java -Xmx6000000000 -jar ./plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data ./data --generate-csv --csv-dir ../../../releaseScripts/default/UAutomizer-linux/csv -tc ../../../trunk/examples/toolchains/AbstractInterpretationC.xml -s ../../../trunk/examples/settings/ai/eq-bench/svcomp-DerefFreeMemtrack-32bit-Automizer_Camel+AI_EQ_imprecise.epf -i ../../../trunk/examples/svcomp/forester-heap/dll-sorted_true-unreach-call_true-valid-memsafety.i -------------------------------------------------------------------------------- This is Ultimate 0.1.23-6b94a2f [2018-01-24 16:34:11,581 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-01-24 16:34:11,583 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-01-24 16:34:11,598 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-01-24 16:34:11,598 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-01-24 16:34:11,599 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-01-24 16:34:11,600 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-01-24 16:34:11,602 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-01-24 16:34:11,604 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-01-24 16:34:11,605 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-01-24 16:34:11,606 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-01-24 16:34:11,606 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-01-24 16:34:11,607 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-01-24 16:34:11,609 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-01-24 16:34:11,610 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-01-24 16:34:11,612 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-01-24 16:34:11,614 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-01-24 16:34:11,616 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-01-24 16:34:11,617 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-01-24 16:34:11,619 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-01-24 16:34:11,621 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-01-24 16:34:11,621 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-01-24 16:34:11,621 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-01-24 16:34:11,623 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-01-24 16:34:11,624 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-01-24 16:34:11,625 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-01-24 16:34:11,625 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-01-24 16:34:11,626 INFO L177 SettingsManager]: PEA to Boogie provides no preferences, ignoring... [2018-01-24 16:34:11,626 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-01-24 16:34:11,626 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-01-24 16:34:11,627 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-01-24 16:34:11,627 INFO L98 SettingsManager]: Beginning loading settings from /storage/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/ai/eq-bench/svcomp-DerefFreeMemtrack-32bit-Automizer_Camel+AI_EQ_imprecise.epf [2018-01-24 16:34:11,637 INFO L110 SettingsManager]: Loading preferences was successful [2018-01-24 16:34:11,638 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-01-24 16:34:11,639 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-01-24 16:34:11,639 INFO L133 SettingsManager]: * to procedures, called more than once=true [2018-01-24 16:34:11,639 INFO L131 SettingsManager]: Preferences of Abstract Interpretation differ from their defaults: [2018-01-24 16:34:11,639 INFO L133 SettingsManager]: * Deactivate Weak Equivalences=true [2018-01-24 16:34:11,639 INFO L133 SettingsManager]: * Abstract domain for RCFG-of-the-future=VPDomain [2018-01-24 16:34:11,640 INFO L133 SettingsManager]: * Use the RCFG-of-the-future interface=true [2018-01-24 16:34:11,640 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-01-24 16:34:11,641 INFO L133 SettingsManager]: * sizeof long=4 [2018-01-24 16:34:11,641 INFO L133 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2018-01-24 16:34:11,641 INFO L133 SettingsManager]: * Overapproximate operations on floating types=true [2018-01-24 16:34:11,641 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-01-24 16:34:11,641 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-01-24 16:34:11,641 INFO L133 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2018-01-24 16:34:11,642 INFO L133 SettingsManager]: * Bitprecise bitfields=true [2018-01-24 16:34:11,642 INFO L133 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2018-01-24 16:34:11,642 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-01-24 16:34:11,642 INFO L133 SettingsManager]: * sizeof long double=12 [2018-01-24 16:34:11,642 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-01-24 16:34:11,643 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-01-24 16:34:11,643 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-01-24 16:34:11,643 INFO L133 SettingsManager]: * Add additional assume for each assert=false [2018-01-24 16:34:11,643 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-01-24 16:34:11,643 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-01-24 16:34:11,644 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-01-24 16:34:11,644 INFO L133 SettingsManager]: * Interpolant automaton=TWOTRACK [2018-01-24 16:34:11,644 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-01-24 16:34:11,644 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-01-24 16:34:11,644 INFO L133 SettingsManager]: * Trace refinement strategy=CAMEL [2018-01-24 16:34:11,645 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-01-24 16:34:11,645 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2018-01-24 16:34:11,645 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2018-01-24 16:34:11,646 INFO L131 SettingsManager]: Preferences of IcfgTransformer differ from their defaults: [2018-01-24 16:34:11,646 INFO L133 SettingsManager]: * TransformationType=HEAP_SEPARATOR [2018-01-24 16:34:11,682 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-01-24 16:34:11,696 INFO L266 ainManager$Toolchain]: [Toolchain 1]: Parser(s) successfully initialized [2018-01-24 16:34:11,700 INFO L222 ainManager$Toolchain]: [Toolchain 1]: Toolchain data selected. [2018-01-24 16:34:11,702 INFO L271 PluginConnector]: Initializing CDTParser... [2018-01-24 16:34:11,703 INFO L276 PluginConnector]: CDTParser initialized [2018-01-24 16:34:11,703 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/forester-heap/dll-sorted_true-unreach-call_true-valid-memsafety.i [2018-01-24 16:34:11,877 INFO L304 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-01-24 16:34:11,884 INFO L131 ToolchainWalker]: Walking toolchain with 4 elements. [2018-01-24 16:34:11,886 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-01-24 16:34:11,886 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-01-24 16:34:11,893 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-01-24 16:34:11,894 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 24.01 04:34:11" (1/1) ... [2018-01-24 16:34:11,897 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@13ee3542 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:34:11, skipping insertion in model container [2018-01-24 16:34:11,897 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 24.01 04:34:11" (1/1) ... [2018-01-24 16:34:11,918 INFO L153 Dispatcher]: Using SV-COMP mode [2018-01-24 16:34:11,962 INFO L153 Dispatcher]: Using SV-COMP mode [2018-01-24 16:34:12,092 INFO L450 PostProcessor]: Settings: Checked method=main [2018-01-24 16:34:12,118 INFO L450 PostProcessor]: Settings: Checked method=main [2018-01-24 16:34:12,129 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:34:12 WrapperNode [2018-01-24 16:34:12,130 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-01-24 16:34:12,130 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-01-24 16:34:12,131 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-01-24 16:34:12,131 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-01-24 16:34:12,145 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:34:12" (1/1) ... [2018-01-24 16:34:12,145 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:34:12" (1/1) ... [2018-01-24 16:34:12,156 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:34:12" (1/1) ... [2018-01-24 16:34:12,157 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:34:12" (1/1) ... [2018-01-24 16:34:12,161 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:34:12" (1/1) ... [2018-01-24 16:34:12,165 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:34:12" (1/1) ... [2018-01-24 16:34:12,167 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:34:12" (1/1) ... [2018-01-24 16:34:12,169 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-01-24 16:34:12,169 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-01-24 16:34:12,170 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-01-24 16:34:12,170 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-01-24 16:34:12,171 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:34:12" (1/1) ... No working directory specified, using /storage/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-01-24 16:34:12,222 INFO L136 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-01-24 16:34:12,222 INFO L136 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-01-24 16:34:12,223 INFO L136 BoogieDeclarations]: Found implementation of procedure main [2018-01-24 16:34:12,223 INFO L128 BoogieDeclarations]: Found specification of procedure write~int [2018-01-24 16:34:12,223 INFO L128 BoogieDeclarations]: Found specification of procedure read~int [2018-01-24 16:34:12,223 INFO L128 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2018-01-24 16:34:12,223 INFO L128 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2018-01-24 16:34:12,223 INFO L128 BoogieDeclarations]: Found specification of procedure ULTIMATE.free [2018-01-24 16:34:12,224 INFO L128 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2018-01-24 16:34:12,224 INFO L128 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-01-24 16:34:12,224 INFO L128 BoogieDeclarations]: Found specification of procedure malloc [2018-01-24 16:34:12,224 INFO L128 BoogieDeclarations]: Found specification of procedure free [2018-01-24 16:34:12,224 INFO L128 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_int [2018-01-24 16:34:12,224 INFO L128 BoogieDeclarations]: Found specification of procedure __VERIFIER_error [2018-01-24 16:34:12,225 INFO L128 BoogieDeclarations]: Found specification of procedure main [2018-01-24 16:34:12,225 INFO L128 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-01-24 16:34:12,225 INFO L128 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-01-24 16:34:12,877 INFO L257 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-01-24 16:34:12,878 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 24.01 04:34:12 BoogieIcfgContainer [2018-01-24 16:34:12,878 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-01-24 16:34:12,878 INFO L113 PluginConnector]: ------------------------Abstract Interpretation---------------------------- [2018-01-24 16:34:12,879 INFO L271 PluginConnector]: Initializing Abstract Interpretation... [2018-01-24 16:34:12,879 INFO L276 PluginConnector]: Abstract Interpretation initialized [2018-01-24 16:34:12,880 INFO L185 PluginConnector]: Executing the observer AbstractInterpretationRcfgObserver from plugin Abstract Interpretation for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 24.01 04:34:12" (1/1) ... [2018-01-24 16:34:12,929 INFO L101 FixpointEngine]: Starting fixpoint engine with domain VPDomain (maxUnwinding=3, maxParallelStates=2) [2018-01-24 16:34:16,685 INFO L259 AbstractInterpreter]: Some error location(s) were reachable [2018-01-24 16:34:16,762 WARN L343 cessorBacktranslator]: Generated EnsuresSpecification ensures #valid == old(#valid); is not ensure(true) [2018-01-24 16:34:16,769 INFO L268 AbstractInterpreter]: Visited 218 different actions 985 times. Merged at 150 different actions 500 times. Widened at 10 different actions 22 times. Found 51 fixpoints after 30 different actions. Largest state had 67 variables. [2018-01-24 16:34:16,771 INFO L132 PluginConnector]: ------------------------ END Abstract Interpretation---------------------------- [2018-01-24 16:34:16,772 INFO L168 Benchmark]: Toolchain (without parser) took 4894.47 ms. Allocated memory was 309.3 MB in the beginning and 603.5 MB in the end (delta: 294.1 MB). Free memory was 267.2 MB in the beginning and 241.9 MB in the end (delta: 25.4 MB). Peak memory consumption was 319.5 MB. Max. memory is 5.3 GB. [2018-01-24 16:34:16,773 INFO L168 Benchmark]: CDTParser took 0.23 ms. Allocated memory is still 309.3 MB. Free memory is still 273.2 MB. There was no memory consumed. Max. memory is 5.3 GB. [2018-01-24 16:34:16,773 INFO L168 Benchmark]: CACSL2BoogieTranslator took 244.35 ms. Allocated memory is still 309.3 MB. Free memory was 266.2 MB in the beginning and 254.0 MB in the end (delta: 12.2 MB). Peak memory consumption was 12.2 MB. Max. memory is 5.3 GB. [2018-01-24 16:34:16,774 INFO L168 Benchmark]: Boogie Preprocessor took 38.75 ms. Allocated memory is still 309.3 MB. Free memory was 254.0 MB in the beginning and 252.1 MB in the end (delta: 2.0 MB). Peak memory consumption was 2.0 MB. Max. memory is 5.3 GB. [2018-01-24 16:34:16,774 INFO L168 Benchmark]: RCFGBuilder took 708.34 ms. Allocated memory is still 309.3 MB. Free memory was 251.1 MB in the beginning and 208.1 MB in the end (delta: 43.0 MB). Peak memory consumption was 43.0 MB. Max. memory is 5.3 GB. [2018-01-24 16:34:16,775 INFO L168 Benchmark]: Abstract Interpretation took 3893.13 ms. Allocated memory was 309.3 MB in the beginning and 603.5 MB in the end (delta: 294.1 MB). Free memory was 208.1 MB in the beginning and 241.9 MB in the end (delta: -33.8 MB). Peak memory consumption was 260.4 MB. Max. memory is 5.3 GB. [2018-01-24 16:34:16,776 INFO L344 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.23 ms. Allocated memory is still 309.3 MB. Free memory is still 273.2 MB. There was no memory consumed. Max. memory is 5.3 GB. * CACSL2BoogieTranslator took 244.35 ms. Allocated memory is still 309.3 MB. Free memory was 266.2 MB in the beginning and 254.0 MB in the end (delta: 12.2 MB). Peak memory consumption was 12.2 MB. Max. memory is 5.3 GB. * Boogie Preprocessor took 38.75 ms. Allocated memory is still 309.3 MB. Free memory was 254.0 MB in the beginning and 252.1 MB in the end (delta: 2.0 MB). Peak memory consumption was 2.0 MB. Max. memory is 5.3 GB. * RCFGBuilder took 708.34 ms. Allocated memory is still 309.3 MB. Free memory was 251.1 MB in the beginning and 208.1 MB in the end (delta: 43.0 MB). Peak memory consumption was 43.0 MB. Max. memory is 5.3 GB. * Abstract Interpretation took 3893.13 ms. Allocated memory was 309.3 MB in the beginning and 603.5 MB in the end (delta: 294.1 MB). Free memory was 208.1 MB in the beginning and 241.9 MB in the end (delta: -33.8 MB). Peak memory consumption was 260.4 MB. Max. memory is 5.3 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.analysis.abstractinterpretationv2: - StatisticsResult: ArrayEqualityDomainStatistics #Locations : 157 LocStat_MAX_WEQGRAPH_SIZE : 0 LocStat_MAX_SIZEOF_WEQEDGELABEL : 0 LocStat_NO_SUPPORTING_EQUALITIES : 2210 LocStat_NO_SUPPORTING_DISEQUALITIES : 698 LocStat_NO_DISJUNCTIONS : -314 LocStat_MAX_NO_DISJUNCTIONS : -1 #Transitions : 222 TransStat_MAX_WEQGRAPH_SIZE : 0 TransStat_MAX_SIZEOF_WEQEDGELABEL : 0 TransStat_NO_SUPPORTING_EQUALITIES : 298 TransStat_NO_SUPPORTING_DISEQUALITIES : 74 TransStat_NO_DISJUNCTIONS : 250 TransStat_MAX_NO_DISJUNCTIONS : 4 - StatisticsResult: EqConstraintFactoryStatistics CONJOIN_DISJUNCTIVE(MILLISECONDS) : 0.358873 RENAME_VARIABLES(MILLISECONDS) : 0.010553 UNFREEZE(MILLISECONDS) : 0.000000 CONJOIN(MILLISECONDS) : 0.253101 PROJECTAWAY(MILLISECONDS) : 1.011109 ADD_WEAK_EQUALITY(MILLISECONDS) : 0.002292 DISJOIN(MILLISECONDS) : 0.446963 RENAME_VARIABLES_DISJUNCTIVE(MILLISECONDS) : 0.019622 ADD_EQUALITY(MILLISECONDS) : 0.018691 DISJOIN_DISJUNCTIVE(MILLISECONDS) : 0.000000 ADD_DISEQUALITY(MILLISECONDS) : 0.011812 #CONJOIN_DISJUNCTIVE : 1489 #RENAME_VARIABLES : 2952 #UNFREEZE : 0 #CONJOIN : 1841 #PROJECTAWAY : 1527 #ADD_WEAK_EQUALITY : 98 #DISJOIN : 294 #RENAME_VARIABLES_DISJUNCTIVE : 2847 #ADD_EQUALITY : 348 #DISJOIN_DISJUNCTIVE : 0 #ADD_DISEQUALITY : 64 - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND FALSE !(__VERIFIER_nondet_int()) [L1008] COND FALSE !(\read(marked)) [L1011] FCALL x->data = 0 - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] EXPR, FCALL x->next [L1019] FCALL x->next->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] EXPR, FCALL x->next [L1019] FCALL x->next->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] EXPR, FCALL x->next [L1019] EXPR, FCALL x->next->data [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND TRUE x->next != ((void*)0) && x->next->data == 0 [L1021] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND FALSE !(__VERIFIER_nondet_int()) [L1008] COND FALSE !(\read(marked)) [L1011] FCALL x->data = 0 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND TRUE x->next != ((void*)0) && __VERIFIER_nondet_int() [L1026] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] EXPR, FCALL x->next [L1019] EXPR, FCALL x->next->data [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND TRUE x->next != ((void*)0) && x->next->data == 0 [L1021] EXPR, FCALL x->next [L1021] x = x->next [L1019] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND FALSE !(__VERIFIER_nondet_int()) [L1008] COND FALSE !(\read(marked)) [L1011] FCALL x->data = 0 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND TRUE x->next != ((void*)0) && __VERIFIER_nondet_int() [L1026] EXPR, FCALL x->next [L1026] x = x->next [L1027] FCALL x->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND FALSE !(__VERIFIER_nondet_int()) [L1008] COND FALSE !(\read(marked)) [L1011] FCALL x->data = 0 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND TRUE x->next != ((void*)0) && __VERIFIER_nondet_int() [L1026] EXPR, FCALL x->next [L1026] x = x->next [L1027] FCALL x->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND FALSE !(x->next == ((void*)0)) [L1040] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND FALSE !(x->next == ((void*)0)) [L1040] EXPR, FCALL x->next [L1040] FCALL x->next->prev = tmp - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND FALSE !(x->next == ((void*)0)) [L1040] EXPR, FCALL x->next [L1040] FCALL x->next->prev = tmp - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND FALSE !(x->next == ((void*)0)) [L1040] EXPR, FCALL x->next [L1040] FCALL x->next->prev = tmp [L1041] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND FALSE !(x->next == ((void*)0)) [L1040] EXPR, FCALL x->next [L1040] FCALL x->next->prev = tmp [L1041] EXPR, FCALL x->next [L1041] FCALL tmp->next = x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] FCALL x->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND FALSE !(x->next == ((void*)0)) [L1040] EXPR, FCALL x->next [L1040] FCALL x->next->prev = tmp [L1041] EXPR, FCALL x->next [L1041] FCALL tmp->next = x->next [L1042] FCALL x->next = tmp - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND TRUE x != ((void*)0) && x->data != 1 [L1050] FCALL x->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND FALSE !(x != ((void*)0) && x->data != 1) [L1055] COND TRUE x != ((void*)0) [L1057] FCALL x->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND TRUE x != ((void*)0) && x->data != 1 [L1050] EXPR, FCALL x->data [L1050] marked = x->data [L1051] FCALL x->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND FALSE !(x != ((void*)0) && x->data != 1) [L1055] COND TRUE x != ((void*)0) [L1057] EXPR, FCALL x->data [L1057] marked = x->data [L1058] FCALL x->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] EXPR, FCALL x->next [L1019] EXPR, FCALL x->next->data [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND TRUE x->next != ((void*)0) && x->next->data == 0 [L1021] EXPR, FCALL x->next [L1021] x = x->next [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] FCALL x->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND TRUE x != ((void*)0) && x->data != 1 [L1050] EXPR, FCALL x->data [L1050] marked = x->data [L1051] EXPR, FCALL x->data [L1051] COND FALSE !(!(x->data == 0)) [L1051] COND FALSE !(0) [L1052] COND FALSE !(!(marked == 0)) [L1052] COND FALSE !(0) [L1053] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND FALSE !(x != ((void*)0) && x->data != 1) [L1055] COND TRUE x != ((void*)0) [L1057] EXPR, FCALL x->data [L1057] marked = x->data [L1058] EXPR, FCALL x->data [L1058] COND FALSE !(!(x->data == 1)) [L1058] COND FALSE !(0) [L1059] COND FALSE !(!(marked == 1)) [L1059] COND FALSE !(0) [L1060] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] EXPR, FCALL x->next [L1019] EXPR, FCALL x->next->data [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND TRUE x->next != ((void*)0) && x->next->data == 0 [L1021] EXPR, FCALL x->next [L1021] x = x->next [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND FALSE !(x != ((void*)0) && x->data != 1) [L1055] COND TRUE x != ((void*)0) [L1057] EXPR, FCALL x->data [L1057] marked = x->data [L1058] EXPR, FCALL x->data [L1058] COND FALSE !(!(x->data == 1)) [L1058] COND FALSE !(0) [L1059] COND FALSE !(!(marked == 1)) [L1059] COND FALSE !(0) [L1060] EXPR, FCALL x->next [L1060] x = x->next [L1055] COND TRUE x != ((void*)0) [L1057] FCALL x->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] EXPR, FCALL x->next [L1019] EXPR, FCALL x->next->data [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND TRUE x->next != ((void*)0) && x->next->data == 0 [L1021] EXPR, FCALL x->next [L1021] x = x->next [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND TRUE x != ((void*)0) && x->data != 1 [L1050] EXPR, FCALL x->data [L1050] marked = x->data [L1051] EXPR, FCALL x->data [L1051] COND FALSE !(!(x->data == 0)) [L1051] COND FALSE !(0) [L1052] COND FALSE !(!(marked == 0)) [L1052] COND FALSE !(0) [L1053] EXPR, FCALL x->next [L1053] x = x->next [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND TRUE x != ((void*)0) && x->data != 1 [L1050] FCALL x->data - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] EXPR, FCALL x->next [L1019] EXPR, FCALL x->next->data [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND TRUE x->next != ((void*)0) && x->next->data == 0 [L1021] EXPR, FCALL x->next [L1021] x = x->next [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND FALSE !(x != ((void*)0) && x->data != 1) [L1055] COND TRUE x != ((void*)0) [L1057] EXPR, FCALL x->data [L1057] marked = x->data [L1058] EXPR, FCALL x->data [L1058] COND FALSE !(!(x->data == 1)) [L1058] COND FALSE !(0) [L1059] COND FALSE !(!(marked == 1)) [L1059] COND FALSE !(0) [L1060] EXPR, FCALL x->next [L1060] x = x->next [L1055] COND FALSE !(x != ((void*)0)) [L1062] x = head [L1064] COND TRUE x != ((void*)0) [L1066] head = x [L1067] FCALL x->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] EXPR, FCALL x->next [L1019] EXPR, FCALL x->next->data [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND TRUE x->next != ((void*)0) && x->next->data == 0 [L1021] EXPR, FCALL x->next [L1021] x = x->next [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND TRUE x != ((void*)0) && x->data != 1 [L1050] EXPR, FCALL x->data [L1050] marked = x->data [L1051] EXPR, FCALL x->data [L1051] COND FALSE !(!(x->data == 0)) [L1051] COND FALSE !(0) [L1052] COND FALSE !(!(marked == 0)) [L1052] COND FALSE !(0) [L1053] EXPR, FCALL x->next [L1053] x = x->next [L1048] x != ((void*)0) && x->data != 1 [L1048] COND FALSE !(x != ((void*)0) && x->data != 1) [L1055] COND FALSE !(x != ((void*)0)) [L1062] x = head [L1064] COND TRUE x != ((void*)0) [L1066] head = x [L1067] FCALL x->next - UnprovableResult [Line: 983]: Unable to prove that all allocated memory was freed Unable to prove that all allocated memory was freed Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] EXPR, FCALL x->next [L1019] EXPR, FCALL x->next->data [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND TRUE x->next != ((void*)0) && x->next->data == 0 [L1021] EXPR, FCALL x->next [L1021] x = x->next [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND FALSE !(x != ((void*)0) && x->data != 1) [L1055] COND TRUE x != ((void*)0) [L1057] EXPR, FCALL x->data [L1057] marked = x->data [L1058] EXPR, FCALL x->data [L1058] COND FALSE !(!(x->data == 1)) [L1058] COND FALSE !(0) [L1059] COND FALSE !(!(marked == 1)) [L1059] COND FALSE !(0) [L1060] EXPR, FCALL x->next [L1060] x = x->next [L1055] COND FALSE !(x != ((void*)0)) [L1062] x = head [L1064] COND TRUE x != ((void*)0) [L1066] head = x [L1067] EXPR, FCALL x->next [L1067] x = x->next [L1068] FCALL free(head) [L1064] COND FALSE !(x != ((void*)0)) [L1071] return 0; - UnprovableResult [Line: 1]: Unable to prove that free always succeeds Unable to prove that free always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L986] EXPR, FCALL malloc(sizeof(SLL)) [L986] SLL* head = malloc(sizeof(SLL)); [L987] FCALL head->next = ((void*)0) [L988] FCALL head->prev = ((void*)0) [L989] FCALL head->data = 0 [L991] SLL* x = head; [L992] int marked = 0; [L995] COND TRUE __VERIFIER_nondet_int() || !marked [L998] EXPR, FCALL malloc(sizeof(SLL)) [L998] FCALL x->next = malloc(sizeof(SLL)) [L999] EXPR, FCALL x->next [L999] FCALL x->next->prev = x [L1000] EXPR, FCALL x->next [L1000] x = x->next [L1001] FCALL x->next = ((void*)0) [L1003] COND TRUE __VERIFIER_nondet_int() [L1005] marked = 1 [L1008] COND TRUE \read(marked) [L1009] FCALL x->data = 1 [L995] COND FALSE !(__VERIFIER_nondet_int() || !marked) [L1014] x = head [L1016] COND FALSE !(!(((void*)0) != x)) [L1016] COND FALSE !(0) [L1017] marked = 0 [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] EXPR, FCALL x->next [L1019] EXPR, FCALL x->next->data [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND TRUE x->next != ((void*)0) && x->next->data == 0 [L1021] EXPR, FCALL x->next [L1021] x = x->next [L1019] EXPR, FCALL x->next [L1019] x->next != ((void*)0) && x->next->data == 0 [L1019] COND FALSE !(x->next != ((void*)0) && x->next->data == 0) [L1024] EXPR, FCALL x->next [L1024] x->next != ((void*)0) && __VERIFIER_nondet_int() [L1024] COND FALSE !(x->next != ((void*)0) && __VERIFIER_nondet_int()) [L1030] EXPR, FCALL malloc(sizeof(SLL)) [L1030] SLL* tmp = malloc(sizeof(SLL)); [L1031] FCALL tmp->data = 1 [L1032] FCALL tmp->next = ((void*)0) [L1033] FCALL tmp->prev = x [L1034] EXPR, FCALL x->next [L1034] COND TRUE x->next == ((void*)0) [L1036] FCALL x->next = tmp [L1045] marked = 0 [L1046] x = head [L1048] x != ((void*)0) && x->data != 1 [L1048] EXPR, FCALL x->data [L1048] x != ((void*)0) && x->data != 1 [L1048] COND FALSE !(x != ((void*)0) && x->data != 1) [L1055] COND TRUE x != ((void*)0) [L1057] EXPR, FCALL x->data [L1057] marked = x->data [L1058] EXPR, FCALL x->data [L1058] COND FALSE !(!(x->data == 1)) [L1058] COND FALSE !(0) [L1059] COND FALSE !(!(marked == 1)) [L1059] COND FALSE !(0) [L1060] EXPR, FCALL x->next [L1060] x = x->next [L1055] COND FALSE !(x != ((void*)0)) [L1062] x = head [L1064] COND TRUE x != ((void*)0) [L1066] head = x [L1067] EXPR, FCALL x->next [L1067] x = x->next [L1068] FCALL free(head) [L1064] COND TRUE x != ((void*)0) [L1066] head = x [L1067] EXPR, FCALL x->next [L1067] x = x->next [L1068] FCALL free(head) - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location * Results from de.uni_freiburg.informatik.ultimate.boogie.preprocessor: - GenericResult: Unfinished Backtranslation Generated EnsuresSpecification ensures #valid == old(#valid); is not ensure(true) RESULT: Ultimate could not prove your program: unable to determine feasibility of some traces Written .csv to /storage/ultimate/releaseScripts/default/UAutomizer-linux/../../../releaseScripts/default/UAutomizer-linux/csv/dll-sorted_true-unreach-call_true-valid-memsafety.i_svcomp-DerefFreeMemtrack-32bit-Automizer_Camel+AI_EQ_imprecise.epf_AbstractInterpretationC.xml/Csv-Benchmark-0-2018-01-24_16-34-16-790.csv Written .csv to /storage/ultimate/releaseScripts/default/UAutomizer-linux/../../../releaseScripts/default/UAutomizer-linux/csv/dll-sorted_true-unreach-call_true-valid-memsafety.i_svcomp-DerefFreeMemtrack-32bit-Automizer_Camel+AI_EQ_imprecise.epf_AbstractInterpretationC.xml/Csv-VPDomainBenchmark-0-2018-01-24_16-34-16-790.csv Written .csv to /storage/ultimate/releaseScripts/default/UAutomizer-linux/../../../releaseScripts/default/UAutomizer-linux/csv/dll-sorted_true-unreach-call_true-valid-memsafety.i_svcomp-DerefFreeMemtrack-32bit-Automizer_Camel+AI_EQ_imprecise.epf_AbstractInterpretationC.xml/Csv-BenchmarkWithCounters-0-2018-01-24_16-34-16-790.csv Received shutdown request...