java -Xmx6000000000 -jar ./plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data ./data --generate-csv --csv-dir ../../../releaseScripts/default/UAutomizer-linux/csv -tc ../../../trunk/examples/toolchains/AbstractInterpretationC.xml -s ../../../trunk/examples/settings/ai/eq-bench/svcomp-DerefFreeMemtrack-32bit-Automizer_Camel+AI_EQ_imprecise.epf -i ../../../trunk/examples/svcomp/memsafety/test-0134_true-valid-memsafety.i -------------------------------------------------------------------------------- This is Ultimate 0.1.23-6b94a2f [2018-01-24 16:25:30,096 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-01-24 16:25:30,122 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-01-24 16:25:30,135 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-01-24 16:25:30,135 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-01-24 16:25:30,136 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-01-24 16:25:30,137 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-01-24 16:25:30,139 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-01-24 16:25:30,141 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-01-24 16:25:30,142 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-01-24 16:25:30,143 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-01-24 16:25:30,143 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-01-24 16:25:30,144 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-01-24 16:25:30,145 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-01-24 16:25:30,146 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-01-24 16:25:30,149 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-01-24 16:25:30,151 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-01-24 16:25:30,153 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-01-24 16:25:30,154 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-01-24 16:25:30,155 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-01-24 16:25:30,157 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-01-24 16:25:30,157 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-01-24 16:25:30,158 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-01-24 16:25:30,159 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-01-24 16:25:30,160 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-01-24 16:25:30,161 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-01-24 16:25:30,161 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-01-24 16:25:30,161 INFO L177 SettingsManager]: PEA to Boogie provides no preferences, ignoring... [2018-01-24 16:25:30,162 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-01-24 16:25:30,162 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-01-24 16:25:30,162 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-01-24 16:25:30,163 INFO L98 SettingsManager]: Beginning loading settings from /storage/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/ai/eq-bench/svcomp-DerefFreeMemtrack-32bit-Automizer_Camel+AI_EQ_imprecise.epf [2018-01-24 16:25:30,172 INFO L110 SettingsManager]: Loading preferences was successful [2018-01-24 16:25:30,173 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-01-24 16:25:30,174 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-01-24 16:25:30,174 INFO L133 SettingsManager]: * to procedures, called more than once=true [2018-01-24 16:25:30,174 INFO L131 SettingsManager]: Preferences of Abstract Interpretation differ from their defaults: [2018-01-24 16:25:30,174 INFO L133 SettingsManager]: * Deactivate Weak Equivalences=true [2018-01-24 16:25:30,174 INFO L133 SettingsManager]: * Abstract domain for RCFG-of-the-future=VPDomain [2018-01-24 16:25:30,175 INFO L133 SettingsManager]: * Use the RCFG-of-the-future interface=true [2018-01-24 16:25:30,175 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-01-24 16:25:30,175 INFO L133 SettingsManager]: * sizeof long=4 [2018-01-24 16:25:30,176 INFO L133 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2018-01-24 16:25:30,176 INFO L133 SettingsManager]: * Overapproximate operations on floating types=true [2018-01-24 16:25:30,176 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-01-24 16:25:30,176 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-01-24 16:25:30,176 INFO L133 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2018-01-24 16:25:30,177 INFO L133 SettingsManager]: * Bitprecise bitfields=true [2018-01-24 16:25:30,177 INFO L133 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2018-01-24 16:25:30,177 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-01-24 16:25:30,177 INFO L133 SettingsManager]: * sizeof long double=12 [2018-01-24 16:25:30,177 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-01-24 16:25:30,178 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-01-24 16:25:30,178 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-01-24 16:25:30,178 INFO L133 SettingsManager]: * Add additional assume for each assert=false [2018-01-24 16:25:30,178 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-01-24 16:25:30,178 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-01-24 16:25:30,179 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-01-24 16:25:30,179 INFO L133 SettingsManager]: * Interpolant automaton=TWOTRACK [2018-01-24 16:25:30,179 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-01-24 16:25:30,179 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-01-24 16:25:30,179 INFO L133 SettingsManager]: * Trace refinement strategy=CAMEL [2018-01-24 16:25:30,180 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-01-24 16:25:30,180 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2018-01-24 16:25:30,180 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2018-01-24 16:25:30,181 INFO L131 SettingsManager]: Preferences of IcfgTransformer differ from their defaults: [2018-01-24 16:25:30,181 INFO L133 SettingsManager]: * TransformationType=HEAP_SEPARATOR [2018-01-24 16:25:30,216 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-01-24 16:25:30,229 INFO L266 ainManager$Toolchain]: [Toolchain 1]: Parser(s) successfully initialized [2018-01-24 16:25:30,233 INFO L222 ainManager$Toolchain]: [Toolchain 1]: Toolchain data selected. [2018-01-24 16:25:30,235 INFO L271 PluginConnector]: Initializing CDTParser... [2018-01-24 16:25:30,235 INFO L276 PluginConnector]: CDTParser initialized [2018-01-24 16:25:30,236 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/memsafety/test-0134_true-valid-memsafety.i [2018-01-24 16:25:30,438 INFO L304 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-01-24 16:25:30,445 INFO L131 ToolchainWalker]: Walking toolchain with 4 elements. [2018-01-24 16:25:30,445 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-01-24 16:25:30,445 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-01-24 16:25:30,451 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-01-24 16:25:30,452 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 24.01 04:25:30" (1/1) ... [2018-01-24 16:25:30,455 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@2c400e63 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:25:30, skipping insertion in model container [2018-01-24 16:25:30,456 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 24.01 04:25:30" (1/1) ... [2018-01-24 16:25:30,476 INFO L153 Dispatcher]: Using SV-COMP mode [2018-01-24 16:25:30,518 INFO L153 Dispatcher]: Using SV-COMP mode [2018-01-24 16:25:30,642 INFO L450 PostProcessor]: Settings: Checked method=main [2018-01-24 16:25:30,663 INFO L450 PostProcessor]: Settings: Checked method=main [2018-01-24 16:25:30,675 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:25:30 WrapperNode [2018-01-24 16:25:30,675 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-01-24 16:25:30,676 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-01-24 16:25:30,676 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-01-24 16:25:30,676 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-01-24 16:25:30,690 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:25:30" (1/1) ... [2018-01-24 16:25:30,690 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:25:30" (1/1) ... [2018-01-24 16:25:30,702 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:25:30" (1/1) ... [2018-01-24 16:25:30,702 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:25:30" (1/1) ... [2018-01-24 16:25:30,711 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:25:30" (1/1) ... [2018-01-24 16:25:30,714 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:25:30" (1/1) ... [2018-01-24 16:25:30,716 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:25:30" (1/1) ... [2018-01-24 16:25:30,718 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-01-24 16:25:30,719 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-01-24 16:25:30,719 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-01-24 16:25:30,719 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-01-24 16:25:30,720 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 24.01 04:25:30" (1/1) ... No working directory specified, using /storage/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-01-24 16:25:30,770 INFO L136 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-01-24 16:25:30,770 INFO L136 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-01-24 16:25:30,771 INFO L136 BoogieDeclarations]: Found implementation of procedure list_empty [2018-01-24 16:25:30,771 INFO L136 BoogieDeclarations]: Found implementation of procedure __list_add [2018-01-24 16:25:30,771 INFO L136 BoogieDeclarations]: Found implementation of procedure __list_del [2018-01-24 16:25:30,771 INFO L136 BoogieDeclarations]: Found implementation of procedure list_add [2018-01-24 16:25:30,771 INFO L136 BoogieDeclarations]: Found implementation of procedure list_del [2018-01-24 16:25:30,771 INFO L136 BoogieDeclarations]: Found implementation of procedure list_move [2018-01-24 16:25:30,771 INFO L136 BoogieDeclarations]: Found implementation of procedure gl_insert [2018-01-24 16:25:30,772 INFO L136 BoogieDeclarations]: Found implementation of procedure gl_read [2018-01-24 16:25:30,772 INFO L136 BoogieDeclarations]: Found implementation of procedure gl_destroy [2018-01-24 16:25:30,772 INFO L136 BoogieDeclarations]: Found implementation of procedure val_from_node [2018-01-24 16:25:30,772 INFO L136 BoogieDeclarations]: Found implementation of procedure gl_seek_max [2018-01-24 16:25:30,772 INFO L136 BoogieDeclarations]: Found implementation of procedure gl_sort [2018-01-24 16:25:30,772 INFO L136 BoogieDeclarations]: Found implementation of procedure main [2018-01-24 16:25:30,772 INFO L128 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2018-01-24 16:25:30,773 INFO L128 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2018-01-24 16:25:30,773 INFO L128 BoogieDeclarations]: Found specification of procedure write~int [2018-01-24 16:25:30,773 INFO L128 BoogieDeclarations]: Found specification of procedure read~int [2018-01-24 16:25:30,773 INFO L128 BoogieDeclarations]: Found specification of procedure ULTIMATE.free [2018-01-24 16:25:30,773 INFO L128 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2018-01-24 16:25:30,773 INFO L128 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-01-24 16:25:30,774 INFO L128 BoogieDeclarations]: Found specification of procedure free [2018-01-24 16:25:30,774 INFO L128 BoogieDeclarations]: Found specification of procedure abort [2018-01-24 16:25:30,774 INFO L128 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_int [2018-01-24 16:25:30,774 INFO L128 BoogieDeclarations]: Found specification of procedure list_empty [2018-01-24 16:25:30,774 INFO L128 BoogieDeclarations]: Found specification of procedure __list_add [2018-01-24 16:25:30,774 INFO L128 BoogieDeclarations]: Found specification of procedure __list_del [2018-01-24 16:25:30,775 INFO L128 BoogieDeclarations]: Found specification of procedure list_add [2018-01-24 16:25:30,775 INFO L128 BoogieDeclarations]: Found specification of procedure list_del [2018-01-24 16:25:30,775 INFO L128 BoogieDeclarations]: Found specification of procedure list_move [2018-01-24 16:25:30,775 INFO L128 BoogieDeclarations]: Found specification of procedure gl_insert [2018-01-24 16:25:30,775 INFO L128 BoogieDeclarations]: Found specification of procedure gl_read [2018-01-24 16:25:30,775 INFO L128 BoogieDeclarations]: Found specification of procedure gl_destroy [2018-01-24 16:25:30,776 INFO L128 BoogieDeclarations]: Found specification of procedure val_from_node [2018-01-24 16:25:30,776 INFO L128 BoogieDeclarations]: Found specification of procedure gl_seek_max [2018-01-24 16:25:30,776 INFO L128 BoogieDeclarations]: Found specification of procedure gl_sort [2018-01-24 16:25:30,776 INFO L128 BoogieDeclarations]: Found specification of procedure main [2018-01-24 16:25:30,776 INFO L128 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-01-24 16:25:30,776 INFO L128 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-01-24 16:25:31,320 INFO L257 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-01-24 16:25:31,321 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 24.01 04:25:31 BoogieIcfgContainer [2018-01-24 16:25:31,321 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-01-24 16:25:31,321 INFO L113 PluginConnector]: ------------------------Abstract Interpretation---------------------------- [2018-01-24 16:25:31,321 INFO L271 PluginConnector]: Initializing Abstract Interpretation... [2018-01-24 16:25:31,322 INFO L276 PluginConnector]: Abstract Interpretation initialized [2018-01-24 16:25:31,322 INFO L185 PluginConnector]: Executing the observer AbstractInterpretationRcfgObserver from plugin Abstract Interpretation for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 24.01 04:25:31" (1/1) ... [2018-01-24 16:25:31,371 INFO L101 FixpointEngine]: Starting fixpoint engine with domain VPDomain (maxUnwinding=3, maxParallelStates=2) [2018-01-24 16:25:35,483 INFO L259 AbstractInterpreter]: Some error location(s) were reachable [2018-01-24 16:25:35,526 WARN L343 cessorBacktranslator]: Generated EnsuresSpecification ensures #valid == old(#valid); is not ensure(true) [2018-01-24 16:25:35,553 INFO L268 AbstractInterpreter]: Visited 195 different actions 752 times. Merged at 45 different actions 143 times. Never widened. Found 30 fixpoints after 12 different actions. Largest state had 35 variables. [2018-01-24 16:25:35,555 INFO L132 PluginConnector]: ------------------------ END Abstract Interpretation---------------------------- [2018-01-24 16:25:35,556 INFO L168 Benchmark]: Toolchain (without parser) took 5117.17 ms. Allocated memory was 306.2 MB in the beginning and 641.2 MB in the end (delta: 335.0 MB). Free memory was 266.1 MB in the beginning and 399.7 MB in the end (delta: -133.6 MB). Peak memory consumption was 201.4 MB. Max. memory is 5.3 GB. [2018-01-24 16:25:35,557 INFO L168 Benchmark]: CDTParser took 0.17 ms. Allocated memory is still 306.2 MB. Free memory is still 272.1 MB. There was no memory consumed. Max. memory is 5.3 GB. [2018-01-24 16:25:35,557 INFO L168 Benchmark]: CACSL2BoogieTranslator took 229.99 ms. Allocated memory is still 306.2 MB. Free memory was 265.1 MB in the beginning and 253.0 MB in the end (delta: 12.1 MB). Peak memory consumption was 12.1 MB. Max. memory is 5.3 GB. [2018-01-24 16:25:35,557 INFO L168 Benchmark]: Boogie Preprocessor took 42.75 ms. Allocated memory is still 306.2 MB. Free memory was 253.0 MB in the beginning and 251.0 MB in the end (delta: 2.0 MB). Peak memory consumption was 2.0 MB. Max. memory is 5.3 GB. [2018-01-24 16:25:35,558 INFO L168 Benchmark]: RCFGBuilder took 602.02 ms. Allocated memory is still 306.2 MB. Free memory was 251.0 MB in the beginning and 209.0 MB in the end (delta: 42.1 MB). Peak memory consumption was 42.1 MB. Max. memory is 5.3 GB. [2018-01-24 16:25:35,558 INFO L168 Benchmark]: Abstract Interpretation took 4233.90 ms. Allocated memory was 306.2 MB in the beginning and 641.2 MB in the end (delta: 335.0 MB). Free memory was 209.0 MB in the beginning and 399.7 MB in the end (delta: -190.7 MB). Peak memory consumption was 144.3 MB. Max. memory is 5.3 GB. [2018-01-24 16:25:35,560 INFO L344 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.17 ms. Allocated memory is still 306.2 MB. Free memory is still 272.1 MB. There was no memory consumed. Max. memory is 5.3 GB. * CACSL2BoogieTranslator took 229.99 ms. Allocated memory is still 306.2 MB. Free memory was 265.1 MB in the beginning and 253.0 MB in the end (delta: 12.1 MB). Peak memory consumption was 12.1 MB. Max. memory is 5.3 GB. * Boogie Preprocessor took 42.75 ms. Allocated memory is still 306.2 MB. Free memory was 253.0 MB in the beginning and 251.0 MB in the end (delta: 2.0 MB). Peak memory consumption was 2.0 MB. Max. memory is 5.3 GB. * RCFGBuilder took 602.02 ms. Allocated memory is still 306.2 MB. Free memory was 251.0 MB in the beginning and 209.0 MB in the end (delta: 42.1 MB). Peak memory consumption was 42.1 MB. Max. memory is 5.3 GB. * Abstract Interpretation took 4233.90 ms. Allocated memory was 306.2 MB in the beginning and 641.2 MB in the end (delta: 335.0 MB). Free memory was 209.0 MB in the beginning and 399.7 MB in the end (delta: -190.7 MB). Peak memory consumption was 144.3 MB. Max. memory is 5.3 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.analysis.abstractinterpretationv2: - StatisticsResult: ArrayEqualityDomainStatistics #Locations : 160 LocStat_MAX_WEQGRAPH_SIZE : 0 LocStat_MAX_SIZEOF_WEQEDGELABEL : 0 LocStat_NO_SUPPORTING_EQUALITIES : 1581 LocStat_NO_SUPPORTING_DISEQUALITIES : 539 LocStat_NO_DISJUNCTIONS : -320 LocStat_MAX_NO_DISJUNCTIONS : -1 #Transitions : 223 TransStat_MAX_WEQGRAPH_SIZE : 0 TransStat_MAX_SIZEOF_WEQEDGELABEL : 0 TransStat_NO_SUPPORTING_EQUALITIES : 364 TransStat_NO_SUPPORTING_DISEQUALITIES : 55 TransStat_NO_DISJUNCTIONS : 251 TransStat_MAX_NO_DISJUNCTIONS : 4 - StatisticsResult: EqConstraintFactoryStatistics CONJOIN_DISJUNCTIVE(MILLISECONDS) : 0.299941 RENAME_VARIABLES(MILLISECONDS) : 0.685761 UNFREEZE(MILLISECONDS) : 0.000000 CONJOIN(MILLISECONDS) : 0.270799 PROJECTAWAY(MILLISECONDS) : 0.313432 ADD_WEAK_EQUALITY(MILLISECONDS) : 0.002890 DISJOIN(MILLISECONDS) : 0.275045 RENAME_VARIABLES_DISJUNCTIVE(MILLISECONDS) : 0.725729 ADD_EQUALITY(MILLISECONDS) : 0.021885 DISJOIN_DISJUNCTIVE(MILLISECONDS) : 0.000000 ADD_DISEQUALITY(MILLISECONDS) : 0.017639 #CONJOIN_DISJUNCTIVE : 1255 #RENAME_VARIABLES : 3070 #UNFREEZE : 0 #CONJOIN : 2376 #PROJECTAWAY : 2066 #ADD_WEAK_EQUALITY : 93 #DISJOIN : 705 #RENAME_VARIABLES_DISJUNCTIVE : 2886 #ADD_EQUALITY : 413 #DISJOIN_DISJUNCTIVE : 0 #ADD_DISEQUALITY : 45 - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] FCALL head->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] FCALL head->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] FCALL prev->next = new - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] FCALL head->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND TRUE, RET list_empty(&gl_list) [L717] gl_sort() [L718] CALL gl_destroy() [L678] struct list_head *next; [L679] FCALL gl_list.next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] FCALL head->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND TRUE, RET list_empty(&gl_list) [L717] gl_sort() [L718] CALL gl_destroy() [L678] struct list_head *next; [L679] EXPR, FCALL gl_list.next [L679] EXPR next = gl_list.next [L679] COND TRUE &gl_list != (next = gl_list.next) [L680] FCALL next->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND TRUE, RET list_empty(&gl_list) [L717] gl_sort() [L718] CALL gl_destroy() [L678] struct list_head *next; [L679] EXPR, FCALL gl_list.next [L679] EXPR next = gl_list.next [L679] COND TRUE &gl_list != (next = gl_list.next) [L680] EXPR, FCALL next->next [L680] FCALL gl_list.next = next->next - UnprovableResult [Line: 1]: Unable to prove that free always succeeds Unable to prove that free always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND TRUE, RET list_empty(&gl_list) [L717] gl_sort() [L718] CALL gl_destroy() [L678] struct list_head *next; [L679] EXPR, FCALL gl_list.next [L679] EXPR next = gl_list.next [L679] COND TRUE &gl_list != (next = gl_list.next) [L680] EXPR, FCALL next->next [L680] FCALL gl_list.next = next->next [L681] FCALL free(((struct node *)((char *)(next)-(unsigned long)(&((struct node *)0)->linkage)))) - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND TRUE, RET list_empty(&gl_list) [L717] gl_sort() [L718] CALL gl_destroy() [L678] struct list_head *next; [L679] EXPR, FCALL gl_list.next [L679] EXPR next = gl_list.next [L679] COND TRUE &gl_list != (next = gl_list.next) [L680] EXPR, FCALL next->next [L680] FCALL gl_list.next = next->next [L681] FCALL free(((struct node *)((char *)(next)-(unsigned long)(&((struct node *)0)->linkage)))) [L679] FCALL gl_list.next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND FALSE !(list_empty(&gl_list)) [L692] struct list_head *pos, *max_pos = gl_list.next; [L692] FCALL gl_list.next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND TRUE, RET list_empty(&gl_list) [L717] gl_sort() [L718] CALL gl_destroy() [L678] struct list_head *next; [L679] EXPR, FCALL gl_list.next [L679] EXPR next = gl_list.next [L679] COND TRUE &gl_list != (next = gl_list.next) [L680] EXPR, FCALL next->next [L680] FCALL gl_list.next = next->next [L681] FCALL free(((struct node *)((char *)(next)-(unsigned long)(&((struct node *)0)->linkage)))) [L679] EXPR, FCALL gl_list.next [L679] EXPR next = gl_list.next [L679] COND TRUE &gl_list != (next = gl_list.next) [L680] FCALL next->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND FALSE !(list_empty(&gl_list)) [L692] struct list_head *pos, *max_pos = gl_list.next; [L692] EXPR, FCALL gl_list.next [L692] struct list_head *pos, *max_pos = gl_list.next; [L693] CALL val_from_node(max_pos) [L685] struct node *entry = ((struct node *)((char *)(head)-(unsigned long)(&((struct node *)0)->linkage))); [L686] FCALL entry->value - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND FALSE !(list_empty(&gl_list)) [L692] struct list_head *pos, *max_pos = gl_list.next; [L692] EXPR, FCALL gl_list.next [L692] struct list_head *pos, *max_pos = gl_list.next; [L693] CALL val_from_node(max_pos) [L685] struct node *entry = ((struct node *)((char *)(head)-(unsigned long)(&((struct node *)0)->linkage))); [L686] FCALL entry->value - UnprovableResult [Line: 714]: Unable to prove that all allocated memory was freed Unable to prove that all allocated memory was freed Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND TRUE, RET list_empty(&gl_list) [L717] gl_sort() [L718] CALL gl_destroy() [L678] struct list_head *next; [L679] EXPR, FCALL gl_list.next [L679] EXPR next = gl_list.next [L679] COND TRUE &gl_list != (next = gl_list.next) [L680] EXPR, FCALL next->next [L680] FCALL gl_list.next = next->next [L681] FCALL free(((struct node *)((char *)(next)-(unsigned long)(&((struct node *)0)->linkage)))) [L679] EXPR, FCALL gl_list.next [L679] EXPR next = gl_list.next [L679] COND FALSE, RET !(&gl_list != (next = gl_list.next)) [L718] gl_destroy() [L719] return 0; - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND FALSE !(list_empty(&gl_list)) [L692] struct list_head *pos, *max_pos = gl_list.next; [L692] EXPR, FCALL gl_list.next [L692] struct list_head *pos, *max_pos = gl_list.next; [L693] CALL, EXPR val_from_node(max_pos) [L685] struct node *entry = ((struct node *)((char *)(head)-(unsigned long)(&((struct node *)0)->linkage))); [L686] EXPR, FCALL entry->value [L686] RET return entry->value; [L693] EXPR val_from_node(max_pos) [L693] int max = val_from_node(max_pos); [L694] FCALL max_pos->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL, EXPR gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND TRUE list_empty(&gl_list) [L691] RET return ((void *)0); [L709] EXPR gl_seek_max() [L709] EXPR max_pos = gl_seek_max() [L709] COND FALSE !((max_pos = gl_seek_max())) [L711] CALL list_add(&gl_list, &dst) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] RET __list_add(new, head, head->next) [L711] list_add(&gl_list, &dst) [L712] CALL list_del(&dst) [L647] FCALL entry->prev - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL, EXPR gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND FALSE !(list_empty(&gl_list)) [L692] struct list_head *pos, *max_pos = gl_list.next; [L692] EXPR, FCALL gl_list.next [L692] struct list_head *pos, *max_pos = gl_list.next; [L693] CALL, EXPR val_from_node(max_pos) [L685] struct node *entry = ((struct node *)((char *)(head)-(unsigned long)(&((struct node *)0)->linkage))); [L686] EXPR, FCALL entry->value [L686] RET return entry->value; [L693] EXPR val_from_node(max_pos) [L693] int max = val_from_node(max_pos); [L694] EXPR, FCALL max_pos->next [L694] pos = max_pos->next [L694] COND FALSE !(&gl_list != pos) [L701] RET return max_pos; [L709] EXPR gl_seek_max() [L709] EXPR max_pos = gl_seek_max() [L709] COND TRUE (max_pos = gl_seek_max()) [L710] CALL list_move(max_pos, &dst) [L653] FCALL list->prev - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL, EXPR gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND TRUE list_empty(&gl_list) [L691] RET return ((void *)0); [L709] EXPR gl_seek_max() [L709] EXPR max_pos = gl_seek_max() [L709] COND FALSE !((max_pos = gl_seek_max())) [L711] CALL list_add(&gl_list, &dst) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] RET __list_add(new, head, head->next) [L711] list_add(&gl_list, &dst) [L712] CALL list_del(&dst) [L647] FCALL entry->prev [L647] FCALL entry->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL, EXPR gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND FALSE !(list_empty(&gl_list)) [L692] struct list_head *pos, *max_pos = gl_list.next; [L692] EXPR, FCALL gl_list.next [L692] struct list_head *pos, *max_pos = gl_list.next; [L693] CALL, EXPR val_from_node(max_pos) [L685] struct node *entry = ((struct node *)((char *)(head)-(unsigned long)(&((struct node *)0)->linkage))); [L686] EXPR, FCALL entry->value [L686] RET return entry->value; [L693] EXPR val_from_node(max_pos) [L693] int max = val_from_node(max_pos); [L694] EXPR, FCALL max_pos->next [L694] pos = max_pos->next [L694] COND FALSE !(&gl_list != pos) [L701] RET return max_pos; [L709] EXPR gl_seek_max() [L709] EXPR max_pos = gl_seek_max() [L709] COND TRUE (max_pos = gl_seek_max()) [L710] CALL list_move(max_pos, &dst) [L653] FCALL list->prev [L653] FCALL list->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND FALSE !(list_empty(&gl_list)) [L692] struct list_head *pos, *max_pos = gl_list.next; [L692] EXPR, FCALL gl_list.next [L692] struct list_head *pos, *max_pos = gl_list.next; [L693] CALL, EXPR val_from_node(max_pos) [L685] struct node *entry = ((struct node *)((char *)(head)-(unsigned long)(&((struct node *)0)->linkage))); [L686] EXPR, FCALL entry->value [L686] RET return entry->value; [L693] EXPR val_from_node(max_pos) [L693] int max = val_from_node(max_pos); [L694] EXPR, FCALL max_pos->next [L694] pos = max_pos->next [L694] COND TRUE &gl_list != pos [L695] CALL, EXPR val_from_node(pos) [L685] struct node *entry = ((struct node *)((char *)(head)-(unsigned long)(&((struct node *)0)->linkage))); [L686] EXPR, FCALL entry->value [L686] RET return entry->value; [L695] EXPR val_from_node(pos) [L695] const int value = val_from_node(pos); [L696] COND TRUE value < max [L694] FCALL pos->next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL, EXPR gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND TRUE list_empty(&gl_list) [L691] RET return ((void *)0); [L709] EXPR gl_seek_max() [L709] EXPR max_pos = gl_seek_max() [L709] COND FALSE !((max_pos = gl_seek_max())) [L711] CALL list_add(&gl_list, &dst) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] RET __list_add(new, head, head->next) [L711] list_add(&gl_list, &dst) [L712] CALL list_del(&dst) [L647] EXPR, FCALL entry->prev [L647] EXPR, FCALL entry->next [L647] CALL __list_del(entry->prev, entry->next) [L638] FCALL next->prev = prev - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL, EXPR gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND TRUE list_empty(&gl_list) [L691] RET return ((void *)0); [L709] EXPR gl_seek_max() [L709] EXPR max_pos = gl_seek_max() [L709] COND FALSE !((max_pos = gl_seek_max())) [L711] CALL list_add(&gl_list, &dst) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] RET __list_add(new, head, head->next) [L711] list_add(&gl_list, &dst) [L712] CALL list_del(&dst) [L647] EXPR, FCALL entry->prev [L647] EXPR, FCALL entry->next [L647] CALL __list_del(entry->prev, entry->next) [L638] FCALL next->prev = prev [L639] FCALL prev->next = next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL, EXPR gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND TRUE list_empty(&gl_list) [L691] RET return ((void *)0); [L709] EXPR gl_seek_max() [L709] EXPR max_pos = gl_seek_max() [L709] COND FALSE !((max_pos = gl_seek_max())) [L711] CALL list_add(&gl_list, &dst) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] RET __list_add(new, head, head->next) [L711] list_add(&gl_list, &dst) [L712] CALL list_del(&dst) [L647] EXPR, FCALL entry->prev [L647] EXPR, FCALL entry->next [L647] CALL __list_del(entry->prev, entry->next) [L638] FCALL next->prev = prev [L639] FCALL prev->next = next - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL, EXPR gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND TRUE list_empty(&gl_list) [L691] RET return ((void *)0); [L709] EXPR gl_seek_max() [L709] EXPR max_pos = gl_seek_max() [L709] COND FALSE !((max_pos = gl_seek_max())) [L711] CALL list_add(&gl_list, &dst) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] RET __list_add(new, head, head->next) [L711] list_add(&gl_list, &dst) [L712] CALL list_del(&dst) [L647] EXPR, FCALL entry->prev [L647] EXPR, FCALL entry->next [L647] CALL __list_del(entry->prev, entry->next) [L638] FCALL next->prev = prev [L639] RET, FCALL prev->next = next [L647] __list_del(entry->prev, entry->next) [L648] FCALL entry->next = (void *) 0 - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL, EXPR gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND TRUE list_empty(&gl_list) [L691] RET return ((void *)0); [L709] EXPR gl_seek_max() [L709] EXPR max_pos = gl_seek_max() [L709] COND FALSE !((max_pos = gl_seek_max())) [L711] CALL list_add(&gl_list, &dst) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] RET __list_add(new, head, head->next) [L711] list_add(&gl_list, &dst) [L712] CALL list_del(&dst) [L647] EXPR, FCALL entry->prev [L647] EXPR, FCALL entry->next [L647] CALL __list_del(entry->prev, entry->next) [L638] FCALL next->prev = prev [L639] RET, FCALL prev->next = next [L647] __list_del(entry->prev, entry->next) [L648] FCALL entry->next = (void *) 0 [L649] FCALL entry->prev = (void *) 0 - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL, EXPR gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND FALSE !(list_empty(&gl_list)) [L692] struct list_head *pos, *max_pos = gl_list.next; [L692] EXPR, FCALL gl_list.next [L692] struct list_head *pos, *max_pos = gl_list.next; [L693] CALL, EXPR val_from_node(max_pos) [L685] struct node *entry = ((struct node *)((char *)(head)-(unsigned long)(&((struct node *)0)->linkage))); [L686] EXPR, FCALL entry->value [L686] RET return entry->value; [L693] EXPR val_from_node(max_pos) [L693] int max = val_from_node(max_pos); [L694] EXPR, FCALL max_pos->next [L694] pos = max_pos->next [L694] COND TRUE &gl_list != pos [L695] CALL, EXPR val_from_node(pos) [L685] struct node *entry = ((struct node *)((char *)(head)-(unsigned long)(&((struct node *)0)->linkage))); [L686] EXPR, FCALL entry->value [L686] RET return entry->value; [L695] EXPR val_from_node(pos) [L695] const int value = val_from_node(pos); [L696] COND FALSE !(value < max) [L698] max_pos = pos [L699] max = value [L694] EXPR, FCALL pos->next [L694] pos = pos->next [L694] COND FALSE !(&gl_list != pos) [L701] RET return max_pos; [L709] EXPR gl_seek_max() [L709] EXPR max_pos = gl_seek_max() [L709] COND TRUE (max_pos = gl_seek_max()) [L710] CALL list_move(max_pos, &dst) [L653] FCALL list->prev - UnprovableResult [Line: 1]: Unable to prove that pointer dereference always succeeds Unable to prove that pointer dereference always succeeds Reason: abstract domain could reach this error location. Possible FailurePath: [L660] FCALL struct list_head gl_list = { &(gl_list), &(gl_list) }; [L716] CALL gl_read() [L672] CALL gl_insert(__VERIFIER_nondet_int()) [L663] EXPR, FCALL malloc(sizeof *node) [L663] struct node *node = malloc(sizeof *node); [L664] COND FALSE !(!node) [L666] FCALL node->value = value [L667] CALL list_add(&node->linkage, &gl_list) [L643] EXPR, FCALL head->next [L643] CALL __list_add(new, head, head->next) [L631] FCALL next->prev = new [L632] FCALL new->next = next [L633] FCALL new->prev = prev [L634] RET, FCALL prev->next = new [L643] __list_add(new, head, head->next) [L667] FCALL list_add(&node->linkage, &gl_list) [L674] COND FALSE, RET !(__VERIFIER_nondet_int()) [L716] gl_read() [L717] CALL gl_sort() [L705] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L705] list_empty(&gl_list) [L705] COND FALSE !(list_empty(&gl_list)) [L707] FCALL struct list_head dst = { &(dst), &(dst) }; [L708] struct list_head *max_pos; [L709] CALL, EXPR gl_seek_max() [L690] CALL list_empty(&gl_list) [L625] EXPR, FCALL head->next [L625] RET return head->next == head; [L690] list_empty(&gl_list) [L690] COND FALSE !(list_empty(&gl_list)) [L692] struct list_head *pos, *max_pos = gl_list.next; [L692] EXPR, FCALL gl_list.next [L692] struct list_head *pos, *max_pos = gl_list.next; [L693] CALL, EXPR val_from_node(max_pos) [L685] struct node *entry = ((struct node *)((char *)(head)-(unsigned long)(&((struct node *)0)->linkage))); [L686] EXPR, FCALL entry->value [L686] RET return entry->value; [L693] EXPR val_from_node(max_pos) [L693] int max = val_from_node(max_pos); [L694] EXPR, FCALL max_pos->next [L694] pos = max_pos->next [L694] COND TRUE &gl_list != pos [L695] CALL, EXPR val_from_node(pos) [L685] struct node *entry = ((struct node *)((char *)(head)-(unsigned long)(&((struct node *)0)->linkage))); [L686] EXPR, FCALL entry->value [L686] RET return entry->value; [L695] EXPR val_from_node(pos) [L695] const int value = val_from_node(pos); [L696] COND TRUE value < max [L694] EXPR, FCALL pos->next [L694] pos = pos->next [L694] COND FALSE !(&gl_list != pos) [L701] RET return max_pos; [L709] EXPR gl_seek_max() [L709] EXPR max_pos = gl_seek_max() [L709] COND TRUE (max_pos = gl_seek_max()) [L710] CALL list_move(max_pos, &dst) [L653] EXPR, FCALL list->prev [L653] EXPR, FCALL list->next [L653] CALL __list_del(list->prev, list->next) [L638] FCALL next->prev = prev - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 1]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location * Results from de.uni_freiburg.informatik.ultimate.boogie.preprocessor: - GenericResult: Unfinished Backtranslation Generated EnsuresSpecification ensures #valid == old(#valid); is not ensure(true) RESULT: Ultimate could not prove your program: unable to determine feasibility of some traces Written .csv to /storage/ultimate/releaseScripts/default/UAutomizer-linux/../../../releaseScripts/default/UAutomizer-linux/csv/test-0134_true-valid-memsafety.i_svcomp-DerefFreeMemtrack-32bit-Automizer_Camel+AI_EQ_imprecise.epf_AbstractInterpretationC.xml/Csv-Benchmark-0-2018-01-24_16-25-35-573.csv Written .csv to /storage/ultimate/releaseScripts/default/UAutomizer-linux/../../../releaseScripts/default/UAutomizer-linux/csv/test-0134_true-valid-memsafety.i_svcomp-DerefFreeMemtrack-32bit-Automizer_Camel+AI_EQ_imprecise.epf_AbstractInterpretationC.xml/Csv-VPDomainBenchmark-0-2018-01-24_16-25-35-573.csv Written .csv to /storage/ultimate/releaseScripts/default/UAutomizer-linux/../../../releaseScripts/default/UAutomizer-linux/csv/test-0134_true-valid-memsafety.i_svcomp-DerefFreeMemtrack-32bit-Automizer_Camel+AI_EQ_imprecise.epf_AbstractInterpretationC.xml/Csv-BenchmarkWithCounters-0-2018-01-24_16-25-35-573.csv Received shutdown request...