace formula consists of 94 conjuncts, 28 conjuncts are in the unsatisfiable core [2025-03-04 07:44:39,740 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:39,748 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:44:39,752 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:44:39,835 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:39,836 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:39,844 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:39,845 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:39,916 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:39,917 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:39,929 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:39,930 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:39,941 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 2 proven. 6 refuted. 0 times theorem prover too weak. 4 trivial. 4 not checked. [2025-03-04 07:44:39,941 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:44:40,078 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1649615248] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:44:40,078 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-04 07:44:40,078 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 11] total 11 [2025-03-04 07:44:40,078 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1740457808] [2025-03-04 07:44:40,078 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-04 07:44:40,078 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2025-03-04 07:44:40,078 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:44:40,079 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2025-03-04 07:44:40,079 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=124, Unknown=3, NotChecked=22, Total=182 [2025-03-04 07:44:40,079 INFO L87 Difference]: Start difference. First operand 36 states and 46 transitions. Second operand has 12 states, 10 states have (on average 1.7) internal successors, (17), 11 states have internal predecessors, (17), 3 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) [2025-03-04 07:44:40,410 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:44:40,410 INFO L93 Difference]: Finished difference Result 40 states and 49 transitions. [2025-03-04 07:44:40,410 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2025-03-04 07:44:40,410 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 10 states have (on average 1.7) internal successors, (17), 11 states have internal predecessors, (17), 3 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) Word has length 26 [2025-03-04 07:44:40,411 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:44:40,411 INFO L225 Difference]: With dead ends: 40 [2025-03-04 07:44:40,411 INFO L226 Difference]: Without dead ends: 40 [2025-03-04 07:44:40,411 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 63 GetRequests, 43 SyntacticMatches, 1 SemanticMatches, 19 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 8.4s TimeCoverageRelationStatistics Valid=70, Invalid=311, Unknown=3, NotChecked=36, Total=420 [2025-03-04 07:44:40,412 INFO L435 NwaCegarLoop]: 16 mSDtfsCounter, 21 mSDsluCounter, 72 mSDsCounter, 0 mSdLazyCounter, 179 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 88 SdHoareTripleChecker+Invalid, 226 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 179 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 38 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2025-03-04 07:44:40,412 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [24 Valid, 88 Invalid, 226 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 179 Invalid, 0 Unknown, 38 Unchecked, 0.2s Time] [2025-03-04 07:44:40,412 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 40 states. [2025-03-04 07:44:40,414 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 40 to 36. [2025-03-04 07:44:40,414 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1481481481481481) internal successors, (31), 29 states have internal predecessors, (31), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2025-03-04 07:44:40,415 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 45 transitions. [2025-03-04 07:44:40,415 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 45 transitions. Word has length 26 [2025-03-04 07:44:40,415 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:44:40,415 INFO L471 AbstractCegarLoop]: Abstraction has 36 states and 45 transitions. [2025-03-04 07:44:40,415 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 10 states have (on average 1.7) internal successors, (17), 11 states have internal predecessors, (17), 3 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) [2025-03-04 07:44:40,415 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 45 transitions. [2025-03-04 07:44:40,415 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2025-03-04 07:44:40,415 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:40,415 INFO L218 NwaCegarLoop]: trace histogram [4, 4, 4, 3, 3, 3, 3, 2, 2, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:40,418 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (11)] Ended with exit code 0 [2025-03-04 07:44:40,622 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (10)] Ended with exit code 0 [2025-03-04 07:44:40,816 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 11 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt,10 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:40,816 INFO L396 AbstractCegarLoop]: === Iteration 9 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:40,816 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:40,816 INFO L85 PathProgramCache]: Analyzing trace with hash -1590062099, now seen corresponding path program 2 times [2025-03-04 07:44:40,817 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:40,817 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [732963215] [2025-03-04 07:44:40,817 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2025-03-04 07:44:40,817 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:40,817 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:40,818 INFO L229 MonitoredProcess]: Starting monitored process 12 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:40,819 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (12)] Waiting until timeout for monitored process [2025-03-04 07:44:40,866 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 partitioned 35 statements into 2 equivalence classes. [2025-03-04 07:44:40,893 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) and asserted 35 of 35 statements. [2025-03-04 07:44:40,893 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2025-03-04 07:44:40,893 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:40,895 INFO L256 TraceCheckSpWp]: Trace formula consists of 129 conjuncts, 36 conjuncts are in the unsatisfiable core [2025-03-04 07:44:40,900 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:40,922 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:44:40,927 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:44:41,044 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-04 07:44:41,062 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:41,063 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:41,095 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:41,096 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:41,219 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:41,220 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:41,236 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:41,236 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:41,357 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:41,358 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:41,366 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:41,366 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:41,404 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 3 proven. 16 refuted. 0 times theorem prover too weak. 12 trivial. 6 not checked. [2025-03-04 07:44:41,404 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:44:45,527 WARN L851 $PredicateComparison]: unable to prove that (let ((.cse1 (bvmul (_ bv4 32) |c_ULTIMATE.start_entry_point_~i~0#1|))) (let ((.cse0 (bvadd (_ bv4 32) .cse1 |c_ULTIMATE.start_entry_point_~array~0#1.offset|))) (and (forall ((|v_ldv_malloc_#res.base_32| (_ BitVec 32))) (or (not (= (_ bv0 1) (select |c_#valid| |v_ldv_malloc_#res.base_32|))) (forall ((v_ArrVal_112 (_ BitVec 32))) (bvule .cse0 (select (store |c_#length| |v_ldv_malloc_#res.base_32| v_ArrVal_112) |c_ULTIMATE.start_entry_point_~array~0#1.base|))))) (or (bvule (bvadd .cse1 |c_ULTIMATE.start_entry_point_~array~0#1.offset|) .cse0) (forall ((|v_ldv_malloc_#res.base_32| (_ BitVec 32))) (not (= (_ bv0 1) (select |c_#valid| |v_ldv_malloc_#res.base_32|)))))))) is different from false [2025-03-04 07:44:45,531 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:44:45,531 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [732963215] [2025-03-04 07:44:45,531 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [732963215] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:44:45,531 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [933379295] [2025-03-04 07:44:45,531 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2025-03-04 07:44:45,531 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-04 07:44:45,531 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-04 07:44:45,533 INFO L229 MonitoredProcess]: Starting monitored process 13 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-04 07:44:45,534 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (13)] Waiting until timeout for monitored process [2025-03-04 07:44:45,585 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 partitioned 35 statements into 2 equivalence classes. [2025-03-04 07:44:45,651 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) and asserted 35 of 35 statements. [2025-03-04 07:44:45,651 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2025-03-04 07:44:45,651 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:45,653 INFO L256 TraceCheckSpWp]: Trace formula consists of 129 conjuncts, 36 conjuncts are in the unsatisfiable core [2025-03-04 07:44:45,655 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:45,664 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:44:45,672 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:44:45,754 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:45,755 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:45,765 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:45,765 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:45,844 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:45,844 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:45,856 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:45,856 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:45,922 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:45,923 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:45,934 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:45,935 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:45,942 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 3 proven. 16 refuted. 0 times theorem prover too weak. 12 trivial. 6 not checked. [2025-03-04 07:44:45,942 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:44:50,127 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [933379295] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:44:50,127 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-04 07:44:50,127 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 13] total 13 [2025-03-04 07:44:50,127 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [675713954] [2025-03-04 07:44:50,127 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-04 07:44:50,127 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2025-03-04 07:44:50,128 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:44:50,128 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2025-03-04 07:44:50,128 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=43, Invalid=172, Unknown=3, NotChecked=54, Total=272 [2025-03-04 07:44:50,128 INFO L87 Difference]: Start difference. First operand 36 states and 45 transitions. Second operand has 14 states, 12 states have (on average 1.75) internal successors, (21), 13 states have internal predecessors, (21), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2025-03-04 07:44:50,575 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:44:50,575 INFO L93 Difference]: Finished difference Result 42 states and 50 transitions. [2025-03-04 07:44:50,575 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2025-03-04 07:44:50,575 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 12 states have (on average 1.75) internal successors, (21), 13 states have internal predecessors, (21), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) Word has length 35 [2025-03-04 07:44:50,575 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:44:50,576 INFO L225 Difference]: With dead ends: 42 [2025-03-04 07:44:50,576 INFO L226 Difference]: Without dead ends: 42 [2025-03-04 07:44:50,576 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 83 GetRequests, 59 SyntacticMatches, 0 SemanticMatches, 24 ConstructedPredicates, 2 IntricatePredicates, 0 DeprecatedPredicates, 43 ImplicationChecksByTransitivity, 8.5s TimeCoverageRelationStatistics Valid=93, Invalid=464, Unknown=3, NotChecked=90, Total=650 [2025-03-04 07:44:50,576 INFO L435 NwaCegarLoop]: 19 mSDtfsCounter, 26 mSDsluCounter, 109 mSDsCounter, 0 mSdLazyCounter, 290 mSolverCounterSat, 12 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 29 SdHoareTripleChecker+Valid, 128 SdHoareTripleChecker+Invalid, 349 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 12 IncrementalHoareTripleChecker+Valid, 290 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 47 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2025-03-04 07:44:50,576 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [29 Valid, 128 Invalid, 349 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [12 Valid, 290 Invalid, 0 Unknown, 47 Unchecked, 0.3s Time] [2025-03-04 07:44:50,577 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 42 states. [2025-03-04 07:44:50,578 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 42 to 36. [2025-03-04 07:44:50,578 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1111111111111112) internal successors, (30), 29 states have internal predecessors, (30), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2025-03-04 07:44:50,579 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 44 transitions. [2025-03-04 07:44:50,579 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 44 transitions. Word has length 35 [2025-03-04 07:44:50,579 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:44:50,579 INFO L471 AbstractCegarLoop]: Abstraction has 36 states and 44 transitions. [2025-03-04 07:44:50,579 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 12 states have (on average 1.75) internal successors, (21), 13 states have internal predecessors, (21), 4 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2025-03-04 07:44:50,579 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 44 transitions. [2025-03-04 07:44:50,579 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2025-03-04 07:44:50,580 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:50,580 INFO L218 NwaCegarLoop]: trace histogram [5, 5, 5, 4, 4, 4, 4, 3, 3, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:50,586 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (12)] Ended with exit code 0 [2025-03-04 07:44:50,783 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (13)] Ended with exit code 0 [2025-03-04 07:44:50,980 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 12 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,13 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt [2025-03-04 07:44:50,980 INFO L396 AbstractCegarLoop]: === Iteration 10 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:50,981 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:50,981 INFO L85 PathProgramCache]: Analyzing trace with hash -1769288709, now seen corresponding path program 3 times [2025-03-04 07:44:50,981 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:50,981 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [510845358] [2025-03-04 07:44:50,981 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2025-03-04 07:44:50,981 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:50,981 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:50,983 INFO L229 MonitoredProcess]: Starting monitored process 14 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:50,984 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (14)] Waiting until timeout for monitored process [2025-03-04 07:44:51,027 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 partitioned 44 statements into 5 equivalence classes. [2025-03-04 07:44:51,120 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) and asserted 44 of 44 statements. [2025-03-04 07:44:51,120 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) [2025-03-04 07:44:51,120 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:51,123 INFO L256 TraceCheckSpWp]: Trace formula consists of 164 conjuncts, 45 conjuncts are in the unsatisfiable core [2025-03-04 07:44:51,126 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:51,138 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:44:51,141 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:44:51,245 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-04 07:44:51,262 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:51,263 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:51,273 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:51,274 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:51,380 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:51,381 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:51,394 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:51,394 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:51,505 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:51,506 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:51,519 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:51,519 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:51,623 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:51,623 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:51,632 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:51,632 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:51,661 INFO L134 CoverageAnalysis]: Checked inductivity of 67 backedges. 4 proven. 31 refuted. 0 times theorem prover too weak. 24 trivial. 8 not checked. [2025-03-04 07:44:51,662 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:44:51,910 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:44:51,910 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [510845358] [2025-03-04 07:44:51,910 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [510845358] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:44:51,910 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1028927374] [2025-03-04 07:44:51,910 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2025-03-04 07:44:51,910 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-04 07:44:51,910 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-04 07:44:51,912 INFO L229 MonitoredProcess]: Starting monitored process 15 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-04 07:44:51,913 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (15)] Waiting until timeout for monitored process [2025-03-04 07:44:51,972 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 partitioned 44 statements into 5 equivalence classes. [2025-03-04 07:44:52,092 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) and asserted 44 of 44 statements. [2025-03-04 07:44:52,093 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) [2025-03-04 07:44:52,093 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:52,096 INFO L256 TraceCheckSpWp]: Trace formula consists of 164 conjuncts, 54 conjuncts are in the unsatisfiable core [2025-03-04 07:44:52,098 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:52,122 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:44:52,133 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:44:52,237 INFO L349 Elim1Store]: treesize reduction 13, result has 40.9 percent of original size [2025-03-04 07:44:52,237 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 14 treesize of output 13 [2025-03-04 07:44:52,250 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:52,250 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:52,391 INFO L349 Elim1Store]: treesize reduction 13, result has 40.9 percent of original size [2025-03-04 07:44:52,391 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 14 treesize of output 13 [2025-03-04 07:44:52,411 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:52,411 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:52,557 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:52,557 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:52,575 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:52,728 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:52,729 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:52,740 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:52,740 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:52,753 INFO L134 CoverageAnalysis]: Checked inductivity of 67 backedges. 4 proven. 37 refuted. 0 times theorem prover too weak. 18 trivial. 8 not checked. [2025-03-04 07:44:52,753 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:44:56,943 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1028927374] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:44:56,943 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-04 07:44:56,944 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [15, 19] total 22 [2025-03-04 07:44:56,944 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1681209432] [2025-03-04 07:44:56,944 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-04 07:44:56,944 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 23 states [2025-03-04 07:44:56,944 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:44:56,945 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 23 interpolants. [2025-03-04 07:44:56,945 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=75, Invalid=480, Unknown=1, NotChecked=44, Total=600 [2025-03-04 07:44:56,945 INFO L87 Difference]: Start difference. First operand 36 states and 44 transitions. Second operand has 23 states, 21 states have (on average 1.5714285714285714) internal successors, (33), 19 states have internal predecessors, (33), 5 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (8), 8 states have call predecessors, (8), 5 states have call successors, (8) [2025-03-04 07:44:57,985 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:44:57,986 INFO L93 Difference]: Finished difference Result 48 states and 58 transitions. [2025-03-04 07:44:57,986 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2025-03-04 07:44:57,986 INFO L78 Accepts]: Start accepts. Automaton has has 23 states, 21 states have (on average 1.5714285714285714) internal successors, (33), 19 states have internal predecessors, (33), 5 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (8), 8 states have call predecessors, (8), 5 states have call successors, (8) Word has length 44 [2025-03-04 07:44:57,987 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:44:57,987 INFO L225 Difference]: With dead ends: 48 [2025-03-04 07:44:57,987 INFO L226 Difference]: Without dead ends: 48 [2025-03-04 07:44:57,987 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 106 GetRequests, 68 SyntacticMatches, 1 SemanticMatches, 37 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 237 ImplicationChecksByTransitivity, 5.1s TimeCoverageRelationStatistics Valid=157, Invalid=1252, Unknown=1, NotChecked=72, Total=1482 [2025-03-04 07:44:57,988 INFO L435 NwaCegarLoop]: 19 mSDtfsCounter, 38 mSDsluCounter, 123 mSDsCounter, 0 mSdLazyCounter, 556 mSolverCounterSat, 18 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 41 SdHoareTripleChecker+Valid, 142 SdHoareTripleChecker+Invalid, 630 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 18 IncrementalHoareTripleChecker+Valid, 556 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 56 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2025-03-04 07:44:57,988 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [41 Valid, 142 Invalid, 630 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [18 Valid, 556 Invalid, 0 Unknown, 56 Unchecked, 0.6s Time] [2025-03-04 07:44:57,988 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 48 states. [2025-03-04 07:44:57,990 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 48 to 39. [2025-03-04 07:44:57,990 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 39 states, 29 states have (on average 1.103448275862069) internal successors, (32), 31 states have internal predecessors, (32), 6 states have call successors, (6), 1 states have call predecessors, (6), 2 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) [2025-03-04 07:44:57,991 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 39 states to 39 states and 49 transitions. [2025-03-04 07:44:57,991 INFO L78 Accepts]: Start accepts. Automaton has 39 states and 49 transitions. Word has length 44 [2025-03-04 07:44:57,991 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:44:57,991 INFO L471 AbstractCegarLoop]: Abstraction has 39 states and 49 transitions. [2025-03-04 07:44:57,991 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 23 states, 21 states have (on average 1.5714285714285714) internal successors, (33), 19 states have internal predecessors, (33), 5 states have call successors, (5), 2 states have call predecessors, (5), 3 states have return successors, (8), 8 states have call predecessors, (8), 5 states have call successors, (8) [2025-03-04 07:44:57,991 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 49 transitions. [2025-03-04 07:44:57,991 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2025-03-04 07:44:57,992 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:57,992 INFO L218 NwaCegarLoop]: trace histogram [5, 5, 5, 4, 4, 4, 4, 4, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:58,002 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (14)] Ended with exit code 0 [2025-03-04 07:44:58,196 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (15)] Ended with exit code 0 [2025-03-04 07:44:58,392 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 14 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,15 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt [2025-03-04 07:44:58,392 INFO L396 AbstractCegarLoop]: === Iteration 11 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:58,393 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:58,393 INFO L85 PathProgramCache]: Analyzing trace with hash 2078702527, now seen corresponding path program 2 times [2025-03-04 07:44:58,393 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:58,393 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [820801059] [2025-03-04 07:44:58,393 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2025-03-04 07:44:58,393 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:58,393 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:58,395 INFO L229 MonitoredProcess]: Starting monitored process 16 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:58,396 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (16)] Waiting until timeout for monitored process [2025-03-04 07:44:58,441 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 partitioned 48 statements into 2 equivalence classes. [2025-03-04 07:44:58,465 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) and asserted 48 of 48 statements. [2025-03-04 07:44:58,465 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2025-03-04 07:44:58,466 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:58,468 INFO L256 TraceCheckSpWp]: Trace formula consists of 180 conjuncts, 7 conjuncts are in the unsatisfiable core [2025-03-04 07:44:58,469 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:58,594 INFO L134 CoverageAnalysis]: Checked inductivity of 74 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2025-03-04 07:44:58,595 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:44:58,729 INFO L134 CoverageAnalysis]: Checked inductivity of 74 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2025-03-04 07:44:58,729 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:44:58,729 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [820801059] [2025-03-04 07:44:58,729 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [820801059] provided 0 perfect and 2 imperfect interpolant sequences [2025-03-04 07:44:58,729 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-04 07:44:58,729 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 8] total 14 [2025-03-04 07:44:58,729 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [659328677] [2025-03-04 07:44:58,730 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-04 07:44:58,730 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2025-03-04 07:44:58,730 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:44:58,730 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2025-03-04 07:44:58,730 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=61, Invalid=121, Unknown=0, NotChecked=0, Total=182 [2025-03-04 07:44:58,730 INFO L87 Difference]: Start difference. First operand 39 states and 49 transitions. Second operand has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) [2025-03-04 07:44:59,026 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:44:59,026 INFO L93 Difference]: Finished difference Result 66 states and 91 transitions. [2025-03-04 07:44:59,027 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2025-03-04 07:44:59,027 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) Word has length 48 [2025-03-04 07:44:59,027 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:44:59,028 INFO L225 Difference]: With dead ends: 66 [2025-03-04 07:44:59,028 INFO L226 Difference]: Without dead ends: 66 [2025-03-04 07:44:59,028 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 99 GetRequests, 82 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 45 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=131, Invalid=211, Unknown=0, NotChecked=0, Total=342 [2025-03-04 07:44:59,028 INFO L435 NwaCegarLoop]: 27 mSDtfsCounter, 77 mSDsluCounter, 100 mSDsCounter, 0 mSdLazyCounter, 146 mSolverCounterSat, 18 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 78 SdHoareTripleChecker+Valid, 127 SdHoareTripleChecker+Invalid, 164 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 18 IncrementalHoareTripleChecker+Valid, 146 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2025-03-04 07:44:59,029 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [78 Valid, 127 Invalid, 164 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [18 Valid, 146 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2025-03-04 07:44:59,030 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 66 states. [2025-03-04 07:44:59,032 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 66 to 66. [2025-03-04 07:44:59,033 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1568627450980393) internal successors, (59), 53 states have internal predecessors, (59), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2025-03-04 07:44:59,033 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 91 transitions. [2025-03-04 07:44:59,033 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 91 transitions. Word has length 48 [2025-03-04 07:44:59,036 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:44:59,036 INFO L471 AbstractCegarLoop]: Abstraction has 66 states and 91 transitions. [2025-03-04 07:44:59,036 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) [2025-03-04 07:44:59,036 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 91 transitions. [2025-03-04 07:44:59,037 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2025-03-04 07:44:59,038 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:44:59,038 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 6, 5, 5, 5, 5, 4, 4, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:44:59,045 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (16)] Ended with exit code 0 [2025-03-04 07:44:59,239 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 16 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:59,239 INFO L396 AbstractCegarLoop]: === Iteration 12 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:44:59,240 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:44:59,240 INFO L85 PathProgramCache]: Analyzing trace with hash 2031928237, now seen corresponding path program 4 times [2025-03-04 07:44:59,240 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:44:59,240 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [670378106] [2025-03-04 07:44:59,240 INFO L95 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2025-03-04 07:44:59,240 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:44:59,240 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:44:59,242 INFO L229 MonitoredProcess]: Starting monitored process 17 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:44:59,243 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (17)] Waiting until timeout for monitored process [2025-03-04 07:44:59,299 INFO L108 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST partitioned 53 statements into 2 equivalence classes. [2025-03-04 07:44:59,334 INFO L111 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 1 check-sat command(s) and asserted 53 of 53 statements. [2025-03-04 07:44:59,335 INFO L114 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 1 check-sat command(s) [2025-03-04 07:44:59,335 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:44:59,343 INFO L256 TraceCheckSpWp]: Trace formula consists of 199 conjuncts, 56 conjuncts are in the unsatisfiable core [2025-03-04 07:44:59,346 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:44:59,380 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:44:59,386 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:44:59,492 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-04 07:44:59,508 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:59,509 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:59,518 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:59,518 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:59,613 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:59,614 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:59,626 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:44:59,626 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:44:59,776 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:44:59,777 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:44:59,795 INFO L349 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2025-03-04 07:44:59,796 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2025-03-04 07:45:00,019 INFO L349 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2025-03-04 07:45:00,019 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2025-03-04 07:45:00,027 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:00,301 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:00,302 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:00,329 INFO L349 Elim1Store]: treesize reduction 18, result has 41.9 percent of original size [2025-03-04 07:45:00,329 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 4 select indices, 4 select index equivalence classes, 3 disjoint index pairs (out of 6 index pairs), introduced 4 new quantified variables, introduced 3 case distinctions, treesize of input 27 treesize of output 31 [2025-03-04 07:45:00,366 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 5 proven. 55 refuted. 0 times theorem prover too weak. 28 trivial. 18 not checked. [2025-03-04 07:45:00,366 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:45:04,687 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:45:04,687 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [670378106] [2025-03-04 07:45:04,687 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [670378106] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:45:04,690 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [2120600539] [2025-03-04 07:45:04,690 INFO L95 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2025-03-04 07:45:04,691 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-04 07:45:04,691 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-04 07:45:04,692 INFO L229 MonitoredProcess]: Starting monitored process 18 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-04 07:45:04,694 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (18)] Waiting until timeout for monitored process [2025-03-04 07:45:04,774 INFO L108 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST partitioned 53 statements into 2 equivalence classes. [2025-03-04 07:45:04,875 INFO L111 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 1 check-sat command(s) and asserted 53 of 53 statements. [2025-03-04 07:45:04,875 INFO L114 AnnotateAndAsserter]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 1 check-sat command(s) [2025-03-04 07:45:04,875 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:45:04,878 INFO L256 TraceCheckSpWp]: Trace formula consists of 199 conjuncts, 52 conjuncts are in the unsatisfiable core [2025-03-04 07:45:04,880 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:45:04,888 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:45:04,893 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:45:04,965 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:04,965 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:04,976 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:04,976 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:05,038 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:05,039 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:05,048 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:05,048 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:05,122 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:05,123 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:05,133 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:05,133 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:05,235 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:05,236 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:05,244 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:05,244 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:05,359 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:05,360 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:05,367 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:05,368 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:05,382 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 5 proven. 51 refuted. 0 times theorem prover too weak. 40 trivial. 10 not checked. [2025-03-04 07:45:05,382 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:45:05,564 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [2120600539] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:45:05,564 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-04 07:45:05,564 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [18, 17] total 22 [2025-03-04 07:45:05,564 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1518647935] [2025-03-04 07:45:05,564 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-04 07:45:05,565 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 23 states [2025-03-04 07:45:05,565 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:45:05,565 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 23 interpolants. [2025-03-04 07:45:05,565 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=84, Invalid=470, Unknown=2, NotChecked=44, Total=600 [2025-03-04 07:45:05,565 INFO L87 Difference]: Start difference. First operand 66 states and 91 transitions. Second operand has 23 states, 21 states have (on average 1.8571428571428572) internal successors, (39), 22 states have internal predecessors, (39), 8 states have call successors, (8), 2 states have call predecessors, (8), 3 states have return successors, (9), 8 states have call predecessors, (9), 8 states have call successors, (9) [2025-03-04 07:45:09,858 WARN L539 Checker$ProtectedHtc]: IncrementalHoareTripleChecker took 4.01s for a HTC check with result UNKNOWN. Formula has sorts [Array, Bool, BitVec], hasArrays=true, hasNonlinArith=false, quantifiers [0] [2025-03-04 07:45:14,436 WARN L539 Checker$ProtectedHtc]: IncrementalHoareTripleChecker took 4.03s for a HTC check with result UNKNOWN. Formula has sorts [Array, Bool, BitVec], hasArrays=true, hasNonlinArith=false, quantifiers [0] [2025-03-04 07:45:18,835 WARN L539 Checker$ProtectedHtc]: IncrementalHoareTripleChecker took 4.01s for a HTC check with result UNKNOWN. Formula has sorts [Array, Bool, BitVec], hasArrays=true, hasNonlinArith=false, quantifiers [0] [2025-03-04 07:45:23,529 WARN L539 Checker$ProtectedHtc]: IncrementalHoareTripleChecker took 4.00s for a HTC check with result UNKNOWN. Formula has sorts [Array, Bool, BitVec], hasArrays=true, hasNonlinArith=false, quantifiers [0] [2025-03-04 07:45:24,880 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:45:24,880 INFO L93 Difference]: Finished difference Result 82 states and 110 transitions. [2025-03-04 07:45:24,881 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2025-03-04 07:45:24,881 INFO L78 Accepts]: Start accepts. Automaton has has 23 states, 21 states have (on average 1.8571428571428572) internal successors, (39), 22 states have internal predecessors, (39), 8 states have call successors, (8), 2 states have call predecessors, (8), 3 states have return successors, (9), 8 states have call predecessors, (9), 8 states have call successors, (9) Word has length 53 [2025-03-04 07:45:24,881 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:45:24,882 INFO L225 Difference]: With dead ends: 82 [2025-03-04 07:45:24,882 INFO L226 Difference]: Without dead ends: 82 [2025-03-04 07:45:24,882 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 122 GetRequests, 86 SyntacticMatches, 1 SemanticMatches, 35 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 182 ImplicationChecksByTransitivity, 5.9s TimeCoverageRelationStatistics Valid=169, Invalid=1093, Unknown=2, NotChecked=68, Total=1332 [2025-03-04 07:45:24,882 INFO L435 NwaCegarLoop]: 20 mSDtfsCounter, 58 mSDsluCounter, 128 mSDsCounter, 0 mSdLazyCounter, 475 mSolverCounterSat, 37 mSolverCounterUnsat, 5 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 18.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 61 SdHoareTripleChecker+Valid, 148 SdHoareTripleChecker+Invalid, 592 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 37 IncrementalHoareTripleChecker+Valid, 475 IncrementalHoareTripleChecker+Invalid, 5 IncrementalHoareTripleChecker+Unknown, 75 IncrementalHoareTripleChecker+Unchecked, 18.2s IncrementalHoareTripleChecker+Time [2025-03-04 07:45:24,882 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [61 Valid, 148 Invalid, 592 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [37 Valid, 475 Invalid, 5 Unknown, 75 Unchecked, 18.2s Time] [2025-03-04 07:45:24,883 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 82 states. [2025-03-04 07:45:24,887 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 82 to 66. [2025-03-04 07:45:24,887 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1372549019607843) internal successors, (58), 53 states have internal predecessors, (58), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2025-03-04 07:45:24,887 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 90 transitions. [2025-03-04 07:45:24,887 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 90 transitions. Word has length 53 [2025-03-04 07:45:24,888 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:45:24,888 INFO L471 AbstractCegarLoop]: Abstraction has 66 states and 90 transitions. [2025-03-04 07:45:24,888 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 23 states, 21 states have (on average 1.8571428571428572) internal successors, (39), 22 states have internal predecessors, (39), 8 states have call successors, (8), 2 states have call predecessors, (8), 3 states have return successors, (9), 8 states have call predecessors, (9), 8 states have call successors, (9) [2025-03-04 07:45:24,888 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 90 transitions. [2025-03-04 07:45:24,888 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2025-03-04 07:45:24,888 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:45:24,889 INFO L218 NwaCegarLoop]: trace histogram [7, 7, 7, 6, 6, 6, 6, 5, 5, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:45:24,898 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (17)] Ended with exit code 0 [2025-03-04 07:45:25,093 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (18)] Forceful destruction successful, exit code 0 [2025-03-04 07:45:25,289 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 17 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,18 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt [2025-03-04 07:45:25,289 INFO L396 AbstractCegarLoop]: === Iteration 13 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:45:25,290 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:45:25,290 INFO L85 PathProgramCache]: Analyzing trace with hash -1595845573, now seen corresponding path program 5 times [2025-03-04 07:45:25,290 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:45:25,290 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [1423515991] [2025-03-04 07:45:25,290 INFO L95 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2025-03-04 07:45:25,290 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:45:25,290 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:45:25,293 INFO L229 MonitoredProcess]: Starting monitored process 19 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:45:25,293 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (19)] Waiting until timeout for monitored process [2025-03-04 07:45:25,350 INFO L108 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 partitioned 62 statements into 7 equivalence classes. [2025-03-04 07:45:25,704 INFO L111 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) and asserted 62 of 62 statements. [2025-03-04 07:45:25,704 INFO L114 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) [2025-03-04 07:45:25,704 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:45:25,713 INFO L256 TraceCheckSpWp]: Trace formula consists of 234 conjuncts, 60 conjuncts are in the unsatisfiable core [2025-03-04 07:45:25,716 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:45:25,776 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:45:25,791 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:45:26,190 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-04 07:45:26,245 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:26,246 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:26,285 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:26,285 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:26,708 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:26,709 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:26,751 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:26,752 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:27,133 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:27,134 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:27,189 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:27,189 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:27,685 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:27,686 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:27,739 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:27,739 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:28,202 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#valid)| |ldv_malloc_#res.base| (select |c_#valid| |ldv_malloc_#res.base|)) |c_#valid|) (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-04 07:45:28,271 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:28,272 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:28,364 INFO L349 Elim1Store]: treesize reduction 24, result has 33.3 percent of original size [2025-03-04 07:45:28,364 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 21 treesize of output 20 [2025-03-04 07:45:28,727 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:28,728 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:28,764 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:28,765 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:28,890 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 76 refuted. 0 times theorem prover too weak. 50 trivial. 22 not checked. [2025-03-04 07:45:28,890 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:45:29,553 INFO L136 FreeRefinementEngine]: Strategy FOX found an infeasible trace [2025-03-04 07:45:29,553 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1423515991] [2025-03-04 07:45:29,553 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1423515991] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:45:29,553 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [510684361] [2025-03-04 07:45:29,553 INFO L95 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2025-03-04 07:45:29,553 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2025-03-04 07:45:29,554 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2025-03-04 07:45:29,555 INFO L229 MonitoredProcess]: Starting monitored process 20 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2025-03-04 07:45:29,556 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (20)] Waiting until timeout for monitored process [2025-03-04 07:45:29,622 INFO L108 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 partitioned 62 statements into 7 equivalence classes. [2025-03-04 07:45:29,823 INFO L111 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) and asserted 62 of 62 statements. [2025-03-04 07:45:29,824 INFO L114 AnnotateAndAsserter]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) [2025-03-04 07:45:29,824 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:45:29,837 INFO L256 TraceCheckSpWp]: Trace formula consists of 234 conjuncts, 65 conjuncts are in the unsatisfiable core [2025-03-04 07:45:29,841 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:45:29,878 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:45:30,732 INFO L349 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2025-03-04 07:45:30,732 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2025-03-04 07:45:31,790 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:31,849 INFO L349 Elim1Store]: treesize reduction 21, result has 30.0 percent of original size [2025-03-04 07:45:31,850 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 26 treesize of output 26 [2025-03-04 07:45:31,890 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:31,890 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:32,405 INFO L349 Elim1Store]: treesize reduction 24, result has 33.3 percent of original size [2025-03-04 07:45:32,405 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 21 treesize of output 20 [2025-03-04 07:45:32,417 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:32,656 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:32,657 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:32,731 INFO L349 Elim1Store]: treesize reduction 24, result has 33.3 percent of original size [2025-03-04 07:45:32,731 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 21 treesize of output 20 [2025-03-04 07:45:32,937 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:32,938 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:32,978 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:32,978 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:33,357 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:33,358 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:33,394 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:33,394 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:33,430 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 12 proven. 82 refuted. 0 times theorem prover too weak. 28 trivial. 32 not checked. [2025-03-04 07:45:33,430 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-04 07:45:33,899 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [510684361] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-04 07:45:33,900 INFO L185 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2025-03-04 07:45:33,900 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [19, 24] total 30 [2025-03-04 07:45:33,900 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [40728430] [2025-03-04 07:45:33,900 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2025-03-04 07:45:33,900 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 31 states [2025-03-04 07:45:33,900 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy FOX [2025-03-04 07:45:33,900 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 31 interpolants. [2025-03-04 07:45:33,901 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=99, Invalid=837, Unknown=2, NotChecked=118, Total=1056 [2025-03-04 07:45:33,901 INFO L87 Difference]: Start difference. First operand 66 states and 90 transitions. Second operand has 31 states, 29 states have (on average 1.896551724137931) internal successors, (55), 27 states have internal predecessors, (55), 9 states have call successors, (9), 3 states have call predecessors, (9), 5 states have return successors, (13), 13 states have call predecessors, (13), 9 states have call successors, (13) [2025-03-04 07:45:39,512 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-04 07:45:39,512 INFO L93 Difference]: Finished difference Result 74 states and 99 transitions. [2025-03-04 07:45:39,512 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 17 states. [2025-03-04 07:45:39,512 INFO L78 Accepts]: Start accepts. Automaton has has 31 states, 29 states have (on average 1.896551724137931) internal successors, (55), 27 states have internal predecessors, (55), 9 states have call successors, (9), 3 states have call predecessors, (9), 5 states have return successors, (13), 13 states have call predecessors, (13), 9 states have call successors, (13) Word has length 62 [2025-03-04 07:45:39,513 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-04 07:45:39,513 INFO L225 Difference]: With dead ends: 74 [2025-03-04 07:45:39,513 INFO L226 Difference]: Without dead ends: 74 [2025-03-04 07:45:39,514 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 141 GetRequests, 96 SyntacticMatches, 1 SemanticMatches, 44 ConstructedPredicates, 2 IntricatePredicates, 0 DeprecatedPredicates, 253 ImplicationChecksByTransitivity, 5.4s TimeCoverageRelationStatistics Valid=199, Invalid=1699, Unknown=2, NotChecked=170, Total=2070 [2025-03-04 07:45:39,514 INFO L435 NwaCegarLoop]: 21 mSDtfsCounter, 53 mSDsluCounter, 200 mSDsCounter, 0 mSdLazyCounter, 947 mSolverCounterSat, 31 mSolverCounterUnsat, 2 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 56 SdHoareTripleChecker+Valid, 221 SdHoareTripleChecker+Invalid, 1124 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 31 IncrementalHoareTripleChecker+Valid, 947 IncrementalHoareTripleChecker+Invalid, 2 IncrementalHoareTripleChecker+Unknown, 144 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2025-03-04 07:45:39,514 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [56 Valid, 221 Invalid, 1124 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [31 Valid, 947 Invalid, 2 Unknown, 144 Unchecked, 3.8s Time] [2025-03-04 07:45:39,514 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 74 states. [2025-03-04 07:45:39,518 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 74 to 66. [2025-03-04 07:45:39,521 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1176470588235294) internal successors, (57), 53 states have internal predecessors, (57), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2025-03-04 07:45:39,522 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 89 transitions. [2025-03-04 07:45:39,522 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 89 transitions. Word has length 62 [2025-03-04 07:45:39,523 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-04 07:45:39,523 INFO L471 AbstractCegarLoop]: Abstraction has 66 states and 89 transitions. [2025-03-04 07:45:39,525 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 31 states, 29 states have (on average 1.896551724137931) internal successors, (55), 27 states have internal predecessors, (55), 9 states have call successors, (9), 3 states have call predecessors, (9), 5 states have return successors, (13), 13 states have call predecessors, (13), 9 states have call successors, (13) [2025-03-04 07:45:39,525 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 89 transitions. [2025-03-04 07:45:39,525 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2025-03-04 07:45:39,526 INFO L210 NwaCegarLoop]: Found error trace [2025-03-04 07:45:39,526 INFO L218 NwaCegarLoop]: trace histogram [8, 8, 8, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1] [2025-03-04 07:45:39,530 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (20)] Ended with exit code 0 [2025-03-04 07:45:39,735 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (19)] Forceful destruction successful, exit code 0 [2025-03-04 07:45:39,926 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 20 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt,19 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:45:39,927 INFO L396 AbstractCegarLoop]: === Iteration 14 === Targeting ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2REQUIRES_VIOLATIONMEMORY_DEREFERENCE] === [2025-03-04 07:45:39,927 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-04 07:45:39,927 INFO L85 PathProgramCache]: Analyzing trace with hash -973372563, now seen corresponding path program 6 times [2025-03-04 07:45:39,927 INFO L118 FreeRefinementEngine]: Executing refinement strategy FOX [2025-03-04 07:45:39,927 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleZ3 [234457306] [2025-03-04 07:45:39,927 INFO L95 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2025-03-04 07:45:39,927 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-04 07:45:39,927 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-04 07:45:39,929 INFO L229 MonitoredProcess]: Starting monitored process 21 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-04 07:45:39,930 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (21)] Waiting until timeout for monitored process [2025-03-04 07:45:39,994 INFO L108 AnnotateAndAsserter]: Assert order MIX_INSIDE_OUTSIDE partitioned 71 statements into 8 equivalence classes. [2025-03-04 07:45:42,299 INFO L111 AnnotateAndAsserter]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) and asserted 71 of 71 statements. [2025-03-04 07:45:42,300 INFO L114 AnnotateAndAsserter]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2025-03-04 07:45:42,300 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-04 07:45:42,306 INFO L256 TraceCheckSpWp]: Trace formula consists of 269 conjuncts, 69 conjuncts are in the unsatisfiable core [2025-03-04 07:45:42,309 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-04 07:45:42,366 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2025-03-04 07:45:42,380 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2025-03-04 07:45:42,816 WARN L873 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (store |c_old(#length)| |ldv_malloc_#res.base| (select |c_#length| |ldv_malloc_#res.base|)) |c_#length|) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2025-03-04 07:45:42,865 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:42,866 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:42,909 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:42,909 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:43,277 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:43,278 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:43,318 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:43,318 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:43,703 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:43,704 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:43,741 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:43,741 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:44,159 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:44,160 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:44,198 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:44,198 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:44,572 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:44,573 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:44,604 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:44,605 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:45,020 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:45,021 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:45,053 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:45,053 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:45,497 INFO L190 IndexEqualityManager]: detected not equals via solver [2025-03-04 07:45:45,497 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 9 [2025-03-04 07:45:45,537 INFO L349 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2025-03-04 07:45:45,537 INFO L378 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2025-03-04 07:45:45,670 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 106 refuted. 0 times theorem prover too weak. 84 trivial. 14 not checked. [2025-03-04 07:45:45,670 INFO L312 TraceCheckSpWp]: Computing backward predicates...