/usr/bin/java -ea -Xmx8000000000 -Xss4m -jar ./plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata ./data -tc ../../../trunk/examples/toolchains/AutomizerC.xml -s ../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Default.epf -i ../../../trunk/examples/svcomp/list-ext2-properties/list_and_tree_cnstr-1.i -------------------------------------------------------------------------------- This is Ultimate 0.1.25-8fc6572 [2020-07-10 15:09:10,285 INFO L177 SettingsManager]: Resetting all preferences to default values... [2020-07-10 15:09:10,287 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2020-07-10 15:09:10,303 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2020-07-10 15:09:10,303 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2020-07-10 15:09:10,305 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2020-07-10 15:09:10,306 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2020-07-10 15:09:10,308 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2020-07-10 15:09:10,310 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2020-07-10 15:09:10,310 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2020-07-10 15:09:10,311 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2020-07-10 15:09:10,312 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2020-07-10 15:09:10,313 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2020-07-10 15:09:10,314 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2020-07-10 15:09:10,315 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2020-07-10 15:09:10,316 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2020-07-10 15:09:10,317 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2020-07-10 15:09:10,318 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2020-07-10 15:09:10,320 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2020-07-10 15:09:10,322 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2020-07-10 15:09:10,324 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2020-07-10 15:09:10,325 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2020-07-10 15:09:10,326 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2020-07-10 15:09:10,327 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2020-07-10 15:09:10,329 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2020-07-10 15:09:10,330 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2020-07-10 15:09:10,330 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2020-07-10 15:09:10,331 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2020-07-10 15:09:10,331 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2020-07-10 15:09:10,332 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2020-07-10 15:09:10,333 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2020-07-10 15:09:10,333 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2020-07-10 15:09:10,334 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2020-07-10 15:09:10,335 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2020-07-10 15:09:10,336 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2020-07-10 15:09:10,336 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2020-07-10 15:09:10,337 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2020-07-10 15:09:10,337 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2020-07-10 15:09:10,337 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2020-07-10 15:09:10,338 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2020-07-10 15:09:10,339 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2020-07-10 15:09:10,340 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Default.epf [2020-07-10 15:09:10,355 INFO L113 SettingsManager]: Loading preferences was successful [2020-07-10 15:09:10,355 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2020-07-10 15:09:10,356 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2020-07-10 15:09:10,357 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2020-07-10 15:09:10,357 INFO L138 SettingsManager]: * Use SBE=true [2020-07-10 15:09:10,357 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2020-07-10 15:09:10,357 INFO L138 SettingsManager]: * sizeof long=4 [2020-07-10 15:09:10,358 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2020-07-10 15:09:10,358 INFO L138 SettingsManager]: * sizeof POINTER=4 [2020-07-10 15:09:10,358 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2020-07-10 15:09:10,358 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2020-07-10 15:09:10,358 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2020-07-10 15:09:10,359 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2020-07-10 15:09:10,359 INFO L138 SettingsManager]: * sizeof long double=12 [2020-07-10 15:09:10,359 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2020-07-10 15:09:10,359 INFO L138 SettingsManager]: * Use constant arrays=true [2020-07-10 15:09:10,359 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2020-07-10 15:09:10,360 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2020-07-10 15:09:10,360 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2020-07-10 15:09:10,360 INFO L138 SettingsManager]: * To the following directory=./dump/ [2020-07-10 15:09:10,360 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2020-07-10 15:09:10,360 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-10 15:09:10,361 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2020-07-10 15:09:10,361 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2020-07-10 15:09:10,361 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2020-07-10 15:09:10,361 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2020-07-10 15:09:10,361 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2020-07-10 15:09:10,362 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2020-07-10 15:09:10,362 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2020-07-10 15:09:10,362 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2020-07-10 15:09:10,662 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2020-07-10 15:09:10,675 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2020-07-10 15:09:10,679 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2020-07-10 15:09:10,680 INFO L271 PluginConnector]: Initializing CDTParser... [2020-07-10 15:09:10,681 INFO L275 PluginConnector]: CDTParser initialized [2020-07-10 15:09:10,681 INFO L429 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/list-ext2-properties/list_and_tree_cnstr-1.i [2020-07-10 15:09:10,759 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ceba4b456/857cefd129374f26b43547567bd94100/FLAG7bfa8b02f [2020-07-10 15:09:11,342 INFO L306 CDTParser]: Found 1 translation units. [2020-07-10 15:09:11,343 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/trunk/examples/svcomp/list-ext2-properties/list_and_tree_cnstr-1.i [2020-07-10 15:09:11,369 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ceba4b456/857cefd129374f26b43547567bd94100/FLAG7bfa8b02f [2020-07-10 15:09:11,636 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ceba4b456/857cefd129374f26b43547567bd94100 [2020-07-10 15:09:11,645 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2020-07-10 15:09:11,646 INFO L131 ToolchainWalker]: Walking toolchain with 4 elements. [2020-07-10 15:09:11,647 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2020-07-10 15:09:11,648 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2020-07-10 15:09:11,651 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2020-07-10 15:09:11,653 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 10.07 03:09:11" (1/1) ... [2020-07-10 15:09:11,656 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@5ab02ccd and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 10.07 03:09:11, skipping insertion in model container [2020-07-10 15:09:11,656 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 10.07 03:09:11" (1/1) ... [2020-07-10 15:09:11,664 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2020-07-10 15:09:11,703 INFO L178 MainTranslator]: Built tables and reachable declarations [2020-07-10 15:09:12,169 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-10 15:09:12,181 INFO L203 MainTranslator]: Completed pre-run [2020-07-10 15:09:12,236 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-10 15:09:12,298 INFO L208 MainTranslator]: Completed translation [2020-07-10 15:09:12,298 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 10.07 03:09:12 WrapperNode [2020-07-10 15:09:12,299 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2020-07-10 15:09:12,299 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2020-07-10 15:09:12,300 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2020-07-10 15:09:12,300 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2020-07-10 15:09:12,314 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 10.07 03:09:12" (1/1) ... [2020-07-10 15:09:12,314 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 10.07 03:09:12" (1/1) ... [2020-07-10 15:09:12,333 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 10.07 03:09:12" (1/1) ... [2020-07-10 15:09:12,333 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 10.07 03:09:12" (1/1) ... [2020-07-10 15:09:12,368 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 10.07 03:09:12" (1/1) ... [2020-07-10 15:09:12,379 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 10.07 03:09:12" (1/1) ... [2020-07-10 15:09:12,383 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 10.07 03:09:12" (1/1) ... [2020-07-10 15:09:12,394 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2020-07-10 15:09:12,395 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2020-07-10 15:09:12,398 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2020-07-10 15:09:12,399 INFO L275 PluginConnector]: RCFGBuilder initialized [2020-07-10 15:09:12,400 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 10.07 03:09:12" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-10 15:09:12,470 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2020-07-10 15:09:12,470 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2020-07-10 15:09:12,471 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_32 [2020-07-10 15:09:12,471 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_64 [2020-07-10 15:09:12,471 INFO L138 BoogieDeclarations]: Found implementation of procedure myexit [2020-07-10 15:09:12,471 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2020-07-10 15:09:12,471 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_error [2020-07-10 15:09:12,472 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_int [2020-07-10 15:09:12,472 INFO L130 BoogieDeclarations]: Found specification of procedure __ctype_get_mb_cur_max [2020-07-10 15:09:12,472 INFO L130 BoogieDeclarations]: Found specification of procedure atof [2020-07-10 15:09:12,473 INFO L130 BoogieDeclarations]: Found specification of procedure atoi [2020-07-10 15:09:12,473 INFO L130 BoogieDeclarations]: Found specification of procedure atol [2020-07-10 15:09:12,473 INFO L130 BoogieDeclarations]: Found specification of procedure atoll [2020-07-10 15:09:12,474 INFO L130 BoogieDeclarations]: Found specification of procedure strtod [2020-07-10 15:09:12,474 INFO L130 BoogieDeclarations]: Found specification of procedure strtof [2020-07-10 15:09:12,475 INFO L130 BoogieDeclarations]: Found specification of procedure strtold [2020-07-10 15:09:12,475 INFO L130 BoogieDeclarations]: Found specification of procedure strtol [2020-07-10 15:09:12,476 INFO L130 BoogieDeclarations]: Found specification of procedure strtoul [2020-07-10 15:09:12,476 INFO L130 BoogieDeclarations]: Found specification of procedure strtoq [2020-07-10 15:09:12,476 INFO L130 BoogieDeclarations]: Found specification of procedure strtouq [2020-07-10 15:09:12,476 INFO L130 BoogieDeclarations]: Found specification of procedure strtoll [2020-07-10 15:09:12,476 INFO L130 BoogieDeclarations]: Found specification of procedure strtoull [2020-07-10 15:09:12,476 INFO L130 BoogieDeclarations]: Found specification of procedure l64a [2020-07-10 15:09:12,477 INFO L130 BoogieDeclarations]: Found specification of procedure a64l [2020-07-10 15:09:12,477 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_32 [2020-07-10 15:09:12,477 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_64 [2020-07-10 15:09:12,478 INFO L130 BoogieDeclarations]: Found specification of procedure select [2020-07-10 15:09:12,478 INFO L130 BoogieDeclarations]: Found specification of procedure pselect [2020-07-10 15:09:12,478 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_major [2020-07-10 15:09:12,478 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_minor [2020-07-10 15:09:12,478 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_makedev [2020-07-10 15:09:12,478 INFO L130 BoogieDeclarations]: Found specification of procedure random [2020-07-10 15:09:12,479 INFO L130 BoogieDeclarations]: Found specification of procedure srandom [2020-07-10 15:09:12,479 INFO L130 BoogieDeclarations]: Found specification of procedure initstate [2020-07-10 15:09:12,479 INFO L130 BoogieDeclarations]: Found specification of procedure setstate [2020-07-10 15:09:12,479 INFO L130 BoogieDeclarations]: Found specification of procedure random_r [2020-07-10 15:09:12,479 INFO L130 BoogieDeclarations]: Found specification of procedure srandom_r [2020-07-10 15:09:12,479 INFO L130 BoogieDeclarations]: Found specification of procedure initstate_r [2020-07-10 15:09:12,480 INFO L130 BoogieDeclarations]: Found specification of procedure setstate_r [2020-07-10 15:09:12,480 INFO L130 BoogieDeclarations]: Found specification of procedure rand [2020-07-10 15:09:12,481 INFO L130 BoogieDeclarations]: Found specification of procedure srand [2020-07-10 15:09:12,481 INFO L130 BoogieDeclarations]: Found specification of procedure rand_r [2020-07-10 15:09:12,481 INFO L130 BoogieDeclarations]: Found specification of procedure drand48 [2020-07-10 15:09:12,482 INFO L130 BoogieDeclarations]: Found specification of procedure erand48 [2020-07-10 15:09:12,482 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48 [2020-07-10 15:09:12,482 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48 [2020-07-10 15:09:12,482 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48 [2020-07-10 15:09:12,482 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48 [2020-07-10 15:09:12,482 INFO L130 BoogieDeclarations]: Found specification of procedure srand48 [2020-07-10 15:09:12,482 INFO L130 BoogieDeclarations]: Found specification of procedure seed48 [2020-07-10 15:09:12,483 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48 [2020-07-10 15:09:12,483 INFO L130 BoogieDeclarations]: Found specification of procedure drand48_r [2020-07-10 15:09:12,483 INFO L130 BoogieDeclarations]: Found specification of procedure erand48_r [2020-07-10 15:09:12,483 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48_r [2020-07-10 15:09:12,483 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48_r [2020-07-10 15:09:12,483 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48_r [2020-07-10 15:09:12,484 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48_r [2020-07-10 15:09:12,484 INFO L130 BoogieDeclarations]: Found specification of procedure srand48_r [2020-07-10 15:09:12,484 INFO L130 BoogieDeclarations]: Found specification of procedure seed48_r [2020-07-10 15:09:12,484 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48_r [2020-07-10 15:09:12,484 INFO L130 BoogieDeclarations]: Found specification of procedure malloc [2020-07-10 15:09:12,484 INFO L130 BoogieDeclarations]: Found specification of procedure calloc [2020-07-10 15:09:12,484 INFO L130 BoogieDeclarations]: Found specification of procedure realloc [2020-07-10 15:09:12,485 INFO L130 BoogieDeclarations]: Found specification of procedure free [2020-07-10 15:09:12,485 INFO L130 BoogieDeclarations]: Found specification of procedure cfree [2020-07-10 15:09:12,485 INFO L130 BoogieDeclarations]: Found specification of procedure alloca [2020-07-10 15:09:12,485 INFO L130 BoogieDeclarations]: Found specification of procedure valloc [2020-07-10 15:09:12,486 INFO L130 BoogieDeclarations]: Found specification of procedure posix_memalign [2020-07-10 15:09:12,487 INFO L130 BoogieDeclarations]: Found specification of procedure aligned_alloc [2020-07-10 15:09:12,487 INFO L130 BoogieDeclarations]: Found specification of procedure abort [2020-07-10 15:09:12,487 INFO L130 BoogieDeclarations]: Found specification of procedure atexit [2020-07-10 15:09:12,487 INFO L130 BoogieDeclarations]: Found specification of procedure at_quick_exit [2020-07-10 15:09:12,487 INFO L130 BoogieDeclarations]: Found specification of procedure on_exit [2020-07-10 15:09:12,488 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2020-07-10 15:09:12,488 INFO L130 BoogieDeclarations]: Found specification of procedure quick_exit [2020-07-10 15:09:12,488 INFO L130 BoogieDeclarations]: Found specification of procedure _Exit [2020-07-10 15:09:12,488 INFO L130 BoogieDeclarations]: Found specification of procedure getenv [2020-07-10 15:09:12,489 INFO L130 BoogieDeclarations]: Found specification of procedure putenv [2020-07-10 15:09:12,489 INFO L130 BoogieDeclarations]: Found specification of procedure setenv [2020-07-10 15:09:12,489 INFO L130 BoogieDeclarations]: Found specification of procedure unsetenv [2020-07-10 15:09:12,489 INFO L130 BoogieDeclarations]: Found specification of procedure clearenv [2020-07-10 15:09:12,490 INFO L130 BoogieDeclarations]: Found specification of procedure mktemp [2020-07-10 15:09:12,490 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemp [2020-07-10 15:09:12,490 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemps [2020-07-10 15:09:12,490 INFO L130 BoogieDeclarations]: Found specification of procedure mkdtemp [2020-07-10 15:09:12,490 INFO L130 BoogieDeclarations]: Found specification of procedure system [2020-07-10 15:09:12,490 INFO L130 BoogieDeclarations]: Found specification of procedure realpath [2020-07-10 15:09:12,491 INFO L130 BoogieDeclarations]: Found specification of procedure bsearch [2020-07-10 15:09:12,492 INFO L130 BoogieDeclarations]: Found specification of procedure qsort [2020-07-10 15:09:12,492 INFO L130 BoogieDeclarations]: Found specification of procedure abs [2020-07-10 15:09:12,492 INFO L130 BoogieDeclarations]: Found specification of procedure labs [2020-07-10 15:09:12,493 INFO L130 BoogieDeclarations]: Found specification of procedure llabs [2020-07-10 15:09:12,493 INFO L130 BoogieDeclarations]: Found specification of procedure div [2020-07-10 15:09:12,493 INFO L130 BoogieDeclarations]: Found specification of procedure ldiv [2020-07-10 15:09:12,493 INFO L130 BoogieDeclarations]: Found specification of procedure lldiv [2020-07-10 15:09:12,493 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt [2020-07-10 15:09:12,493 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt [2020-07-10 15:09:12,493 INFO L130 BoogieDeclarations]: Found specification of procedure gcvt [2020-07-10 15:09:12,494 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt [2020-07-10 15:09:12,494 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt [2020-07-10 15:09:12,494 INFO L130 BoogieDeclarations]: Found specification of procedure qgcvt [2020-07-10 15:09:12,494 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt_r [2020-07-10 15:09:12,494 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt_r [2020-07-10 15:09:12,494 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt_r [2020-07-10 15:09:12,494 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt_r [2020-07-10 15:09:12,495 INFO L130 BoogieDeclarations]: Found specification of procedure mblen [2020-07-10 15:09:12,495 INFO L130 BoogieDeclarations]: Found specification of procedure mbtowc [2020-07-10 15:09:12,495 INFO L130 BoogieDeclarations]: Found specification of procedure wctomb [2020-07-10 15:09:12,495 INFO L130 BoogieDeclarations]: Found specification of procedure mbstowcs [2020-07-10 15:09:12,495 INFO L130 BoogieDeclarations]: Found specification of procedure wcstombs [2020-07-10 15:09:12,495 INFO L130 BoogieDeclarations]: Found specification of procedure rpmatch [2020-07-10 15:09:12,496 INFO L130 BoogieDeclarations]: Found specification of procedure getsubopt [2020-07-10 15:09:12,496 INFO L130 BoogieDeclarations]: Found specification of procedure getloadavg [2020-07-10 15:09:12,496 INFO L130 BoogieDeclarations]: Found specification of procedure myexit [2020-07-10 15:09:12,496 INFO L130 BoogieDeclarations]: Found specification of procedure main [2020-07-10 15:09:12,496 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2020-07-10 15:09:12,497 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2020-07-10 15:09:12,498 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2020-07-10 15:09:12,499 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2020-07-10 15:09:12,499 INFO L130 BoogieDeclarations]: Found specification of procedure write~int [2020-07-10 15:09:12,500 INFO L130 BoogieDeclarations]: Found specification of procedure read~int [2020-07-10 15:09:12,500 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2020-07-10 15:09:12,500 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2020-07-10 15:09:12,874 INFO L728 $ProcedureCfgBuilder]: dead code at ProgramPoint myexitFINAL: assume true; [2020-07-10 15:09:13,320 INFO L290 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2020-07-10 15:09:13,320 INFO L295 CfgBuilder]: Removed 8 assume(true) statements. [2020-07-10 15:09:13,324 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 10.07 03:09:13 BoogieIcfgContainer [2020-07-10 15:09:13,325 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2020-07-10 15:09:13,342 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2020-07-10 15:09:13,343 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2020-07-10 15:09:13,346 INFO L275 PluginConnector]: TraceAbstraction initialized [2020-07-10 15:09:13,347 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 10.07 03:09:11" (1/3) ... [2020-07-10 15:09:13,348 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5b64e820 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 10.07 03:09:13, skipping insertion in model container [2020-07-10 15:09:13,348 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 10.07 03:09:12" (2/3) ... [2020-07-10 15:09:13,348 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5b64e820 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 10.07 03:09:13, skipping insertion in model container [2020-07-10 15:09:13,349 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 10.07 03:09:13" (3/3) ... [2020-07-10 15:09:13,351 INFO L109 eAbstractionObserver]: Analyzing ICFG list_and_tree_cnstr-1.i [2020-07-10 15:09:13,362 INFO L157 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2020-07-10 15:09:13,372 INFO L169 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2020-07-10 15:09:13,390 INFO L251 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2020-07-10 15:09:13,409 INFO L375 AbstractCegarLoop]: Interprodecural is true [2020-07-10 15:09:13,410 INFO L376 AbstractCegarLoop]: Hoare is true [2020-07-10 15:09:13,410 INFO L377 AbstractCegarLoop]: Compute interpolants for FPandBP [2020-07-10 15:09:13,410 INFO L378 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2020-07-10 15:09:13,410 INFO L379 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2020-07-10 15:09:13,410 INFO L380 AbstractCegarLoop]: Difference is false [2020-07-10 15:09:13,411 INFO L381 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2020-07-10 15:09:13,411 INFO L385 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2020-07-10 15:09:13,431 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states. [2020-07-10 15:09:13,438 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2020-07-10 15:09:13,439 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:13,440 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:13,441 INFO L427 AbstractCegarLoop]: === Iteration 1 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:13,447 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:13,447 INFO L82 PathProgramCache]: Analyzing trace with hash 1575706012, now seen corresponding path program 1 times [2020-07-10 15:09:13,458 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:13,458 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [569642751] [2020-07-10 15:09:13,459 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:13,573 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:13,660 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:13,670 INFO L280 TraceCheckUtils]: 0: Hoare triple {65#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {60#true} is VALID [2020-07-10 15:09:13,671 INFO L280 TraceCheckUtils]: 1: Hoare triple {60#true} assume true; {60#true} is VALID [2020-07-10 15:09:13,671 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {60#true} {60#true} #225#return; {60#true} is VALID [2020-07-10 15:09:13,675 INFO L263 TraceCheckUtils]: 0: Hoare triple {60#true} call ULTIMATE.init(); {65#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:13,675 INFO L280 TraceCheckUtils]: 1: Hoare triple {65#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {60#true} is VALID [2020-07-10 15:09:13,676 INFO L280 TraceCheckUtils]: 2: Hoare triple {60#true} assume true; {60#true} is VALID [2020-07-10 15:09:13,676 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {60#true} {60#true} #225#return; {60#true} is VALID [2020-07-10 15:09:13,677 INFO L263 TraceCheckUtils]: 4: Hoare triple {60#true} call #t~ret41 := main(); {60#true} is VALID [2020-07-10 15:09:13,677 INFO L280 TraceCheckUtils]: 5: Hoare triple {60#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {60#true} is VALID [2020-07-10 15:09:13,684 INFO L280 TraceCheckUtils]: 6: Hoare triple {60#true} assume !true; {61#false} is VALID [2020-07-10 15:09:13,685 INFO L280 TraceCheckUtils]: 7: Hoare triple {61#false} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {61#false} is VALID [2020-07-10 15:09:13,685 INFO L280 TraceCheckUtils]: 8: Hoare triple {61#false} assume !(~root~0.base != 0 || ~root~0.offset != 0); {61#false} is VALID [2020-07-10 15:09:13,685 INFO L280 TraceCheckUtils]: 9: Hoare triple {61#false} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {61#false} is VALID [2020-07-10 15:09:13,685 INFO L280 TraceCheckUtils]: 10: Hoare triple {61#false} assume !(~a~0.base == 0 && ~a~0.offset == 0); {61#false} is VALID [2020-07-10 15:09:13,686 INFO L280 TraceCheckUtils]: 11: Hoare triple {61#false} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {61#false} is VALID [2020-07-10 15:09:13,686 INFO L280 TraceCheckUtils]: 12: Hoare triple {61#false} assume !true; {61#false} is VALID [2020-07-10 15:09:13,686 INFO L280 TraceCheckUtils]: 13: Hoare triple {61#false} assume !true; {61#false} is VALID [2020-07-10 15:09:13,687 INFO L280 TraceCheckUtils]: 14: Hoare triple {61#false} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {61#false} is VALID [2020-07-10 15:09:13,687 INFO L280 TraceCheckUtils]: 15: Hoare triple {61#false} assume !true; {61#false} is VALID [2020-07-10 15:09:13,687 INFO L280 TraceCheckUtils]: 16: Hoare triple {61#false} assume !true; {61#false} is VALID [2020-07-10 15:09:13,688 INFO L280 TraceCheckUtils]: 17: Hoare triple {61#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {61#false} is VALID [2020-07-10 15:09:13,688 INFO L280 TraceCheckUtils]: 18: Hoare triple {61#false} assume 3 != #t~mem40;havoc #t~mem40; {61#false} is VALID [2020-07-10 15:09:13,688 INFO L280 TraceCheckUtils]: 19: Hoare triple {61#false} assume !false; {61#false} is VALID [2020-07-10 15:09:13,691 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-10 15:09:13,691 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [569642751] [2020-07-10 15:09:13,692 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-10 15:09:13,693 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2020-07-10 15:09:13,694 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1617434899] [2020-07-10 15:09:13,700 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 20 [2020-07-10 15:09:13,703 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:13,707 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2020-07-10 15:09:13,745 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:13,745 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2020-07-10 15:09:13,745 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:13,754 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2020-07-10 15:09:13,755 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2020-07-10 15:09:13,757 INFO L87 Difference]: Start difference. First operand 57 states. Second operand 3 states. [2020-07-10 15:09:14,136 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:14,137 INFO L93 Difference]: Finished difference Result 108 states and 166 transitions. [2020-07-10 15:09:14,137 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2020-07-10 15:09:14,137 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 20 [2020-07-10 15:09:14,137 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:14,139 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2020-07-10 15:09:14,154 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 166 transitions. [2020-07-10 15:09:14,155 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2020-07-10 15:09:14,160 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 166 transitions. [2020-07-10 15:09:14,160 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 166 transitions. [2020-07-10 15:09:14,390 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 166 edges. 166 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:14,416 INFO L225 Difference]: With dead ends: 108 [2020-07-10 15:09:14,416 INFO L226 Difference]: Without dead ends: 47 [2020-07-10 15:09:14,423 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2020-07-10 15:09:14,444 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 47 states. [2020-07-10 15:09:14,475 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 47 to 47. [2020-07-10 15:09:14,475 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:14,476 INFO L82 GeneralOperation]: Start isEquivalent. First operand 47 states. Second operand 47 states. [2020-07-10 15:09:14,477 INFO L74 IsIncluded]: Start isIncluded. First operand 47 states. Second operand 47 states. [2020-07-10 15:09:14,477 INFO L87 Difference]: Start difference. First operand 47 states. Second operand 47 states. [2020-07-10 15:09:14,482 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:14,482 INFO L93 Difference]: Finished difference Result 47 states and 64 transitions. [2020-07-10 15:09:14,482 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 64 transitions. [2020-07-10 15:09:14,483 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:14,483 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:14,484 INFO L74 IsIncluded]: Start isIncluded. First operand 47 states. Second operand 47 states. [2020-07-10 15:09:14,484 INFO L87 Difference]: Start difference. First operand 47 states. Second operand 47 states. [2020-07-10 15:09:14,488 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:14,489 INFO L93 Difference]: Finished difference Result 47 states and 64 transitions. [2020-07-10 15:09:14,489 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 64 transitions. [2020-07-10 15:09:14,490 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:14,490 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:14,490 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:14,491 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:14,491 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 47 states. [2020-07-10 15:09:14,494 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 47 states to 47 states and 64 transitions. [2020-07-10 15:09:14,496 INFO L78 Accepts]: Start accepts. Automaton has 47 states and 64 transitions. Word has length 20 [2020-07-10 15:09:14,496 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:14,497 INFO L479 AbstractCegarLoop]: Abstraction has 47 states and 64 transitions. [2020-07-10 15:09:14,497 INFO L480 AbstractCegarLoop]: Interpolant automaton has 3 states. [2020-07-10 15:09:14,497 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 64 transitions. [2020-07-10 15:09:14,498 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2020-07-10 15:09:14,498 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:14,498 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:14,499 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2020-07-10 15:09:14,499 INFO L427 AbstractCegarLoop]: === Iteration 2 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:14,500 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:14,500 INFO L82 PathProgramCache]: Analyzing trace with hash 1627887593, now seen corresponding path program 1 times [2020-07-10 15:09:14,500 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:14,500 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1860697604] [2020-07-10 15:09:14,501 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:14,527 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:14,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:14,608 INFO L280 TraceCheckUtils]: 0: Hoare triple {359#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {353#true} is VALID [2020-07-10 15:09:14,608 INFO L280 TraceCheckUtils]: 1: Hoare triple {353#true} assume true; {353#true} is VALID [2020-07-10 15:09:14,609 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {353#true} {353#true} #225#return; {353#true} is VALID [2020-07-10 15:09:14,610 INFO L263 TraceCheckUtils]: 0: Hoare triple {353#true} call ULTIMATE.init(); {359#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:14,611 INFO L280 TraceCheckUtils]: 1: Hoare triple {359#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {353#true} is VALID [2020-07-10 15:09:14,611 INFO L280 TraceCheckUtils]: 2: Hoare triple {353#true} assume true; {353#true} is VALID [2020-07-10 15:09:14,612 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {353#true} {353#true} #225#return; {353#true} is VALID [2020-07-10 15:09:14,612 INFO L263 TraceCheckUtils]: 4: Hoare triple {353#true} call #t~ret41 := main(); {353#true} is VALID [2020-07-10 15:09:14,614 INFO L280 TraceCheckUtils]: 5: Hoare triple {353#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {358#(not (= 0 main_~root~0.base))} is VALID [2020-07-10 15:09:14,615 INFO L280 TraceCheckUtils]: 6: Hoare triple {358#(not (= 0 main_~root~0.base))} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {358#(not (= 0 main_~root~0.base))} is VALID [2020-07-10 15:09:14,616 INFO L280 TraceCheckUtils]: 7: Hoare triple {358#(not (= 0 main_~root~0.base))} assume !(0 != #t~nondet3);havoc #t~nondet3; {358#(not (= 0 main_~root~0.base))} is VALID [2020-07-10 15:09:14,617 INFO L280 TraceCheckUtils]: 8: Hoare triple {358#(not (= 0 main_~root~0.base))} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {358#(not (= 0 main_~root~0.base))} is VALID [2020-07-10 15:09:14,618 INFO L280 TraceCheckUtils]: 9: Hoare triple {358#(not (= 0 main_~root~0.base))} assume !(~root~0.base != 0 || ~root~0.offset != 0); {354#false} is VALID [2020-07-10 15:09:14,619 INFO L280 TraceCheckUtils]: 10: Hoare triple {354#false} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {354#false} is VALID [2020-07-10 15:09:14,619 INFO L280 TraceCheckUtils]: 11: Hoare triple {354#false} assume !(~a~0.base == 0 && ~a~0.offset == 0); {354#false} is VALID [2020-07-10 15:09:14,620 INFO L280 TraceCheckUtils]: 12: Hoare triple {354#false} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {354#false} is VALID [2020-07-10 15:09:14,620 INFO L280 TraceCheckUtils]: 13: Hoare triple {354#false} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {354#false} is VALID [2020-07-10 15:09:14,624 INFO L280 TraceCheckUtils]: 14: Hoare triple {354#false} assume !(0 != #t~nondet30);havoc #t~nondet30; {354#false} is VALID [2020-07-10 15:09:14,625 INFO L280 TraceCheckUtils]: 15: Hoare triple {354#false} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {354#false} is VALID [2020-07-10 15:09:14,625 INFO L280 TraceCheckUtils]: 16: Hoare triple {354#false} assume !(0 != #t~nondet33);havoc #t~nondet33; {354#false} is VALID [2020-07-10 15:09:14,626 INFO L280 TraceCheckUtils]: 17: Hoare triple {354#false} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {354#false} is VALID [2020-07-10 15:09:14,626 INFO L280 TraceCheckUtils]: 18: Hoare triple {354#false} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {354#false} is VALID [2020-07-10 15:09:14,627 INFO L280 TraceCheckUtils]: 19: Hoare triple {354#false} assume !(2 == #t~mem36);havoc #t~mem36; {354#false} is VALID [2020-07-10 15:09:14,627 INFO L280 TraceCheckUtils]: 20: Hoare triple {354#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {354#false} is VALID [2020-07-10 15:09:14,627 INFO L280 TraceCheckUtils]: 21: Hoare triple {354#false} assume !(1 == #t~mem38);havoc #t~mem38; {354#false} is VALID [2020-07-10 15:09:14,628 INFO L280 TraceCheckUtils]: 22: Hoare triple {354#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {354#false} is VALID [2020-07-10 15:09:14,628 INFO L280 TraceCheckUtils]: 23: Hoare triple {354#false} assume 3 != #t~mem40;havoc #t~mem40; {354#false} is VALID [2020-07-10 15:09:14,628 INFO L280 TraceCheckUtils]: 24: Hoare triple {354#false} assume !false; {354#false} is VALID [2020-07-10 15:09:14,636 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-10 15:09:14,636 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1860697604] [2020-07-10 15:09:14,637 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-10 15:09:14,637 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2020-07-10 15:09:14,639 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1146343954] [2020-07-10 15:09:14,644 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 25 [2020-07-10 15:09:14,644 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:14,645 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2020-07-10 15:09:14,684 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:14,684 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2020-07-10 15:09:14,684 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:14,701 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2020-07-10 15:09:14,701 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-10 15:09:14,701 INFO L87 Difference]: Start difference. First operand 47 states and 64 transitions. Second operand 4 states. [2020-07-10 15:09:15,063 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:15,064 INFO L93 Difference]: Finished difference Result 75 states and 101 transitions. [2020-07-10 15:09:15,064 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2020-07-10 15:09:15,064 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 25 [2020-07-10 15:09:15,064 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:15,064 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-10 15:09:15,067 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 101 transitions. [2020-07-10 15:09:15,067 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-10 15:09:15,070 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 101 transitions. [2020-07-10 15:09:15,070 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 101 transitions. [2020-07-10 15:09:15,188 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:15,191 INFO L225 Difference]: With dead ends: 75 [2020-07-10 15:09:15,191 INFO L226 Difference]: Without dead ends: 55 [2020-07-10 15:09:15,192 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-10 15:09:15,196 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 55 states. [2020-07-10 15:09:15,216 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 55 to 55. [2020-07-10 15:09:15,216 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:15,216 INFO L82 GeneralOperation]: Start isEquivalent. First operand 55 states. Second operand 55 states. [2020-07-10 15:09:15,216 INFO L74 IsIncluded]: Start isIncluded. First operand 55 states. Second operand 55 states. [2020-07-10 15:09:15,216 INFO L87 Difference]: Start difference. First operand 55 states. Second operand 55 states. [2020-07-10 15:09:15,220 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:15,221 INFO L93 Difference]: Finished difference Result 55 states and 77 transitions. [2020-07-10 15:09:15,221 INFO L276 IsEmpty]: Start isEmpty. Operand 55 states and 77 transitions. [2020-07-10 15:09:15,222 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:15,222 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:15,222 INFO L74 IsIncluded]: Start isIncluded. First operand 55 states. Second operand 55 states. [2020-07-10 15:09:15,222 INFO L87 Difference]: Start difference. First operand 55 states. Second operand 55 states. [2020-07-10 15:09:15,225 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:15,226 INFO L93 Difference]: Finished difference Result 55 states and 77 transitions. [2020-07-10 15:09:15,226 INFO L276 IsEmpty]: Start isEmpty. Operand 55 states and 77 transitions. [2020-07-10 15:09:15,227 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:15,227 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:15,227 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:15,227 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:15,227 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 55 states. [2020-07-10 15:09:15,230 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 55 states to 55 states and 77 transitions. [2020-07-10 15:09:15,230 INFO L78 Accepts]: Start accepts. Automaton has 55 states and 77 transitions. Word has length 25 [2020-07-10 15:09:15,231 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:15,231 INFO L479 AbstractCegarLoop]: Abstraction has 55 states and 77 transitions. [2020-07-10 15:09:15,231 INFO L480 AbstractCegarLoop]: Interpolant automaton has 4 states. [2020-07-10 15:09:15,231 INFO L276 IsEmpty]: Start isEmpty. Operand 55 states and 77 transitions. [2020-07-10 15:09:15,232 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2020-07-10 15:09:15,232 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:15,232 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:15,233 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2020-07-10 15:09:15,233 INFO L427 AbstractCegarLoop]: === Iteration 3 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:15,233 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:15,233 INFO L82 PathProgramCache]: Analyzing trace with hash -164754602, now seen corresponding path program 1 times [2020-07-10 15:09:15,234 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:15,234 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1364128623] [2020-07-10 15:09:15,234 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:15,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:15,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:15,306 INFO L280 TraceCheckUtils]: 0: Hoare triple {634#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {628#true} is VALID [2020-07-10 15:09:15,306 INFO L280 TraceCheckUtils]: 1: Hoare triple {628#true} assume true; {628#true} is VALID [2020-07-10 15:09:15,307 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {628#true} {628#true} #225#return; {628#true} is VALID [2020-07-10 15:09:15,308 INFO L263 TraceCheckUtils]: 0: Hoare triple {628#true} call ULTIMATE.init(); {634#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:15,308 INFO L280 TraceCheckUtils]: 1: Hoare triple {634#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {628#true} is VALID [2020-07-10 15:09:15,308 INFO L280 TraceCheckUtils]: 2: Hoare triple {628#true} assume true; {628#true} is VALID [2020-07-10 15:09:15,309 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {628#true} {628#true} #225#return; {628#true} is VALID [2020-07-10 15:09:15,309 INFO L263 TraceCheckUtils]: 4: Hoare triple {628#true} call #t~ret41 := main(); {628#true} is VALID [2020-07-10 15:09:15,309 INFO L280 TraceCheckUtils]: 5: Hoare triple {628#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {628#true} is VALID [2020-07-10 15:09:15,309 INFO L280 TraceCheckUtils]: 6: Hoare triple {628#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {628#true} is VALID [2020-07-10 15:09:15,310 INFO L280 TraceCheckUtils]: 7: Hoare triple {628#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {628#true} is VALID [2020-07-10 15:09:15,310 INFO L280 TraceCheckUtils]: 8: Hoare triple {628#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {628#true} is VALID [2020-07-10 15:09:15,310 INFO L280 TraceCheckUtils]: 9: Hoare triple {628#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {628#true} is VALID [2020-07-10 15:09:15,311 INFO L280 TraceCheckUtils]: 10: Hoare triple {628#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {628#true} is VALID [2020-07-10 15:09:15,311 INFO L280 TraceCheckUtils]: 11: Hoare triple {628#true} assume #t~short24; {633#|main_#t~short24|} is VALID [2020-07-10 15:09:15,312 INFO L280 TraceCheckUtils]: 12: Hoare triple {633#|main_#t~short24|} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {629#false} is VALID [2020-07-10 15:09:15,312 INFO L280 TraceCheckUtils]: 13: Hoare triple {629#false} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {629#false} is VALID [2020-07-10 15:09:15,313 INFO L280 TraceCheckUtils]: 14: Hoare triple {629#false} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {629#false} is VALID [2020-07-10 15:09:15,313 INFO L280 TraceCheckUtils]: 15: Hoare triple {629#false} assume !(~root~0.base != 0 || ~root~0.offset != 0); {629#false} is VALID [2020-07-10 15:09:15,313 INFO L280 TraceCheckUtils]: 16: Hoare triple {629#false} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {629#false} is VALID [2020-07-10 15:09:15,314 INFO L280 TraceCheckUtils]: 17: Hoare triple {629#false} assume !(~a~0.base == 0 && ~a~0.offset == 0); {629#false} is VALID [2020-07-10 15:09:15,314 INFO L280 TraceCheckUtils]: 18: Hoare triple {629#false} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {629#false} is VALID [2020-07-10 15:09:15,314 INFO L280 TraceCheckUtils]: 19: Hoare triple {629#false} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {629#false} is VALID [2020-07-10 15:09:15,314 INFO L280 TraceCheckUtils]: 20: Hoare triple {629#false} assume !(0 != #t~nondet30);havoc #t~nondet30; {629#false} is VALID [2020-07-10 15:09:15,315 INFO L280 TraceCheckUtils]: 21: Hoare triple {629#false} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {629#false} is VALID [2020-07-10 15:09:15,315 INFO L280 TraceCheckUtils]: 22: Hoare triple {629#false} assume !(0 != #t~nondet33);havoc #t~nondet33; {629#false} is VALID [2020-07-10 15:09:15,315 INFO L280 TraceCheckUtils]: 23: Hoare triple {629#false} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {629#false} is VALID [2020-07-10 15:09:15,315 INFO L280 TraceCheckUtils]: 24: Hoare triple {629#false} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {629#false} is VALID [2020-07-10 15:09:15,316 INFO L280 TraceCheckUtils]: 25: Hoare triple {629#false} assume !(2 == #t~mem36);havoc #t~mem36; {629#false} is VALID [2020-07-10 15:09:15,316 INFO L280 TraceCheckUtils]: 26: Hoare triple {629#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {629#false} is VALID [2020-07-10 15:09:15,316 INFO L280 TraceCheckUtils]: 27: Hoare triple {629#false} assume !(1 == #t~mem38);havoc #t~mem38; {629#false} is VALID [2020-07-10 15:09:15,316 INFO L280 TraceCheckUtils]: 28: Hoare triple {629#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {629#false} is VALID [2020-07-10 15:09:15,317 INFO L280 TraceCheckUtils]: 29: Hoare triple {629#false} assume 3 != #t~mem40;havoc #t~mem40; {629#false} is VALID [2020-07-10 15:09:15,317 INFO L280 TraceCheckUtils]: 30: Hoare triple {629#false} assume !false; {629#false} is VALID [2020-07-10 15:09:15,318 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-10 15:09:15,319 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1364128623] [2020-07-10 15:09:15,319 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-10 15:09:15,319 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2020-07-10 15:09:15,319 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [933234506] [2020-07-10 15:09:15,320 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 31 [2020-07-10 15:09:15,320 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:15,321 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2020-07-10 15:09:15,355 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:15,355 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2020-07-10 15:09:15,355 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:15,356 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2020-07-10 15:09:15,356 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-10 15:09:15,356 INFO L87 Difference]: Start difference. First operand 55 states and 77 transitions. Second operand 4 states. [2020-07-10 15:09:15,693 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:15,694 INFO L93 Difference]: Finished difference Result 93 states and 131 transitions. [2020-07-10 15:09:15,694 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2020-07-10 15:09:15,694 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 31 [2020-07-10 15:09:15,694 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:15,694 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-10 15:09:15,703 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 103 transitions. [2020-07-10 15:09:15,704 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-10 15:09:15,708 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 103 transitions. [2020-07-10 15:09:15,708 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 103 transitions. [2020-07-10 15:09:15,871 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 103 edges. 103 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:15,874 INFO L225 Difference]: With dead ends: 93 [2020-07-10 15:09:15,874 INFO L226 Difference]: Without dead ends: 57 [2020-07-10 15:09:15,874 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-10 15:09:15,875 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 57 states. [2020-07-10 15:09:15,889 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 57 to 57. [2020-07-10 15:09:15,889 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:15,889 INFO L82 GeneralOperation]: Start isEquivalent. First operand 57 states. Second operand 57 states. [2020-07-10 15:09:15,889 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand 57 states. [2020-07-10 15:09:15,889 INFO L87 Difference]: Start difference. First operand 57 states. Second operand 57 states. [2020-07-10 15:09:15,893 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:15,894 INFO L93 Difference]: Finished difference Result 57 states and 79 transitions. [2020-07-10 15:09:15,894 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 79 transitions. [2020-07-10 15:09:15,895 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:15,896 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:15,896 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand 57 states. [2020-07-10 15:09:15,896 INFO L87 Difference]: Start difference. First operand 57 states. Second operand 57 states. [2020-07-10 15:09:15,902 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:15,902 INFO L93 Difference]: Finished difference Result 57 states and 79 transitions. [2020-07-10 15:09:15,903 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 79 transitions. [2020-07-10 15:09:15,903 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:15,903 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:15,904 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:15,904 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:15,904 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 57 states. [2020-07-10 15:09:15,907 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 57 states to 57 states and 79 transitions. [2020-07-10 15:09:15,907 INFO L78 Accepts]: Start accepts. Automaton has 57 states and 79 transitions. Word has length 31 [2020-07-10 15:09:15,907 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:15,907 INFO L479 AbstractCegarLoop]: Abstraction has 57 states and 79 transitions. [2020-07-10 15:09:15,907 INFO L480 AbstractCegarLoop]: Interpolant automaton has 4 states. [2020-07-10 15:09:15,908 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 79 transitions. [2020-07-10 15:09:15,908 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2020-07-10 15:09:15,909 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:15,909 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:15,909 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2020-07-10 15:09:15,909 INFO L427 AbstractCegarLoop]: === Iteration 4 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:15,909 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:15,910 INFO L82 PathProgramCache]: Analyzing trace with hash -982403052, now seen corresponding path program 1 times [2020-07-10 15:09:15,910 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:15,910 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1306546599] [2020-07-10 15:09:15,910 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:15,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:16,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:16,029 INFO L280 TraceCheckUtils]: 0: Hoare triple {939#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {931#true} is VALID [2020-07-10 15:09:16,029 INFO L280 TraceCheckUtils]: 1: Hoare triple {931#true} assume true; {931#true} is VALID [2020-07-10 15:09:16,030 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {931#true} {931#true} #225#return; {931#true} is VALID [2020-07-10 15:09:16,031 INFO L263 TraceCheckUtils]: 0: Hoare triple {931#true} call ULTIMATE.init(); {939#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:16,031 INFO L280 TraceCheckUtils]: 1: Hoare triple {939#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {931#true} is VALID [2020-07-10 15:09:16,031 INFO L280 TraceCheckUtils]: 2: Hoare triple {931#true} assume true; {931#true} is VALID [2020-07-10 15:09:16,032 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {931#true} {931#true} #225#return; {931#true} is VALID [2020-07-10 15:09:16,032 INFO L263 TraceCheckUtils]: 4: Hoare triple {931#true} call #t~ret41 := main(); {931#true} is VALID [2020-07-10 15:09:16,032 INFO L280 TraceCheckUtils]: 5: Hoare triple {931#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {931#true} is VALID [2020-07-10 15:09:16,032 INFO L280 TraceCheckUtils]: 6: Hoare triple {931#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {931#true} is VALID [2020-07-10 15:09:16,033 INFO L280 TraceCheckUtils]: 7: Hoare triple {931#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {931#true} is VALID [2020-07-10 15:09:16,033 INFO L280 TraceCheckUtils]: 8: Hoare triple {931#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {931#true} is VALID [2020-07-10 15:09:16,033 INFO L280 TraceCheckUtils]: 9: Hoare triple {931#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {931#true} is VALID [2020-07-10 15:09:16,033 INFO L280 TraceCheckUtils]: 10: Hoare triple {931#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {931#true} is VALID [2020-07-10 15:09:16,034 INFO L280 TraceCheckUtils]: 11: Hoare triple {931#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {931#true} is VALID [2020-07-10 15:09:16,034 INFO L280 TraceCheckUtils]: 12: Hoare triple {931#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {931#true} is VALID [2020-07-10 15:09:16,034 INFO L280 TraceCheckUtils]: 13: Hoare triple {931#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {931#true} is VALID [2020-07-10 15:09:16,035 INFO L280 TraceCheckUtils]: 14: Hoare triple {931#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {931#true} is VALID [2020-07-10 15:09:16,035 INFO L280 TraceCheckUtils]: 15: Hoare triple {931#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {931#true} is VALID [2020-07-10 15:09:16,035 INFO L280 TraceCheckUtils]: 16: Hoare triple {931#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {931#true} is VALID [2020-07-10 15:09:16,036 INFO L280 TraceCheckUtils]: 17: Hoare triple {931#true} assume !(~a~0.base == 0 && ~a~0.offset == 0); {931#true} is VALID [2020-07-10 15:09:16,036 INFO L280 TraceCheckUtils]: 18: Hoare triple {931#true} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:16,037 INFO L280 TraceCheckUtils]: 19: Hoare triple {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:16,038 INFO L280 TraceCheckUtils]: 20: Hoare triple {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:16,039 INFO L280 TraceCheckUtils]: 21: Hoare triple {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:16,040 INFO L280 TraceCheckUtils]: 22: Hoare triple {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:16,041 INFO L280 TraceCheckUtils]: 23: Hoare triple {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:16,042 INFO L280 TraceCheckUtils]: 24: Hoare triple {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:16,042 INFO L280 TraceCheckUtils]: 25: Hoare triple {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:16,043 INFO L280 TraceCheckUtils]: 26: Hoare triple {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:16,043 INFO L280 TraceCheckUtils]: 27: Hoare triple {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(1 == #t~mem38);havoc #t~mem38; {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:16,044 INFO L280 TraceCheckUtils]: 28: Hoare triple {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {938#(= |main_#t~mem40| 3)} is VALID [2020-07-10 15:09:16,045 INFO L280 TraceCheckUtils]: 29: Hoare triple {938#(= |main_#t~mem40| 3)} assume 3 != #t~mem40;havoc #t~mem40; {932#false} is VALID [2020-07-10 15:09:16,045 INFO L280 TraceCheckUtils]: 30: Hoare triple {932#false} assume !false; {932#false} is VALID [2020-07-10 15:09:16,048 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:16,048 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1306546599] [2020-07-10 15:09:16,048 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-10 15:09:16,048 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2020-07-10 15:09:16,049 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [640417853] [2020-07-10 15:09:16,049 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 31 [2020-07-10 15:09:16,049 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:16,050 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2020-07-10 15:09:16,100 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:16,100 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2020-07-10 15:09:16,100 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:16,101 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2020-07-10 15:09:16,101 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2020-07-10 15:09:16,101 INFO L87 Difference]: Start difference. First operand 57 states and 79 transitions. Second operand 6 states. [2020-07-10 15:09:16,688 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:16,688 INFO L93 Difference]: Finished difference Result 82 states and 108 transitions. [2020-07-10 15:09:16,688 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2020-07-10 15:09:16,688 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 31 [2020-07-10 15:09:16,689 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:16,689 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-10 15:09:16,691 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 93 transitions. [2020-07-10 15:09:16,692 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-10 15:09:16,694 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 93 transitions. [2020-07-10 15:09:16,694 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 93 transitions. [2020-07-10 15:09:16,843 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 93 edges. 93 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:16,846 INFO L225 Difference]: With dead ends: 82 [2020-07-10 15:09:16,847 INFO L226 Difference]: Without dead ends: 78 [2020-07-10 15:09:16,847 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2020-07-10 15:09:16,848 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 78 states. [2020-07-10 15:09:16,865 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 78 to 66. [2020-07-10 15:09:16,865 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:16,866 INFO L82 GeneralOperation]: Start isEquivalent. First operand 78 states. Second operand 66 states. [2020-07-10 15:09:16,866 INFO L74 IsIncluded]: Start isIncluded. First operand 78 states. Second operand 66 states. [2020-07-10 15:09:16,866 INFO L87 Difference]: Start difference. First operand 78 states. Second operand 66 states. [2020-07-10 15:09:16,870 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:16,870 INFO L93 Difference]: Finished difference Result 78 states and 104 transitions. [2020-07-10 15:09:16,870 INFO L276 IsEmpty]: Start isEmpty. Operand 78 states and 104 transitions. [2020-07-10 15:09:16,871 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:16,871 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:16,871 INFO L74 IsIncluded]: Start isIncluded. First operand 66 states. Second operand 78 states. [2020-07-10 15:09:16,871 INFO L87 Difference]: Start difference. First operand 66 states. Second operand 78 states. [2020-07-10 15:09:16,876 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:16,876 INFO L93 Difference]: Finished difference Result 78 states and 104 transitions. [2020-07-10 15:09:16,876 INFO L276 IsEmpty]: Start isEmpty. Operand 78 states and 104 transitions. [2020-07-10 15:09:16,876 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:16,877 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:16,877 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:16,877 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:16,877 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 66 states. [2020-07-10 15:09:16,880 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 91 transitions. [2020-07-10 15:09:16,880 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 91 transitions. Word has length 31 [2020-07-10 15:09:16,881 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:16,881 INFO L479 AbstractCegarLoop]: Abstraction has 66 states and 91 transitions. [2020-07-10 15:09:16,881 INFO L480 AbstractCegarLoop]: Interpolant automaton has 6 states. [2020-07-10 15:09:16,881 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 91 transitions. [2020-07-10 15:09:16,882 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2020-07-10 15:09:16,882 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:16,882 INFO L422 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:16,883 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2020-07-10 15:09:16,883 INFO L427 AbstractCegarLoop]: === Iteration 5 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:16,883 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:16,883 INFO L82 PathProgramCache]: Analyzing trace with hash 852152367, now seen corresponding path program 1 times [2020-07-10 15:09:16,883 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:16,884 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1007434697] [2020-07-10 15:09:16,884 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:16,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:17,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:17,045 INFO L280 TraceCheckUtils]: 0: Hoare triple {1287#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1279#true} is VALID [2020-07-10 15:09:17,046 INFO L280 TraceCheckUtils]: 1: Hoare triple {1279#true} assume true; {1279#true} is VALID [2020-07-10 15:09:17,046 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1279#true} {1279#true} #225#return; {1279#true} is VALID [2020-07-10 15:09:17,049 INFO L263 TraceCheckUtils]: 0: Hoare triple {1279#true} call ULTIMATE.init(); {1287#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:17,049 INFO L280 TraceCheckUtils]: 1: Hoare triple {1287#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1279#true} is VALID [2020-07-10 15:09:17,050 INFO L280 TraceCheckUtils]: 2: Hoare triple {1279#true} assume true; {1279#true} is VALID [2020-07-10 15:09:17,050 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1279#true} {1279#true} #225#return; {1279#true} is VALID [2020-07-10 15:09:17,050 INFO L263 TraceCheckUtils]: 4: Hoare triple {1279#true} call #t~ret41 := main(); {1279#true} is VALID [2020-07-10 15:09:17,050 INFO L280 TraceCheckUtils]: 5: Hoare triple {1279#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {1279#true} is VALID [2020-07-10 15:09:17,051 INFO L280 TraceCheckUtils]: 6: Hoare triple {1279#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {1279#true} is VALID [2020-07-10 15:09:17,051 INFO L280 TraceCheckUtils]: 7: Hoare triple {1279#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {1279#true} is VALID [2020-07-10 15:09:17,051 INFO L280 TraceCheckUtils]: 8: Hoare triple {1279#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {1279#true} is VALID [2020-07-10 15:09:17,051 INFO L280 TraceCheckUtils]: 9: Hoare triple {1279#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1279#true} is VALID [2020-07-10 15:09:17,052 INFO L280 TraceCheckUtils]: 10: Hoare triple {1279#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {1279#true} is VALID [2020-07-10 15:09:17,052 INFO L280 TraceCheckUtils]: 11: Hoare triple {1279#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {1279#true} is VALID [2020-07-10 15:09:17,052 INFO L280 TraceCheckUtils]: 12: Hoare triple {1279#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {1279#true} is VALID [2020-07-10 15:09:17,052 INFO L280 TraceCheckUtils]: 13: Hoare triple {1279#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {1279#true} is VALID [2020-07-10 15:09:17,053 INFO L280 TraceCheckUtils]: 14: Hoare triple {1279#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1279#true} is VALID [2020-07-10 15:09:17,053 INFO L280 TraceCheckUtils]: 15: Hoare triple {1279#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {1279#true} is VALID [2020-07-10 15:09:17,053 INFO L280 TraceCheckUtils]: 16: Hoare triple {1279#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {1279#true} is VALID [2020-07-10 15:09:17,054 INFO L280 TraceCheckUtils]: 17: Hoare triple {1279#true} assume !(~a~0.base == 0 && ~a~0.offset == 0); {1279#true} is VALID [2020-07-10 15:09:17,055 INFO L280 TraceCheckUtils]: 18: Hoare triple {1279#true} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:17,068 INFO L280 TraceCheckUtils]: 19: Hoare triple {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:17,069 INFO L280 TraceCheckUtils]: 20: Hoare triple {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:17,070 INFO L280 TraceCheckUtils]: 21: Hoare triple {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:17,071 INFO L280 TraceCheckUtils]: 22: Hoare triple {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:17,072 INFO L280 TraceCheckUtils]: 23: Hoare triple {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:17,073 INFO L280 TraceCheckUtils]: 24: Hoare triple {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:17,078 INFO L280 TraceCheckUtils]: 25: Hoare triple {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:17,079 INFO L280 TraceCheckUtils]: 26: Hoare triple {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {1286#(= |main_#t~mem38| 3)} is VALID [2020-07-10 15:09:17,081 INFO L280 TraceCheckUtils]: 27: Hoare triple {1286#(= |main_#t~mem38| 3)} assume !!(1 == #t~mem38);havoc #t~mem38;call #t~mem39.base, #t~mem39.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem39.base, #t~mem39.offset;havoc #t~mem39.base, #t~mem39.offset; {1280#false} is VALID [2020-07-10 15:09:17,081 INFO L280 TraceCheckUtils]: 28: Hoare triple {1280#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {1280#false} is VALID [2020-07-10 15:09:17,081 INFO L280 TraceCheckUtils]: 29: Hoare triple {1280#false} assume !(1 == #t~mem38);havoc #t~mem38; {1280#false} is VALID [2020-07-10 15:09:17,082 INFO L280 TraceCheckUtils]: 30: Hoare triple {1280#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {1280#false} is VALID [2020-07-10 15:09:17,082 INFO L280 TraceCheckUtils]: 31: Hoare triple {1280#false} assume 3 != #t~mem40;havoc #t~mem40; {1280#false} is VALID [2020-07-10 15:09:17,082 INFO L280 TraceCheckUtils]: 32: Hoare triple {1280#false} assume !false; {1280#false} is VALID [2020-07-10 15:09:17,085 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:17,085 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1007434697] [2020-07-10 15:09:17,085 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-10 15:09:17,085 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2020-07-10 15:09:17,086 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [89125665] [2020-07-10 15:09:17,087 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 33 [2020-07-10 15:09:17,087 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:17,087 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2020-07-10 15:09:17,126 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 33 edges. 33 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:17,126 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2020-07-10 15:09:17,126 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:17,127 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2020-07-10 15:09:17,127 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2020-07-10 15:09:17,127 INFO L87 Difference]: Start difference. First operand 66 states and 91 transitions. Second operand 6 states. [2020-07-10 15:09:17,722 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:17,723 INFO L93 Difference]: Finished difference Result 84 states and 110 transitions. [2020-07-10 15:09:17,723 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2020-07-10 15:09:17,723 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 33 [2020-07-10 15:09:17,723 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:17,724 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-10 15:09:17,726 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 95 transitions. [2020-07-10 15:09:17,727 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-10 15:09:17,729 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 95 transitions. [2020-07-10 15:09:17,729 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 95 transitions. [2020-07-10 15:09:17,845 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:17,847 INFO L225 Difference]: With dead ends: 84 [2020-07-10 15:09:17,848 INFO L226 Difference]: Without dead ends: 76 [2020-07-10 15:09:17,848 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2020-07-10 15:09:17,849 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 76 states. [2020-07-10 15:09:17,879 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 76 to 64. [2020-07-10 15:09:17,880 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:17,880 INFO L82 GeneralOperation]: Start isEquivalent. First operand 76 states. Second operand 64 states. [2020-07-10 15:09:17,880 INFO L74 IsIncluded]: Start isIncluded. First operand 76 states. Second operand 64 states. [2020-07-10 15:09:17,880 INFO L87 Difference]: Start difference. First operand 76 states. Second operand 64 states. [2020-07-10 15:09:17,885 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:17,885 INFO L93 Difference]: Finished difference Result 76 states and 101 transitions. [2020-07-10 15:09:17,885 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 101 transitions. [2020-07-10 15:09:17,886 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:17,886 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:17,886 INFO L74 IsIncluded]: Start isIncluded. First operand 64 states. Second operand 76 states. [2020-07-10 15:09:17,886 INFO L87 Difference]: Start difference. First operand 64 states. Second operand 76 states. [2020-07-10 15:09:17,892 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:17,892 INFO L93 Difference]: Finished difference Result 76 states and 101 transitions. [2020-07-10 15:09:17,892 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 101 transitions. [2020-07-10 15:09:17,893 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:17,893 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:17,893 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:17,893 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:17,893 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 64 states. [2020-07-10 15:09:17,896 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 64 states to 64 states and 88 transitions. [2020-07-10 15:09:17,896 INFO L78 Accepts]: Start accepts. Automaton has 64 states and 88 transitions. Word has length 33 [2020-07-10 15:09:17,898 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:17,899 INFO L479 AbstractCegarLoop]: Abstraction has 64 states and 88 transitions. [2020-07-10 15:09:17,899 INFO L480 AbstractCegarLoop]: Interpolant automaton has 6 states. [2020-07-10 15:09:17,899 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 88 transitions. [2020-07-10 15:09:17,902 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2020-07-10 15:09:17,902 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:17,902 INFO L422 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:17,903 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2020-07-10 15:09:17,903 INFO L427 AbstractCegarLoop]: === Iteration 6 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:17,903 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:17,903 INFO L82 PathProgramCache]: Analyzing trace with hash 1876855343, now seen corresponding path program 1 times [2020-07-10 15:09:17,904 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:17,904 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1456106260] [2020-07-10 15:09:17,904 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:17,951 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:18,031 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:18,040 INFO L280 TraceCheckUtils]: 0: Hoare triple {1631#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1623#true} is VALID [2020-07-10 15:09:18,040 INFO L280 TraceCheckUtils]: 1: Hoare triple {1623#true} assume true; {1623#true} is VALID [2020-07-10 15:09:18,040 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1623#true} {1623#true} #225#return; {1623#true} is VALID [2020-07-10 15:09:18,041 INFO L263 TraceCheckUtils]: 0: Hoare triple {1623#true} call ULTIMATE.init(); {1631#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:18,041 INFO L280 TraceCheckUtils]: 1: Hoare triple {1631#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1623#true} is VALID [2020-07-10 15:09:18,042 INFO L280 TraceCheckUtils]: 2: Hoare triple {1623#true} assume true; {1623#true} is VALID [2020-07-10 15:09:18,042 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1623#true} {1623#true} #225#return; {1623#true} is VALID [2020-07-10 15:09:18,042 INFO L263 TraceCheckUtils]: 4: Hoare triple {1623#true} call #t~ret41 := main(); {1623#true} is VALID [2020-07-10 15:09:18,042 INFO L280 TraceCheckUtils]: 5: Hoare triple {1623#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {1623#true} is VALID [2020-07-10 15:09:18,042 INFO L280 TraceCheckUtils]: 6: Hoare triple {1623#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {1623#true} is VALID [2020-07-10 15:09:18,043 INFO L280 TraceCheckUtils]: 7: Hoare triple {1623#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {1623#true} is VALID [2020-07-10 15:09:18,043 INFO L280 TraceCheckUtils]: 8: Hoare triple {1623#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {1623#true} is VALID [2020-07-10 15:09:18,043 INFO L280 TraceCheckUtils]: 9: Hoare triple {1623#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1623#true} is VALID [2020-07-10 15:09:18,043 INFO L280 TraceCheckUtils]: 10: Hoare triple {1623#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {1623#true} is VALID [2020-07-10 15:09:18,043 INFO L280 TraceCheckUtils]: 11: Hoare triple {1623#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {1623#true} is VALID [2020-07-10 15:09:18,044 INFO L280 TraceCheckUtils]: 12: Hoare triple {1623#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {1623#true} is VALID [2020-07-10 15:09:18,044 INFO L280 TraceCheckUtils]: 13: Hoare triple {1623#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {1623#true} is VALID [2020-07-10 15:09:18,044 INFO L280 TraceCheckUtils]: 14: Hoare triple {1623#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1623#true} is VALID [2020-07-10 15:09:18,045 INFO L280 TraceCheckUtils]: 15: Hoare triple {1623#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {1623#true} is VALID [2020-07-10 15:09:18,045 INFO L280 TraceCheckUtils]: 16: Hoare triple {1623#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {1623#true} is VALID [2020-07-10 15:09:18,045 INFO L280 TraceCheckUtils]: 17: Hoare triple {1623#true} assume !(~a~0.base == 0 && ~a~0.offset == 0); {1623#true} is VALID [2020-07-10 15:09:18,046 INFO L280 TraceCheckUtils]: 18: Hoare triple {1623#true} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:18,047 INFO L280 TraceCheckUtils]: 19: Hoare triple {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:18,047 INFO L280 TraceCheckUtils]: 20: Hoare triple {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:18,048 INFO L280 TraceCheckUtils]: 21: Hoare triple {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:18,048 INFO L280 TraceCheckUtils]: 22: Hoare triple {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:18,050 INFO L280 TraceCheckUtils]: 23: Hoare triple {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1629#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:18,050 INFO L280 TraceCheckUtils]: 24: Hoare triple {1629#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {1630#(= |main_#t~mem36| 3)} is VALID [2020-07-10 15:09:18,051 INFO L280 TraceCheckUtils]: 25: Hoare triple {1630#(= |main_#t~mem36| 3)} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {1624#false} is VALID [2020-07-10 15:09:18,051 INFO L280 TraceCheckUtils]: 26: Hoare triple {1624#false} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {1624#false} is VALID [2020-07-10 15:09:18,051 INFO L280 TraceCheckUtils]: 27: Hoare triple {1624#false} assume !(2 == #t~mem36);havoc #t~mem36; {1624#false} is VALID [2020-07-10 15:09:18,052 INFO L280 TraceCheckUtils]: 28: Hoare triple {1624#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {1624#false} is VALID [2020-07-10 15:09:18,052 INFO L280 TraceCheckUtils]: 29: Hoare triple {1624#false} assume !(1 == #t~mem38);havoc #t~mem38; {1624#false} is VALID [2020-07-10 15:09:18,053 INFO L280 TraceCheckUtils]: 30: Hoare triple {1624#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {1624#false} is VALID [2020-07-10 15:09:18,053 INFO L280 TraceCheckUtils]: 31: Hoare triple {1624#false} assume 3 != #t~mem40;havoc #t~mem40; {1624#false} is VALID [2020-07-10 15:09:18,053 INFO L280 TraceCheckUtils]: 32: Hoare triple {1624#false} assume !false; {1624#false} is VALID [2020-07-10 15:09:18,055 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:18,055 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1456106260] [2020-07-10 15:09:18,055 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-10 15:09:18,056 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2020-07-10 15:09:18,056 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1984287818] [2020-07-10 15:09:18,056 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 33 [2020-07-10 15:09:18,057 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:18,057 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2020-07-10 15:09:18,106 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 33 edges. 33 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:18,107 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2020-07-10 15:09:18,107 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:18,107 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2020-07-10 15:09:18,108 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2020-07-10 15:09:18,108 INFO L87 Difference]: Start difference. First operand 64 states and 88 transitions. Second operand 6 states. [2020-07-10 15:09:18,683 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:18,683 INFO L93 Difference]: Finished difference Result 84 states and 110 transitions. [2020-07-10 15:09:18,684 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2020-07-10 15:09:18,684 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 33 [2020-07-10 15:09:18,684 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:18,684 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-10 15:09:18,687 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 95 transitions. [2020-07-10 15:09:18,687 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-10 15:09:18,689 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 95 transitions. [2020-07-10 15:09:18,689 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 95 transitions. [2020-07-10 15:09:18,816 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:18,819 INFO L225 Difference]: With dead ends: 84 [2020-07-10 15:09:18,819 INFO L226 Difference]: Without dead ends: 73 [2020-07-10 15:09:18,820 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2020-07-10 15:09:18,821 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 73 states. [2020-07-10 15:09:18,843 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 73 to 61. [2020-07-10 15:09:18,843 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:18,843 INFO L82 GeneralOperation]: Start isEquivalent. First operand 73 states. Second operand 61 states. [2020-07-10 15:09:18,843 INFO L74 IsIncluded]: Start isIncluded. First operand 73 states. Second operand 61 states. [2020-07-10 15:09:18,843 INFO L87 Difference]: Start difference. First operand 73 states. Second operand 61 states. [2020-07-10 15:09:18,846 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:18,846 INFO L93 Difference]: Finished difference Result 73 states and 97 transitions. [2020-07-10 15:09:18,846 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 97 transitions. [2020-07-10 15:09:18,847 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:18,847 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:18,847 INFO L74 IsIncluded]: Start isIncluded. First operand 61 states. Second operand 73 states. [2020-07-10 15:09:18,847 INFO L87 Difference]: Start difference. First operand 61 states. Second operand 73 states. [2020-07-10 15:09:18,850 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:18,850 INFO L93 Difference]: Finished difference Result 73 states and 97 transitions. [2020-07-10 15:09:18,850 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 97 transitions. [2020-07-10 15:09:18,851 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:18,851 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:18,851 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:18,851 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:18,851 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 61 states. [2020-07-10 15:09:18,854 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 61 states to 61 states and 84 transitions. [2020-07-10 15:09:18,854 INFO L78 Accepts]: Start accepts. Automaton has 61 states and 84 transitions. Word has length 33 [2020-07-10 15:09:18,854 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:18,854 INFO L479 AbstractCegarLoop]: Abstraction has 61 states and 84 transitions. [2020-07-10 15:09:18,854 INFO L480 AbstractCegarLoop]: Interpolant automaton has 6 states. [2020-07-10 15:09:18,854 INFO L276 IsEmpty]: Start isEmpty. Operand 61 states and 84 transitions. [2020-07-10 15:09:18,855 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2020-07-10 15:09:18,855 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:18,855 INFO L422 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:18,855 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2020-07-10 15:09:18,856 INFO L427 AbstractCegarLoop]: === Iteration 7 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:18,856 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:18,856 INFO L82 PathProgramCache]: Analyzing trace with hash -778946181, now seen corresponding path program 1 times [2020-07-10 15:09:18,856 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:18,857 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2137998110] [2020-07-10 15:09:18,857 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:18,880 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:19,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:19,026 INFO L280 TraceCheckUtils]: 0: Hoare triple {1969#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1958#true} is VALID [2020-07-10 15:09:19,027 INFO L280 TraceCheckUtils]: 1: Hoare triple {1958#true} assume true; {1958#true} is VALID [2020-07-10 15:09:19,027 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1958#true} {1958#true} #225#return; {1958#true} is VALID [2020-07-10 15:09:19,030 INFO L263 TraceCheckUtils]: 0: Hoare triple {1958#true} call ULTIMATE.init(); {1969#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:19,031 INFO L280 TraceCheckUtils]: 1: Hoare triple {1969#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1958#true} is VALID [2020-07-10 15:09:19,031 INFO L280 TraceCheckUtils]: 2: Hoare triple {1958#true} assume true; {1958#true} is VALID [2020-07-10 15:09:19,031 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1958#true} {1958#true} #225#return; {1958#true} is VALID [2020-07-10 15:09:19,031 INFO L263 TraceCheckUtils]: 4: Hoare triple {1958#true} call #t~ret41 := main(); {1958#true} is VALID [2020-07-10 15:09:19,032 INFO L280 TraceCheckUtils]: 5: Hoare triple {1958#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {1958#true} is VALID [2020-07-10 15:09:19,032 INFO L280 TraceCheckUtils]: 6: Hoare triple {1958#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {1958#true} is VALID [2020-07-10 15:09:19,032 INFO L280 TraceCheckUtils]: 7: Hoare triple {1958#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {1958#true} is VALID [2020-07-10 15:09:19,032 INFO L280 TraceCheckUtils]: 8: Hoare triple {1958#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {1958#true} is VALID [2020-07-10 15:09:19,032 INFO L280 TraceCheckUtils]: 9: Hoare triple {1958#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1958#true} is VALID [2020-07-10 15:09:19,033 INFO L280 TraceCheckUtils]: 10: Hoare triple {1958#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {1958#true} is VALID [2020-07-10 15:09:19,033 INFO L280 TraceCheckUtils]: 11: Hoare triple {1958#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {1958#true} is VALID [2020-07-10 15:09:19,033 INFO L280 TraceCheckUtils]: 12: Hoare triple {1958#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {1958#true} is VALID [2020-07-10 15:09:19,033 INFO L280 TraceCheckUtils]: 13: Hoare triple {1958#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {1958#true} is VALID [2020-07-10 15:09:19,034 INFO L280 TraceCheckUtils]: 14: Hoare triple {1958#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1958#true} is VALID [2020-07-10 15:09:19,034 INFO L280 TraceCheckUtils]: 15: Hoare triple {1958#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {1958#true} is VALID [2020-07-10 15:09:19,038 INFO L280 TraceCheckUtils]: 16: Hoare triple {1958#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {1963#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:19,039 INFO L280 TraceCheckUtils]: 17: Hoare triple {1963#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {1963#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:19,039 INFO L280 TraceCheckUtils]: 18: Hoare triple {1963#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,040 INFO L280 TraceCheckUtils]: 19: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,040 INFO L280 TraceCheckUtils]: 20: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,041 INFO L280 TraceCheckUtils]: 21: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,042 INFO L280 TraceCheckUtils]: 22: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,043 INFO L280 TraceCheckUtils]: 23: Hoare triple {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,044 INFO L280 TraceCheckUtils]: 24: Hoare triple {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:19,045 INFO L280 TraceCheckUtils]: 25: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:19,045 INFO L280 TraceCheckUtils]: 26: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet33);havoc #t~nondet33; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:19,046 INFO L280 TraceCheckUtils]: 27: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1967#(= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:19,047 INFO L280 TraceCheckUtils]: 28: Hoare triple {1967#(= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {1968#(= |main_#t~mem36| 2)} is VALID [2020-07-10 15:09:19,048 INFO L280 TraceCheckUtils]: 29: Hoare triple {1968#(= |main_#t~mem36| 2)} assume !(2 == #t~mem36);havoc #t~mem36; {1959#false} is VALID [2020-07-10 15:09:19,048 INFO L280 TraceCheckUtils]: 30: Hoare triple {1959#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {1959#false} is VALID [2020-07-10 15:09:19,048 INFO L280 TraceCheckUtils]: 31: Hoare triple {1959#false} assume !(1 == #t~mem38);havoc #t~mem38; {1959#false} is VALID [2020-07-10 15:09:19,049 INFO L280 TraceCheckUtils]: 32: Hoare triple {1959#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {1959#false} is VALID [2020-07-10 15:09:19,049 INFO L280 TraceCheckUtils]: 33: Hoare triple {1959#false} assume 3 != #t~mem40;havoc #t~mem40; {1959#false} is VALID [2020-07-10 15:09:19,049 INFO L280 TraceCheckUtils]: 34: Hoare triple {1959#false} assume !false; {1959#false} is VALID [2020-07-10 15:09:19,053 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:19,053 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2137998110] [2020-07-10 15:09:19,053 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1842867523] [2020-07-10 15:09:19,053 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:19,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:19,168 INFO L264 TraceCheckSpWp]: Trace formula consists of 158 conjuncts, 28 conjunts are in the unsatisfiable core [2020-07-10 15:09:19,188 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:19,195 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-10 15:09:19,312 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-10 15:09:19,313 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:19,317 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:19,317 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:19,317 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2020-07-10 15:09:19,321 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:19,321 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_21|]. (= |#valid| (store |v_#valid_21| main_~a~0.base 1)) [2020-07-10 15:09:19,322 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 1 (select |#valid| main_~a~0.base)) [2020-07-10 15:09:19,413 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:19,414 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 15 [2020-07-10 15:09:19,415 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:19,424 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:19,433 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-10 15:09:19,433 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:19,446 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:19,447 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:19,447 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:28, output treesize:18 [2020-07-10 15:09:19,450 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:19,451 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_36|, |v_#valid_22|]. (and (= |#memory_int| (store |v_#memory_int_36| main_~p~0.base (store (select |v_#memory_int_36| main_~p~0.base) main_~p~0.offset 2))) (= main_~a~0.base main_~p~0.base) (= 1 (select |v_#valid_22| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset) (= 0 (select |v_#valid_22| main_~t~0.base))) [2020-07-10 15:09:19,451 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-10 15:09:19,517 INFO L350 Elim1Store]: treesize reduction 27, result has 20.6 percent of original size [2020-07-10 15:09:19,518 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 27 treesize of output 11 [2020-07-10 15:09:19,520 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:19,526 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:19,527 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:19,527 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:31, output treesize:12 [2020-07-10 15:09:19,567 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 18 [2020-07-10 15:09:19,570 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:19,578 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:19,583 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2020-07-10 15:09:19,584 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:23, output treesize:19 [2020-07-10 15:09:19,590 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:19,590 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_38|, v_main_~p~0.base_18, v_main_~p~0.offset_18]. (and (not (= v_main_~p~0.base_18 main_~p~0.base)) (= 2 (select (select |v_#memory_int_38| main_~p~0.base) main_~p~0.offset)) (= (store |v_#memory_int_38| v_main_~p~0.base_18 (store (select |v_#memory_int_38| v_main_~p~0.base_18) v_main_~p~0.offset_18 3)) |#memory_int|)) [2020-07-10 15:09:19,590 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_18, v_main_~p~0.offset_18]. (and (not (= v_main_~p~0.base_18 main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| v_main_~p~0.base_18) v_main_~p~0.offset_18))) [2020-07-10 15:09:19,655 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 10 [2020-07-10 15:09:19,658 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:19,662 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:19,664 INFO L544 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:19,664 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 5 variables, input treesize:26, output treesize:3 [2020-07-10 15:09:19,667 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:19,667 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset, v_main_~p~0.base_18, v_main_~p~0.offset_18]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (not (= v_main_~p~0.base_18 main_~p~0.base)) (= |main_#t~mem36| .cse0) (= 2 .cse0) (= 3 (select (select |#memory_int| v_main_~p~0.base_18) v_main_~p~0.offset_18)))) [2020-07-10 15:09:19,667 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem36| 2) [2020-07-10 15:09:19,672 INFO L263 TraceCheckUtils]: 0: Hoare triple {1958#true} call ULTIMATE.init(); {1958#true} is VALID [2020-07-10 15:09:19,672 INFO L280 TraceCheckUtils]: 1: Hoare triple {1958#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1958#true} is VALID [2020-07-10 15:09:19,672 INFO L280 TraceCheckUtils]: 2: Hoare triple {1958#true} assume true; {1958#true} is VALID [2020-07-10 15:09:19,673 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1958#true} {1958#true} #225#return; {1958#true} is VALID [2020-07-10 15:09:19,673 INFO L263 TraceCheckUtils]: 4: Hoare triple {1958#true} call #t~ret41 := main(); {1958#true} is VALID [2020-07-10 15:09:19,673 INFO L280 TraceCheckUtils]: 5: Hoare triple {1958#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {1958#true} is VALID [2020-07-10 15:09:19,674 INFO L280 TraceCheckUtils]: 6: Hoare triple {1958#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {1958#true} is VALID [2020-07-10 15:09:19,674 INFO L280 TraceCheckUtils]: 7: Hoare triple {1958#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {1958#true} is VALID [2020-07-10 15:09:19,674 INFO L280 TraceCheckUtils]: 8: Hoare triple {1958#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {1958#true} is VALID [2020-07-10 15:09:19,675 INFO L280 TraceCheckUtils]: 9: Hoare triple {1958#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1958#true} is VALID [2020-07-10 15:09:19,675 INFO L280 TraceCheckUtils]: 10: Hoare triple {1958#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {1958#true} is VALID [2020-07-10 15:09:19,675 INFO L280 TraceCheckUtils]: 11: Hoare triple {1958#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {1958#true} is VALID [2020-07-10 15:09:19,675 INFO L280 TraceCheckUtils]: 12: Hoare triple {1958#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {1958#true} is VALID [2020-07-10 15:09:19,676 INFO L280 TraceCheckUtils]: 13: Hoare triple {1958#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {1958#true} is VALID [2020-07-10 15:09:19,676 INFO L280 TraceCheckUtils]: 14: Hoare triple {1958#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1958#true} is VALID [2020-07-10 15:09:19,676 INFO L280 TraceCheckUtils]: 15: Hoare triple {1958#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {1958#true} is VALID [2020-07-10 15:09:19,678 INFO L280 TraceCheckUtils]: 16: Hoare triple {1958#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {1963#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:19,679 INFO L280 TraceCheckUtils]: 17: Hoare triple {1963#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {1963#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:19,680 INFO L280 TraceCheckUtils]: 18: Hoare triple {1963#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,681 INFO L280 TraceCheckUtils]: 19: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,682 INFO L280 TraceCheckUtils]: 20: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,684 INFO L280 TraceCheckUtils]: 21: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,686 INFO L280 TraceCheckUtils]: 22: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,687 INFO L280 TraceCheckUtils]: 23: Hoare triple {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:19,689 INFO L280 TraceCheckUtils]: 24: Hoare triple {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:19,697 INFO L280 TraceCheckUtils]: 25: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:19,705 INFO L280 TraceCheckUtils]: 26: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet33);havoc #t~nondet33; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:19,709 INFO L280 TraceCheckUtils]: 27: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2054#(and (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.offset_18 Int) (v_main_~p~0.base_18 Int)) (and (not (= v_main_~p~0.base_18 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_18) v_main_~p~0.offset_18)))))} is VALID [2020-07-10 15:09:19,713 INFO L280 TraceCheckUtils]: 28: Hoare triple {2054#(and (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.offset_18 Int) (v_main_~p~0.base_18 Int)) (and (not (= v_main_~p~0.base_18 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_18) v_main_~p~0.offset_18)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {1968#(= |main_#t~mem36| 2)} is VALID [2020-07-10 15:09:19,714 INFO L280 TraceCheckUtils]: 29: Hoare triple {1968#(= |main_#t~mem36| 2)} assume !(2 == #t~mem36);havoc #t~mem36; {1959#false} is VALID [2020-07-10 15:09:19,714 INFO L280 TraceCheckUtils]: 30: Hoare triple {1959#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {1959#false} is VALID [2020-07-10 15:09:19,714 INFO L280 TraceCheckUtils]: 31: Hoare triple {1959#false} assume !(1 == #t~mem38);havoc #t~mem38; {1959#false} is VALID [2020-07-10 15:09:19,715 INFO L280 TraceCheckUtils]: 32: Hoare triple {1959#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {1959#false} is VALID [2020-07-10 15:09:19,715 INFO L280 TraceCheckUtils]: 33: Hoare triple {1959#false} assume 3 != #t~mem40;havoc #t~mem40; {1959#false} is VALID [2020-07-10 15:09:19,715 INFO L280 TraceCheckUtils]: 34: Hoare triple {1959#false} assume !false; {1959#false} is VALID [2020-07-10 15:09:19,720 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:19,721 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-10 15:09:19,721 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 8] total 10 [2020-07-10 15:09:19,721 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [680325583] [2020-07-10 15:09:19,722 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 35 [2020-07-10 15:09:19,723 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:19,723 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states. [2020-07-10 15:09:19,805 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:19,805 INFO L459 AbstractCegarLoop]: Interpolant automaton has 10 states [2020-07-10 15:09:19,806 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:19,806 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2020-07-10 15:09:19,806 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=70, Unknown=0, NotChecked=0, Total=90 [2020-07-10 15:09:19,806 INFO L87 Difference]: Start difference. First operand 61 states and 84 transitions. Second operand 10 states. [2020-07-10 15:09:21,059 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:21,060 INFO L93 Difference]: Finished difference Result 86 states and 112 transitions. [2020-07-10 15:09:21,060 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2020-07-10 15:09:21,060 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 35 [2020-07-10 15:09:21,060 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:21,060 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-10 15:09:21,064 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 97 transitions. [2020-07-10 15:09:21,065 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-10 15:09:21,068 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 97 transitions. [2020-07-10 15:09:21,068 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 97 transitions. [2020-07-10 15:09:21,197 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 97 edges. 97 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:21,199 INFO L225 Difference]: With dead ends: 86 [2020-07-10 15:09:21,199 INFO L226 Difference]: Without dead ends: 80 [2020-07-10 15:09:21,200 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 35 SyntacticMatches, 1 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=58, Invalid=182, Unknown=0, NotChecked=0, Total=240 [2020-07-10 15:09:21,200 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 80 states. [2020-07-10 15:09:21,236 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 80 to 68. [2020-07-10 15:09:21,237 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:21,237 INFO L82 GeneralOperation]: Start isEquivalent. First operand 80 states. Second operand 68 states. [2020-07-10 15:09:21,237 INFO L74 IsIncluded]: Start isIncluded. First operand 80 states. Second operand 68 states. [2020-07-10 15:09:21,237 INFO L87 Difference]: Start difference. First operand 80 states. Second operand 68 states. [2020-07-10 15:09:21,241 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:21,241 INFO L93 Difference]: Finished difference Result 80 states and 105 transitions. [2020-07-10 15:09:21,241 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 105 transitions. [2020-07-10 15:09:21,242 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:21,242 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:21,242 INFO L74 IsIncluded]: Start isIncluded. First operand 68 states. Second operand 80 states. [2020-07-10 15:09:21,242 INFO L87 Difference]: Start difference. First operand 68 states. Second operand 80 states. [2020-07-10 15:09:21,245 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:21,246 INFO L93 Difference]: Finished difference Result 80 states and 105 transitions. [2020-07-10 15:09:21,246 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 105 transitions. [2020-07-10 15:09:21,246 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:21,246 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:21,246 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:21,247 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:21,247 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 68 states. [2020-07-10 15:09:21,249 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 68 states to 68 states and 92 transitions. [2020-07-10 15:09:21,249 INFO L78 Accepts]: Start accepts. Automaton has 68 states and 92 transitions. Word has length 35 [2020-07-10 15:09:21,250 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:21,250 INFO L479 AbstractCegarLoop]: Abstraction has 68 states and 92 transitions. [2020-07-10 15:09:21,250 INFO L480 AbstractCegarLoop]: Interpolant automaton has 10 states. [2020-07-10 15:09:21,250 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 92 transitions. [2020-07-10 15:09:21,250 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2020-07-10 15:09:21,251 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:21,251 INFO L422 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:21,463 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable6 [2020-07-10 15:09:21,464 INFO L427 AbstractCegarLoop]: === Iteration 8 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:21,465 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:21,465 INFO L82 PathProgramCache]: Analyzing trace with hash 84455483, now seen corresponding path program 1 times [2020-07-10 15:09:21,465 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:21,466 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [917976131] [2020-07-10 15:09:21,466 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:21,502 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:21,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:21,703 INFO L280 TraceCheckUtils]: 0: Hoare triple {2441#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2430#true} is VALID [2020-07-10 15:09:21,704 INFO L280 TraceCheckUtils]: 1: Hoare triple {2430#true} assume true; {2430#true} is VALID [2020-07-10 15:09:21,704 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2430#true} {2430#true} #225#return; {2430#true} is VALID [2020-07-10 15:09:21,705 INFO L263 TraceCheckUtils]: 0: Hoare triple {2430#true} call ULTIMATE.init(); {2441#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:21,705 INFO L280 TraceCheckUtils]: 1: Hoare triple {2441#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2430#true} is VALID [2020-07-10 15:09:21,706 INFO L280 TraceCheckUtils]: 2: Hoare triple {2430#true} assume true; {2430#true} is VALID [2020-07-10 15:09:21,706 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2430#true} {2430#true} #225#return; {2430#true} is VALID [2020-07-10 15:09:21,706 INFO L263 TraceCheckUtils]: 4: Hoare triple {2430#true} call #t~ret41 := main(); {2430#true} is VALID [2020-07-10 15:09:21,706 INFO L280 TraceCheckUtils]: 5: Hoare triple {2430#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {2430#true} is VALID [2020-07-10 15:09:21,706 INFO L280 TraceCheckUtils]: 6: Hoare triple {2430#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {2430#true} is VALID [2020-07-10 15:09:21,707 INFO L280 TraceCheckUtils]: 7: Hoare triple {2430#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {2430#true} is VALID [2020-07-10 15:09:21,707 INFO L280 TraceCheckUtils]: 8: Hoare triple {2430#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {2430#true} is VALID [2020-07-10 15:09:21,707 INFO L280 TraceCheckUtils]: 9: Hoare triple {2430#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2430#true} is VALID [2020-07-10 15:09:21,707 INFO L280 TraceCheckUtils]: 10: Hoare triple {2430#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {2430#true} is VALID [2020-07-10 15:09:21,707 INFO L280 TraceCheckUtils]: 11: Hoare triple {2430#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {2430#true} is VALID [2020-07-10 15:09:21,708 INFO L280 TraceCheckUtils]: 12: Hoare triple {2430#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {2430#true} is VALID [2020-07-10 15:09:21,708 INFO L280 TraceCheckUtils]: 13: Hoare triple {2430#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {2430#true} is VALID [2020-07-10 15:09:21,708 INFO L280 TraceCheckUtils]: 14: Hoare triple {2430#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2430#true} is VALID [2020-07-10 15:09:21,708 INFO L280 TraceCheckUtils]: 15: Hoare triple {2430#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {2430#true} is VALID [2020-07-10 15:09:21,710 INFO L280 TraceCheckUtils]: 16: Hoare triple {2430#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {2435#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:21,710 INFO L280 TraceCheckUtils]: 17: Hoare triple {2435#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {2435#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:21,711 INFO L280 TraceCheckUtils]: 18: Hoare triple {2435#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:21,712 INFO L280 TraceCheckUtils]: 19: Hoare triple {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:21,714 INFO L280 TraceCheckUtils]: 20: Hoare triple {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet30);havoc #t~nondet30;call write~int(1, ~p~0.base, ~p~0.offset, 4);call #t~malloc31.base, #t~malloc31.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc31.base, #t~malloc31.offset; {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:21,715 INFO L280 TraceCheckUtils]: 21: Hoare triple {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:21,717 INFO L280 TraceCheckUtils]: 22: Hoare triple {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem32.base, #t~mem32.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem32.base, #t~mem32.offset;havoc #t~mem32.base, #t~mem32.offset; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:21,720 INFO L280 TraceCheckUtils]: 23: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:21,720 INFO L280 TraceCheckUtils]: 24: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:21,721 INFO L280 TraceCheckUtils]: 25: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:21,722 INFO L280 TraceCheckUtils]: 26: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet33);havoc #t~nondet33; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:21,723 INFO L280 TraceCheckUtils]: 27: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:21,724 INFO L280 TraceCheckUtils]: 28: Hoare triple {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:21,725 INFO L280 TraceCheckUtils]: 29: Hoare triple {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:21,726 INFO L280 TraceCheckUtils]: 30: Hoare triple {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {2440#(= |main_#t~mem38| 1)} is VALID [2020-07-10 15:09:21,726 INFO L280 TraceCheckUtils]: 31: Hoare triple {2440#(= |main_#t~mem38| 1)} assume !(1 == #t~mem38);havoc #t~mem38; {2431#false} is VALID [2020-07-10 15:09:21,727 INFO L280 TraceCheckUtils]: 32: Hoare triple {2431#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {2431#false} is VALID [2020-07-10 15:09:21,727 INFO L280 TraceCheckUtils]: 33: Hoare triple {2431#false} assume 3 != #t~mem40;havoc #t~mem40; {2431#false} is VALID [2020-07-10 15:09:21,727 INFO L280 TraceCheckUtils]: 34: Hoare triple {2431#false} assume !false; {2431#false} is VALID [2020-07-10 15:09:21,732 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:21,732 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [917976131] [2020-07-10 15:09:21,735 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [94405519] [2020-07-10 15:09:21,735 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:21,856 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:21,858 INFO L264 TraceCheckSpWp]: Trace formula consists of 158 conjuncts, 28 conjunts are in the unsatisfiable core [2020-07-10 15:09:21,875 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:21,877 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-10 15:09:21,905 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-10 15:09:21,906 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:21,908 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:21,909 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:21,909 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2020-07-10 15:09:21,911 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:21,911 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_23|]. (= (store |v_#valid_23| main_~a~0.base 1) |#valid|) [2020-07-10 15:09:21,911 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 1 (select |#valid| main_~a~0.base)) [2020-07-10 15:09:21,944 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:21,945 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 15 [2020-07-10 15:09:21,946 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:21,954 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:21,967 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-10 15:09:21,967 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:21,975 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:21,975 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:21,976 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:28, output treesize:18 [2020-07-10 15:09:21,979 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:21,979 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_39|, |v_#valid_24|]. (and (= |#memory_int| (store |v_#memory_int_39| main_~p~0.base (store (select |v_#memory_int_39| main_~p~0.base) main_~p~0.offset 1))) (= main_~a~0.base main_~p~0.base) (= 0 (select |v_#valid_24| main_~t~0.base)) (= main_~a~0.offset main_~p~0.offset) (= 1 (select |v_#valid_24| main_~p~0.base))) [2020-07-10 15:09:21,979 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-10 15:09:22,021 INFO L350 Elim1Store]: treesize reduction 27, result has 20.6 percent of original size [2020-07-10 15:09:22,022 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 27 treesize of output 11 [2020-07-10 15:09:22,023 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:22,028 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:22,029 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:22,029 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:31, output treesize:12 [2020-07-10 15:09:22,059 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 18 [2020-07-10 15:09:22,061 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:22,068 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:22,070 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2020-07-10 15:09:22,070 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:23, output treesize:19 [2020-07-10 15:09:22,074 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:22,075 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_41|, v_main_~p~0.base_20, v_main_~p~0.offset_20]. (and (= 1 (select (select |v_#memory_int_41| main_~p~0.base) main_~p~0.offset)) (not (= v_main_~p~0.base_20 main_~p~0.base)) (= (store |v_#memory_int_41| v_main_~p~0.base_20 (store (select |v_#memory_int_41| v_main_~p~0.base_20) v_main_~p~0.offset_20 3)) |#memory_int|)) [2020-07-10 15:09:22,075 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_20, v_main_~p~0.offset_20]. (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) [2020-07-10 15:09:22,166 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 10 [2020-07-10 15:09:22,167 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:22,171 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:22,175 INFO L544 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:22,175 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 5 variables, input treesize:26, output treesize:3 [2020-07-10 15:09:22,177 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:22,177 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset, v_main_~p~0.base_20, v_main_~p~0.offset_20]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (= |main_#t~mem38| .cse0) (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)) (= 1 .cse0))) [2020-07-10 15:09:22,177 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem38| 1) [2020-07-10 15:09:22,180 INFO L263 TraceCheckUtils]: 0: Hoare triple {2430#true} call ULTIMATE.init(); {2430#true} is VALID [2020-07-10 15:09:22,180 INFO L280 TraceCheckUtils]: 1: Hoare triple {2430#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2430#true} is VALID [2020-07-10 15:09:22,181 INFO L280 TraceCheckUtils]: 2: Hoare triple {2430#true} assume true; {2430#true} is VALID [2020-07-10 15:09:22,181 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2430#true} {2430#true} #225#return; {2430#true} is VALID [2020-07-10 15:09:22,181 INFO L263 TraceCheckUtils]: 4: Hoare triple {2430#true} call #t~ret41 := main(); {2430#true} is VALID [2020-07-10 15:09:22,181 INFO L280 TraceCheckUtils]: 5: Hoare triple {2430#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {2430#true} is VALID [2020-07-10 15:09:22,182 INFO L280 TraceCheckUtils]: 6: Hoare triple {2430#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {2430#true} is VALID [2020-07-10 15:09:22,182 INFO L280 TraceCheckUtils]: 7: Hoare triple {2430#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {2430#true} is VALID [2020-07-10 15:09:22,182 INFO L280 TraceCheckUtils]: 8: Hoare triple {2430#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {2430#true} is VALID [2020-07-10 15:09:22,182 INFO L280 TraceCheckUtils]: 9: Hoare triple {2430#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2430#true} is VALID [2020-07-10 15:09:22,182 INFO L280 TraceCheckUtils]: 10: Hoare triple {2430#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {2430#true} is VALID [2020-07-10 15:09:22,183 INFO L280 TraceCheckUtils]: 11: Hoare triple {2430#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {2430#true} is VALID [2020-07-10 15:09:22,183 INFO L280 TraceCheckUtils]: 12: Hoare triple {2430#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {2430#true} is VALID [2020-07-10 15:09:22,183 INFO L280 TraceCheckUtils]: 13: Hoare triple {2430#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {2430#true} is VALID [2020-07-10 15:09:22,183 INFO L280 TraceCheckUtils]: 14: Hoare triple {2430#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2430#true} is VALID [2020-07-10 15:09:22,183 INFO L280 TraceCheckUtils]: 15: Hoare triple {2430#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {2430#true} is VALID [2020-07-10 15:09:22,184 INFO L280 TraceCheckUtils]: 16: Hoare triple {2430#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {2435#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:22,185 INFO L280 TraceCheckUtils]: 17: Hoare triple {2435#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {2435#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:22,185 INFO L280 TraceCheckUtils]: 18: Hoare triple {2435#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:22,186 INFO L280 TraceCheckUtils]: 19: Hoare triple {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:22,189 INFO L280 TraceCheckUtils]: 20: Hoare triple {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet30);havoc #t~nondet30;call write~int(1, ~p~0.base, ~p~0.offset, 4);call #t~malloc31.base, #t~malloc31.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc31.base, #t~malloc31.offset; {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:22,191 INFO L280 TraceCheckUtils]: 21: Hoare triple {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:22,192 INFO L280 TraceCheckUtils]: 22: Hoare triple {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem32.base, #t~mem32.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem32.base, #t~mem32.offset;havoc #t~mem32.base, #t~mem32.offset; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:22,193 INFO L280 TraceCheckUtils]: 23: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:22,194 INFO L280 TraceCheckUtils]: 24: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:22,194 INFO L280 TraceCheckUtils]: 25: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:22,195 INFO L280 TraceCheckUtils]: 26: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet33);havoc #t~nondet33; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:22,197 INFO L280 TraceCheckUtils]: 27: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} is VALID [2020-07-10 15:09:22,198 INFO L280 TraceCheckUtils]: 28: Hoare triple {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} is VALID [2020-07-10 15:09:22,199 INFO L280 TraceCheckUtils]: 29: Hoare triple {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} assume !(2 == #t~mem36);havoc #t~mem36; {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} is VALID [2020-07-10 15:09:22,199 INFO L280 TraceCheckUtils]: 30: Hoare triple {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {2440#(= |main_#t~mem38| 1)} is VALID [2020-07-10 15:09:22,200 INFO L280 TraceCheckUtils]: 31: Hoare triple {2440#(= |main_#t~mem38| 1)} assume !(1 == #t~mem38);havoc #t~mem38; {2431#false} is VALID [2020-07-10 15:09:22,200 INFO L280 TraceCheckUtils]: 32: Hoare triple {2431#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {2431#false} is VALID [2020-07-10 15:09:22,200 INFO L280 TraceCheckUtils]: 33: Hoare triple {2431#false} assume 3 != #t~mem40;havoc #t~mem40; {2431#false} is VALID [2020-07-10 15:09:22,200 INFO L280 TraceCheckUtils]: 34: Hoare triple {2431#false} assume !false; {2431#false} is VALID [2020-07-10 15:09:22,203 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:22,203 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-10 15:09:22,203 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 8] total 10 [2020-07-10 15:09:22,204 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1762228409] [2020-07-10 15:09:22,204 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 35 [2020-07-10 15:09:22,204 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:22,205 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states. [2020-07-10 15:09:22,265 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:22,266 INFO L459 AbstractCegarLoop]: Interpolant automaton has 10 states [2020-07-10 15:09:22,266 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:22,266 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2020-07-10 15:09:22,266 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=70, Unknown=0, NotChecked=0, Total=90 [2020-07-10 15:09:22,267 INFO L87 Difference]: Start difference. First operand 68 states and 92 transitions. Second operand 10 states. [2020-07-10 15:09:23,450 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:23,450 INFO L93 Difference]: Finished difference Result 95 states and 123 transitions. [2020-07-10 15:09:23,450 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2020-07-10 15:09:23,450 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 35 [2020-07-10 15:09:23,451 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:23,451 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-10 15:09:23,454 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 102 transitions. [2020-07-10 15:09:23,454 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-10 15:09:23,457 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 102 transitions. [2020-07-10 15:09:23,457 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 102 transitions. [2020-07-10 15:09:23,604 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:23,606 INFO L225 Difference]: With dead ends: 95 [2020-07-10 15:09:23,606 INFO L226 Difference]: Without dead ends: 91 [2020-07-10 15:09:23,607 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 35 SyntacticMatches, 1 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 23 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=58, Invalid=182, Unknown=0, NotChecked=0, Total=240 [2020-07-10 15:09:23,608 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 91 states. [2020-07-10 15:09:23,640 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 91 to 79. [2020-07-10 15:09:23,640 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:23,641 INFO L82 GeneralOperation]: Start isEquivalent. First operand 91 states. Second operand 79 states. [2020-07-10 15:09:23,641 INFO L74 IsIncluded]: Start isIncluded. First operand 91 states. Second operand 79 states. [2020-07-10 15:09:23,641 INFO L87 Difference]: Start difference. First operand 91 states. Second operand 79 states. [2020-07-10 15:09:23,648 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:23,648 INFO L93 Difference]: Finished difference Result 91 states and 119 transitions. [2020-07-10 15:09:23,648 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 119 transitions. [2020-07-10 15:09:23,649 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:23,649 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:23,649 INFO L74 IsIncluded]: Start isIncluded. First operand 79 states. Second operand 91 states. [2020-07-10 15:09:23,649 INFO L87 Difference]: Start difference. First operand 79 states. Second operand 91 states. [2020-07-10 15:09:23,653 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:23,653 INFO L93 Difference]: Finished difference Result 91 states and 119 transitions. [2020-07-10 15:09:23,653 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 119 transitions. [2020-07-10 15:09:23,654 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:23,654 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:23,654 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:23,654 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:23,654 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 79 states. [2020-07-10 15:09:23,657 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 106 transitions. [2020-07-10 15:09:23,658 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 106 transitions. Word has length 35 [2020-07-10 15:09:23,658 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:23,658 INFO L479 AbstractCegarLoop]: Abstraction has 79 states and 106 transitions. [2020-07-10 15:09:23,659 INFO L480 AbstractCegarLoop]: Interpolant automaton has 10 states. [2020-07-10 15:09:23,660 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 106 transitions. [2020-07-10 15:09:23,661 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2020-07-10 15:09:23,661 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:23,662 INFO L422 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:23,874 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7,3 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:23,875 INFO L427 AbstractCegarLoop]: === Iteration 9 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:23,876 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:23,876 INFO L82 PathProgramCache]: Analyzing trace with hash -169587242, now seen corresponding path program 1 times [2020-07-10 15:09:23,877 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:23,877 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [208612580] [2020-07-10 15:09:23,877 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:23,920 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:24,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:24,269 INFO L280 TraceCheckUtils]: 0: Hoare triple {2960#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2948#true} is VALID [2020-07-10 15:09:24,270 INFO L280 TraceCheckUtils]: 1: Hoare triple {2948#true} assume true; {2948#true} is VALID [2020-07-10 15:09:24,270 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2948#true} {2948#true} #225#return; {2948#true} is VALID [2020-07-10 15:09:24,270 INFO L263 TraceCheckUtils]: 0: Hoare triple {2948#true} call ULTIMATE.init(); {2960#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:24,271 INFO L280 TraceCheckUtils]: 1: Hoare triple {2960#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2948#true} is VALID [2020-07-10 15:09:24,271 INFO L280 TraceCheckUtils]: 2: Hoare triple {2948#true} assume true; {2948#true} is VALID [2020-07-10 15:09:24,271 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2948#true} {2948#true} #225#return; {2948#true} is VALID [2020-07-10 15:09:24,271 INFO L263 TraceCheckUtils]: 4: Hoare triple {2948#true} call #t~ret41 := main(); {2948#true} is VALID [2020-07-10 15:09:24,271 INFO L280 TraceCheckUtils]: 5: Hoare triple {2948#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {2948#true} is VALID [2020-07-10 15:09:24,271 INFO L280 TraceCheckUtils]: 6: Hoare triple {2948#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {2948#true} is VALID [2020-07-10 15:09:24,272 INFO L280 TraceCheckUtils]: 7: Hoare triple {2948#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {2948#true} is VALID [2020-07-10 15:09:24,272 INFO L280 TraceCheckUtils]: 8: Hoare triple {2948#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {2948#true} is VALID [2020-07-10 15:09:24,272 INFO L280 TraceCheckUtils]: 9: Hoare triple {2948#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2948#true} is VALID [2020-07-10 15:09:24,272 INFO L280 TraceCheckUtils]: 10: Hoare triple {2948#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {2948#true} is VALID [2020-07-10 15:09:24,272 INFO L280 TraceCheckUtils]: 11: Hoare triple {2948#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {2948#true} is VALID [2020-07-10 15:09:24,273 INFO L280 TraceCheckUtils]: 12: Hoare triple {2948#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {2948#true} is VALID [2020-07-10 15:09:24,273 INFO L280 TraceCheckUtils]: 13: Hoare triple {2948#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {2948#true} is VALID [2020-07-10 15:09:24,273 INFO L280 TraceCheckUtils]: 14: Hoare triple {2948#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2948#true} is VALID [2020-07-10 15:09:24,273 INFO L280 TraceCheckUtils]: 15: Hoare triple {2948#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {2948#true} is VALID [2020-07-10 15:09:24,275 INFO L280 TraceCheckUtils]: 16: Hoare triple {2948#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {2953#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:24,275 INFO L280 TraceCheckUtils]: 17: Hoare triple {2953#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {2953#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:24,276 INFO L280 TraceCheckUtils]: 18: Hoare triple {2953#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:24,277 INFO L280 TraceCheckUtils]: 19: Hoare triple {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:24,278 INFO L280 TraceCheckUtils]: 20: Hoare triple {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:24,279 INFO L280 TraceCheckUtils]: 21: Hoare triple {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:24,280 INFO L280 TraceCheckUtils]: 22: Hoare triple {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {2955#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:24,281 INFO L280 TraceCheckUtils]: 23: Hoare triple {2955#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {2955#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:24,283 INFO L280 TraceCheckUtils]: 24: Hoare triple {2955#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,284 INFO L280 TraceCheckUtils]: 25: Hoare triple {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,285 INFO L280 TraceCheckUtils]: 26: Hoare triple {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,286 INFO L280 TraceCheckUtils]: 27: Hoare triple {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2957#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-10 15:09:24,287 INFO L280 TraceCheckUtils]: 28: Hoare triple {2957#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {2957#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-10 15:09:24,287 INFO L280 TraceCheckUtils]: 29: Hoare triple {2957#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,288 INFO L280 TraceCheckUtils]: 30: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,288 INFO L280 TraceCheckUtils]: 31: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,288 INFO L280 TraceCheckUtils]: 32: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,289 INFO L280 TraceCheckUtils]: 33: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(1 == #t~mem38);havoc #t~mem38; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,289 INFO L280 TraceCheckUtils]: 34: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {2959#(= |main_#t~mem40| 3)} is VALID [2020-07-10 15:09:24,290 INFO L280 TraceCheckUtils]: 35: Hoare triple {2959#(= |main_#t~mem40| 3)} assume 3 != #t~mem40;havoc #t~mem40; {2949#false} is VALID [2020-07-10 15:09:24,290 INFO L280 TraceCheckUtils]: 36: Hoare triple {2949#false} assume !false; {2949#false} is VALID [2020-07-10 15:09:24,294 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:24,294 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [208612580] [2020-07-10 15:09:24,294 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [960883682] [2020-07-10 15:09:24,294 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:24,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:24,402 INFO L264 TraceCheckSpWp]: Trace formula consists of 166 conjuncts, 35 conjunts are in the unsatisfiable core [2020-07-10 15:09:24,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:24,421 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-10 15:09:24,457 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-10 15:09:24,458 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,460 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:24,460 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,461 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2020-07-10 15:09:24,462 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:24,463 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_25|]. (= |#valid| (store |v_#valid_25| main_~a~0.base 1)) [2020-07-10 15:09:24,463 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 1 (select |#valid| main_~a~0.base)) [2020-07-10 15:09:24,535 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:24,535 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 15 [2020-07-10 15:09:24,536 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,541 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:24,541 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,542 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:17, output treesize:11 [2020-07-10 15:09:24,544 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:24,544 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_26|]. (and (= main_~a~0.base main_~p~0.base) (= 0 (select |v_#valid_26| main_~t~0.base)) (= 1 (select |v_#valid_26| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-10 15:09:24,544 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)) [2020-07-10 15:09:24,605 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 9 [2020-07-10 15:09:24,606 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,622 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:24,632 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 9 [2020-07-10 15:09:24,632 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,641 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:24,649 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,649 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:49, output treesize:29 [2020-07-10 15:09:24,654 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:24,654 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.offset_42|, main_~t~0.offset, main_~t~0.base, |v_#memory_$Pointer$.base_44|]. (let ((.cse0 (+ main_~a~0.offset 4))) (and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse0)) (not (= main_~t~0.base main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse0)) (= (store |v_#memory_$Pointer$.offset_42| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_42| main_~a~0.base) .cse0 main_~t~0.offset)) |#memory_$Pointer$.offset|) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_44| main_~a~0.base (store (select |v_#memory_$Pointer$.base_44| main_~a~0.base) .cse0 main_~t~0.base))))) [2020-07-10 15:09:24,655 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (+ main_~a~0.offset 4))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse1))) (and (= main_~p~0.base .cse0) (not (= main_~a~0.base .cse0)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse1))))) [2020-07-10 15:09:24,712 INFO L440 ElimStorePlain]: Different costs {0=[|v_#memory_int_42|], 2=[|v_#memory_$Pointer$.base_45|, |v_#memory_$Pointer$.offset_43|]} [2020-07-10 15:09:24,719 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 19 [2020-07-10 15:09:24,720 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,732 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:24,755 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:24,756 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 120 treesize of output 132 [2020-07-10 15:09:24,765 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[5, 3, 2, 1] term [2020-07-10 15:09:24,766 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 5 disjuncts [2020-07-10 15:09:24,768 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,788 INFO L624 ElimStorePlain]: treesize reduction 48, result has 61.0 percent of original size [2020-07-10 15:09:24,794 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 65 treesize of output 49 [2020-07-10 15:09:24,799 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,805 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:24,805 INFO L544 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,806 INFO L244 ElimStorePlain]: Needed 4 recursive calls to eliminate 3 variables, input treesize:130, output treesize:30 [2020-07-10 15:09:24,814 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:24,814 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_45|, |v_#memory_int_42|, |v_#memory_$Pointer$.offset_43|]. (let ((.cse2 (+ main_~p~0.offset 4))) (let ((.cse0 (select (select |v_#memory_$Pointer$.base_45| main_~p~0.base) .cse2)) (.cse1 (select (select |v_#memory_$Pointer$.offset_43| main_~p~0.base) .cse2))) (and (not (= main_~p~0.base .cse0)) (= (store |v_#memory_$Pointer$.offset_43| .cse0 (store (select |v_#memory_$Pointer$.offset_43| .cse0) .cse1 (select (select |#memory_$Pointer$.offset| .cse0) .cse1))) |#memory_$Pointer$.offset|) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_45| .cse0 (store (select |v_#memory_$Pointer$.base_45| .cse0) .cse1 (select (select |#memory_$Pointer$.base| .cse0) .cse1)))) (= |#memory_int| (store |v_#memory_int_42| .cse0 (store (select |v_#memory_int_42| .cse0) .cse1 3)))))) [2020-07-10 15:09:24,815 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (+ main_~p~0.offset 4))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~p~0.base) .cse1))) (and (not (= .cse0 main_~p~0.base)) (= 3 (select (select |#memory_int| .cse0) (select (select |#memory_$Pointer$.offset| main_~p~0.base) .cse1)))))) [2020-07-10 15:09:24,867 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 21 [2020-07-10 15:09:24,868 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,877 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:24,881 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 11 [2020-07-10 15:09:24,886 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,890 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:24,891 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,892 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:48, output treesize:7 [2020-07-10 15:09:24,894 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:24,894 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_23, v_main_~p~0.offset_23, |#memory_$Pointer$.offset|]. (let ((.cse2 (+ v_main_~p~0.offset_23 4))) (let ((.cse0 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_23) .cse2)) (.cse1 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_23) .cse2))) (and (= main_~p~0.offset .cse0) (= main_~p~0.base .cse1) (= 3 (select (select |#memory_int| .cse1) .cse0)) (not (= v_main_~p~0.base_23 .cse1))))) [2020-07-10 15:09:24,894 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) [2020-07-10 15:09:24,907 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2020-07-10 15:09:24,909 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,910 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:24,911 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:24,911 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:15, output treesize:3 [2020-07-10 15:09:24,913 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:24,913 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (= 3 .cse0) (= |main_#t~mem40| .cse0))) [2020-07-10 15:09:24,913 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem40| 3) [2020-07-10 15:09:24,914 INFO L263 TraceCheckUtils]: 0: Hoare triple {2948#true} call ULTIMATE.init(); {2948#true} is VALID [2020-07-10 15:09:24,915 INFO L280 TraceCheckUtils]: 1: Hoare triple {2948#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2948#true} is VALID [2020-07-10 15:09:24,915 INFO L280 TraceCheckUtils]: 2: Hoare triple {2948#true} assume true; {2948#true} is VALID [2020-07-10 15:09:24,915 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2948#true} {2948#true} #225#return; {2948#true} is VALID [2020-07-10 15:09:24,915 INFO L263 TraceCheckUtils]: 4: Hoare triple {2948#true} call #t~ret41 := main(); {2948#true} is VALID [2020-07-10 15:09:24,915 INFO L280 TraceCheckUtils]: 5: Hoare triple {2948#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {2948#true} is VALID [2020-07-10 15:09:24,916 INFO L280 TraceCheckUtils]: 6: Hoare triple {2948#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {2948#true} is VALID [2020-07-10 15:09:24,916 INFO L280 TraceCheckUtils]: 7: Hoare triple {2948#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {2948#true} is VALID [2020-07-10 15:09:24,916 INFO L280 TraceCheckUtils]: 8: Hoare triple {2948#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {2948#true} is VALID [2020-07-10 15:09:24,916 INFO L280 TraceCheckUtils]: 9: Hoare triple {2948#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2948#true} is VALID [2020-07-10 15:09:24,916 INFO L280 TraceCheckUtils]: 10: Hoare triple {2948#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {2948#true} is VALID [2020-07-10 15:09:24,917 INFO L280 TraceCheckUtils]: 11: Hoare triple {2948#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {2948#true} is VALID [2020-07-10 15:09:24,917 INFO L280 TraceCheckUtils]: 12: Hoare triple {2948#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {2948#true} is VALID [2020-07-10 15:09:24,917 INFO L280 TraceCheckUtils]: 13: Hoare triple {2948#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {2948#true} is VALID [2020-07-10 15:09:24,917 INFO L280 TraceCheckUtils]: 14: Hoare triple {2948#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2948#true} is VALID [2020-07-10 15:09:24,918 INFO L280 TraceCheckUtils]: 15: Hoare triple {2948#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {2948#true} is VALID [2020-07-10 15:09:24,919 INFO L280 TraceCheckUtils]: 16: Hoare triple {2948#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {3012#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:24,919 INFO L280 TraceCheckUtils]: 17: Hoare triple {3012#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {3012#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:24,920 INFO L280 TraceCheckUtils]: 18: Hoare triple {3012#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:24,920 INFO L280 TraceCheckUtils]: 19: Hoare triple {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:24,921 INFO L280 TraceCheckUtils]: 20: Hoare triple {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:24,921 INFO L280 TraceCheckUtils]: 21: Hoare triple {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:24,922 INFO L280 TraceCheckUtils]: 22: Hoare triple {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {3032#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:24,923 INFO L280 TraceCheckUtils]: 23: Hoare triple {3032#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {3032#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:24,924 INFO L280 TraceCheckUtils]: 24: Hoare triple {3032#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-10 15:09:24,925 INFO L280 TraceCheckUtils]: 25: Hoare triple {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-10 15:09:24,926 INFO L280 TraceCheckUtils]: 26: Hoare triple {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} assume !(0 != #t~nondet33);havoc #t~nondet33; {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-10 15:09:24,928 INFO L280 TraceCheckUtils]: 27: Hoare triple {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3049#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-10 15:09:24,928 INFO L280 TraceCheckUtils]: 28: Hoare triple {3049#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {3049#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-10 15:09:24,929 INFO L280 TraceCheckUtils]: 29: Hoare triple {3049#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,929 INFO L280 TraceCheckUtils]: 30: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,930 INFO L280 TraceCheckUtils]: 31: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,931 INFO L280 TraceCheckUtils]: 32: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,934 INFO L280 TraceCheckUtils]: 33: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(1 == #t~mem38);havoc #t~mem38; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:24,935 INFO L280 TraceCheckUtils]: 34: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {2959#(= |main_#t~mem40| 3)} is VALID [2020-07-10 15:09:24,936 INFO L280 TraceCheckUtils]: 35: Hoare triple {2959#(= |main_#t~mem40| 3)} assume 3 != #t~mem40;havoc #t~mem40; {2949#false} is VALID [2020-07-10 15:09:24,936 INFO L280 TraceCheckUtils]: 36: Hoare triple {2949#false} assume !false; {2949#false} is VALID [2020-07-10 15:09:24,938 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:24,939 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-10 15:09:24,939 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 9] total 15 [2020-07-10 15:09:24,939 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1880922644] [2020-07-10 15:09:24,939 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 37 [2020-07-10 15:09:24,940 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:24,940 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states. [2020-07-10 15:09:25,020 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 53 edges. 53 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:25,020 INFO L459 AbstractCegarLoop]: Interpolant automaton has 15 states [2020-07-10 15:09:25,021 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:25,021 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2020-07-10 15:09:25,021 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=34, Invalid=176, Unknown=0, NotChecked=0, Total=210 [2020-07-10 15:09:25,021 INFO L87 Difference]: Start difference. First operand 79 states and 106 transitions. Second operand 15 states. [2020-07-10 15:09:27,094 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:27,094 INFO L93 Difference]: Finished difference Result 99 states and 128 transitions. [2020-07-10 15:09:27,095 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2020-07-10 15:09:27,095 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 37 [2020-07-10 15:09:27,095 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:27,095 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2020-07-10 15:09:27,098 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 107 transitions. [2020-07-10 15:09:27,098 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2020-07-10 15:09:27,100 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 107 transitions. [2020-07-10 15:09:27,100 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 107 transitions. [2020-07-10 15:09:27,304 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 107 edges. 107 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:27,309 INFO L225 Difference]: With dead ends: 99 [2020-07-10 15:09:27,310 INFO L226 Difference]: Without dead ends: 95 [2020-07-10 15:09:27,310 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 35 SyntacticMatches, 0 SemanticMatches, 18 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 32 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=74, Invalid=306, Unknown=0, NotChecked=0, Total=380 [2020-07-10 15:09:27,311 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 95 states. [2020-07-10 15:09:27,358 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 95 to 83. [2020-07-10 15:09:27,358 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:27,359 INFO L82 GeneralOperation]: Start isEquivalent. First operand 95 states. Second operand 83 states. [2020-07-10 15:09:27,359 INFO L74 IsIncluded]: Start isIncluded. First operand 95 states. Second operand 83 states. [2020-07-10 15:09:27,359 INFO L87 Difference]: Start difference. First operand 95 states. Second operand 83 states. [2020-07-10 15:09:27,364 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:27,364 INFO L93 Difference]: Finished difference Result 95 states and 124 transitions. [2020-07-10 15:09:27,364 INFO L276 IsEmpty]: Start isEmpty. Operand 95 states and 124 transitions. [2020-07-10 15:09:27,365 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:27,365 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:27,365 INFO L74 IsIncluded]: Start isIncluded. First operand 83 states. Second operand 95 states. [2020-07-10 15:09:27,365 INFO L87 Difference]: Start difference. First operand 83 states. Second operand 95 states. [2020-07-10 15:09:27,368 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:27,369 INFO L93 Difference]: Finished difference Result 95 states and 124 transitions. [2020-07-10 15:09:27,369 INFO L276 IsEmpty]: Start isEmpty. Operand 95 states and 124 transitions. [2020-07-10 15:09:27,369 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:27,369 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:27,370 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:27,370 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:27,370 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 83 states. [2020-07-10 15:09:27,372 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 83 states to 83 states and 111 transitions. [2020-07-10 15:09:27,373 INFO L78 Accepts]: Start accepts. Automaton has 83 states and 111 transitions. Word has length 37 [2020-07-10 15:09:27,373 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:27,373 INFO L479 AbstractCegarLoop]: Abstraction has 83 states and 111 transitions. [2020-07-10 15:09:27,373 INFO L480 AbstractCegarLoop]: Interpolant automaton has 15 states. [2020-07-10 15:09:27,373 INFO L276 IsEmpty]: Start isEmpty. Operand 83 states and 111 transitions. [2020-07-10 15:09:27,374 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2020-07-10 15:09:27,374 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:27,374 INFO L422 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:27,587 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,4 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:27,588 INFO L427 AbstractCegarLoop]: === Iteration 10 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:27,588 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:27,589 INFO L82 PathProgramCache]: Analyzing trace with hash 284097905, now seen corresponding path program 1 times [2020-07-10 15:09:27,589 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:27,589 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [218156845] [2020-07-10 15:09:27,590 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:27,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:27,849 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:27,859 INFO L280 TraceCheckUtils]: 0: Hoare triple {3505#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {3493#true} is VALID [2020-07-10 15:09:27,860 INFO L280 TraceCheckUtils]: 1: Hoare triple {3493#true} assume true; {3493#true} is VALID [2020-07-10 15:09:27,860 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {3493#true} {3493#true} #225#return; {3493#true} is VALID [2020-07-10 15:09:27,861 INFO L263 TraceCheckUtils]: 0: Hoare triple {3493#true} call ULTIMATE.init(); {3505#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:27,861 INFO L280 TraceCheckUtils]: 1: Hoare triple {3505#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {3493#true} is VALID [2020-07-10 15:09:27,862 INFO L280 TraceCheckUtils]: 2: Hoare triple {3493#true} assume true; {3493#true} is VALID [2020-07-10 15:09:27,862 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {3493#true} {3493#true} #225#return; {3493#true} is VALID [2020-07-10 15:09:27,862 INFO L263 TraceCheckUtils]: 4: Hoare triple {3493#true} call #t~ret41 := main(); {3493#true} is VALID [2020-07-10 15:09:27,862 INFO L280 TraceCheckUtils]: 5: Hoare triple {3493#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {3493#true} is VALID [2020-07-10 15:09:27,862 INFO L280 TraceCheckUtils]: 6: Hoare triple {3493#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {3493#true} is VALID [2020-07-10 15:09:27,863 INFO L280 TraceCheckUtils]: 7: Hoare triple {3493#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {3493#true} is VALID [2020-07-10 15:09:27,863 INFO L280 TraceCheckUtils]: 8: Hoare triple {3493#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {3493#true} is VALID [2020-07-10 15:09:27,863 INFO L280 TraceCheckUtils]: 9: Hoare triple {3493#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {3493#true} is VALID [2020-07-10 15:09:27,863 INFO L280 TraceCheckUtils]: 10: Hoare triple {3493#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {3493#true} is VALID [2020-07-10 15:09:27,863 INFO L280 TraceCheckUtils]: 11: Hoare triple {3493#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {3493#true} is VALID [2020-07-10 15:09:27,864 INFO L280 TraceCheckUtils]: 12: Hoare triple {3493#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {3493#true} is VALID [2020-07-10 15:09:27,864 INFO L280 TraceCheckUtils]: 13: Hoare triple {3493#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {3493#true} is VALID [2020-07-10 15:09:27,864 INFO L280 TraceCheckUtils]: 14: Hoare triple {3493#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {3493#true} is VALID [2020-07-10 15:09:27,864 INFO L280 TraceCheckUtils]: 15: Hoare triple {3493#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {3493#true} is VALID [2020-07-10 15:09:27,866 INFO L280 TraceCheckUtils]: 16: Hoare triple {3493#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {3498#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:27,867 INFO L280 TraceCheckUtils]: 17: Hoare triple {3498#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {3498#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:27,867 INFO L280 TraceCheckUtils]: 18: Hoare triple {3498#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:27,870 INFO L280 TraceCheckUtils]: 19: Hoare triple {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:27,871 INFO L280 TraceCheckUtils]: 20: Hoare triple {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:27,872 INFO L280 TraceCheckUtils]: 21: Hoare triple {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:27,873 INFO L280 TraceCheckUtils]: 22: Hoare triple {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {3500#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:27,874 INFO L280 TraceCheckUtils]: 23: Hoare triple {3500#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {3500#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:27,876 INFO L280 TraceCheckUtils]: 24: Hoare triple {3500#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:27,877 INFO L280 TraceCheckUtils]: 25: Hoare triple {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:27,878 INFO L280 TraceCheckUtils]: 26: Hoare triple {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:27,879 INFO L280 TraceCheckUtils]: 27: Hoare triple {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3502#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-10 15:09:27,880 INFO L280 TraceCheckUtils]: 28: Hoare triple {3502#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {3502#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-10 15:09:27,881 INFO L280 TraceCheckUtils]: 29: Hoare triple {3502#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:27,883 INFO L280 TraceCheckUtils]: 30: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:27,883 INFO L280 TraceCheckUtils]: 31: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:27,884 INFO L280 TraceCheckUtils]: 32: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {3504#(= |main_#t~mem38| 3)} is VALID [2020-07-10 15:09:27,885 INFO L280 TraceCheckUtils]: 33: Hoare triple {3504#(= |main_#t~mem38| 3)} assume !!(1 == #t~mem38);havoc #t~mem38;call #t~mem39.base, #t~mem39.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem39.base, #t~mem39.offset;havoc #t~mem39.base, #t~mem39.offset; {3494#false} is VALID [2020-07-10 15:09:27,885 INFO L280 TraceCheckUtils]: 34: Hoare triple {3494#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {3494#false} is VALID [2020-07-10 15:09:27,885 INFO L280 TraceCheckUtils]: 35: Hoare triple {3494#false} assume !(1 == #t~mem38);havoc #t~mem38; {3494#false} is VALID [2020-07-10 15:09:27,885 INFO L280 TraceCheckUtils]: 36: Hoare triple {3494#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {3494#false} is VALID [2020-07-10 15:09:27,885 INFO L280 TraceCheckUtils]: 37: Hoare triple {3494#false} assume 3 != #t~mem40;havoc #t~mem40; {3494#false} is VALID [2020-07-10 15:09:27,886 INFO L280 TraceCheckUtils]: 38: Hoare triple {3494#false} assume !false; {3494#false} is VALID [2020-07-10 15:09:27,889 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 2 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:27,890 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [218156845] [2020-07-10 15:09:27,890 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1515883801] [2020-07-10 15:09:27,890 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:28,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:28,013 INFO L264 TraceCheckSpWp]: Trace formula consists of 174 conjuncts, 34 conjunts are in the unsatisfiable core [2020-07-10 15:09:28,034 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:28,036 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-10 15:09:28,064 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-10 15:09:28,064 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,067 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:28,067 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,067 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2020-07-10 15:09:28,069 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:28,070 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_27|]. (= |#valid| (store |v_#valid_27| main_~a~0.base 1)) [2020-07-10 15:09:28,070 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 1 (select |#valid| main_~a~0.base)) [2020-07-10 15:09:28,145 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:28,146 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 15 [2020-07-10 15:09:28,147 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,154 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:28,154 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,154 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:17, output treesize:11 [2020-07-10 15:09:28,156 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:28,157 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_28|]. (and (= 0 (select |v_#valid_28| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select |v_#valid_28| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-10 15:09:28,157 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)) [2020-07-10 15:09:28,223 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 9 [2020-07-10 15:09:28,223 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,234 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:28,240 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 9 [2020-07-10 15:09:28,240 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,252 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:28,254 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,254 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:49, output treesize:29 [2020-07-10 15:09:28,262 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:28,262 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_46|, main_~t~0.base, |v_#memory_$Pointer$.offset_44|, main_~t~0.offset]. (let ((.cse0 (+ main_~a~0.offset 4))) (and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse0)) (not (= main_~t~0.base main_~a~0.base)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_46| main_~a~0.base (store (select |v_#memory_$Pointer$.base_46| main_~a~0.base) .cse0 main_~t~0.base))) (= (store |v_#memory_$Pointer$.offset_44| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_44| main_~a~0.base) .cse0 main_~t~0.offset)) |#memory_$Pointer$.offset|) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse0)))) [2020-07-10 15:09:28,262 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (+ main_~a~0.offset 4))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse1))) (and (= main_~p~0.base .cse0) (not (= main_~a~0.base .cse0)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse1))))) [2020-07-10 15:09:28,317 INFO L440 ElimStorePlain]: Different costs {0=[|v_#memory_int_43|], 2=[|v_#memory_$Pointer$.base_47|, |v_#memory_$Pointer$.offset_45|]} [2020-07-10 15:09:28,321 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 19 [2020-07-10 15:09:28,322 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,335 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:28,359 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:28,360 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 120 treesize of output 132 [2020-07-10 15:09:28,365 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[5, 3, 2, 1] term [2020-07-10 15:09:28,365 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 5 disjuncts [2020-07-10 15:09:28,368 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,388 INFO L624 ElimStorePlain]: treesize reduction 48, result has 61.0 percent of original size [2020-07-10 15:09:28,395 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 65 treesize of output 49 [2020-07-10 15:09:28,397 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,403 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:28,403 INFO L544 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,403 INFO L244 ElimStorePlain]: Needed 4 recursive calls to eliminate 3 variables, input treesize:130, output treesize:30 [2020-07-10 15:09:28,412 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:28,413 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_47|, |v_#memory_int_43|, |v_#memory_$Pointer$.offset_45|]. (let ((.cse2 (+ main_~p~0.offset 4))) (let ((.cse0 (select (select |v_#memory_$Pointer$.base_47| main_~p~0.base) .cse2)) (.cse1 (select (select |v_#memory_$Pointer$.offset_45| main_~p~0.base) .cse2))) (and (= (store |v_#memory_$Pointer$.offset_45| .cse0 (store (select |v_#memory_$Pointer$.offset_45| .cse0) .cse1 (select (select |#memory_$Pointer$.offset| .cse0) .cse1))) |#memory_$Pointer$.offset|) (= |#memory_int| (store |v_#memory_int_43| .cse0 (store (select |v_#memory_int_43| .cse0) .cse1 3))) (not (= main_~p~0.base .cse0)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_47| .cse0 (store (select |v_#memory_$Pointer$.base_47| .cse0) .cse1 (select (select |#memory_$Pointer$.base| .cse0) .cse1))))))) [2020-07-10 15:09:28,413 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (+ main_~p~0.offset 4))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~p~0.base) .cse1))) (and (not (= .cse0 main_~p~0.base)) (= 3 (select (select |#memory_int| .cse0) (select (select |#memory_$Pointer$.offset| main_~p~0.base) .cse1)))))) [2020-07-10 15:09:28,462 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 21 [2020-07-10 15:09:28,465 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,471 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:28,478 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 11 [2020-07-10 15:09:28,479 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,484 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:28,489 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,489 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:48, output treesize:7 [2020-07-10 15:09:28,491 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:28,491 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_26, v_main_~p~0.offset_26, |#memory_$Pointer$.offset|]. (let ((.cse2 (+ v_main_~p~0.offset_26 4))) (let ((.cse0 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_26) .cse2)) (.cse1 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_26) .cse2))) (and (not (= v_main_~p~0.base_26 .cse0)) (= .cse1 main_~p~0.offset) (= main_~p~0.base .cse0) (= 3 (select (select |#memory_int| .cse0) .cse1))))) [2020-07-10 15:09:28,491 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) [2020-07-10 15:09:28,504 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2020-07-10 15:09:28,506 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,508 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:28,509 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:28,509 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:15, output treesize:3 [2020-07-10 15:09:28,511 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:28,512 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (= 3 .cse0) (<= .cse0 |main_#t~mem38|))) [2020-07-10 15:09:28,512 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (<= 3 |main_#t~mem38|) [2020-07-10 15:09:28,539 INFO L263 TraceCheckUtils]: 0: Hoare triple {3493#true} call ULTIMATE.init(); {3493#true} is VALID [2020-07-10 15:09:28,539 INFO L280 TraceCheckUtils]: 1: Hoare triple {3493#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {3493#true} is VALID [2020-07-10 15:09:28,540 INFO L280 TraceCheckUtils]: 2: Hoare triple {3493#true} assume true; {3493#true} is VALID [2020-07-10 15:09:28,540 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {3493#true} {3493#true} #225#return; {3493#true} is VALID [2020-07-10 15:09:28,540 INFO L263 TraceCheckUtils]: 4: Hoare triple {3493#true} call #t~ret41 := main(); {3493#true} is VALID [2020-07-10 15:09:28,540 INFO L280 TraceCheckUtils]: 5: Hoare triple {3493#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {3493#true} is VALID [2020-07-10 15:09:28,540 INFO L280 TraceCheckUtils]: 6: Hoare triple {3493#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {3493#true} is VALID [2020-07-10 15:09:28,541 INFO L280 TraceCheckUtils]: 7: Hoare triple {3493#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {3493#true} is VALID [2020-07-10 15:09:28,541 INFO L280 TraceCheckUtils]: 8: Hoare triple {3493#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {3493#true} is VALID [2020-07-10 15:09:28,541 INFO L280 TraceCheckUtils]: 9: Hoare triple {3493#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {3493#true} is VALID [2020-07-10 15:09:28,541 INFO L280 TraceCheckUtils]: 10: Hoare triple {3493#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {3493#true} is VALID [2020-07-10 15:09:28,542 INFO L280 TraceCheckUtils]: 11: Hoare triple {3493#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {3493#true} is VALID [2020-07-10 15:09:28,542 INFO L280 TraceCheckUtils]: 12: Hoare triple {3493#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {3493#true} is VALID [2020-07-10 15:09:28,542 INFO L280 TraceCheckUtils]: 13: Hoare triple {3493#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {3493#true} is VALID [2020-07-10 15:09:28,542 INFO L280 TraceCheckUtils]: 14: Hoare triple {3493#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {3493#true} is VALID [2020-07-10 15:09:28,542 INFO L280 TraceCheckUtils]: 15: Hoare triple {3493#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {3493#true} is VALID [2020-07-10 15:09:28,544 INFO L280 TraceCheckUtils]: 16: Hoare triple {3493#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {3557#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:28,544 INFO L280 TraceCheckUtils]: 17: Hoare triple {3557#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {3557#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:28,545 INFO L280 TraceCheckUtils]: 18: Hoare triple {3557#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:28,546 INFO L280 TraceCheckUtils]: 19: Hoare triple {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:28,546 INFO L280 TraceCheckUtils]: 20: Hoare triple {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:28,547 INFO L280 TraceCheckUtils]: 21: Hoare triple {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:28,547 INFO L280 TraceCheckUtils]: 22: Hoare triple {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {3577#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:28,548 INFO L280 TraceCheckUtils]: 23: Hoare triple {3577#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {3577#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:28,549 INFO L280 TraceCheckUtils]: 24: Hoare triple {3577#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-10 15:09:28,550 INFO L280 TraceCheckUtils]: 25: Hoare triple {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-10 15:09:28,551 INFO L280 TraceCheckUtils]: 26: Hoare triple {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} assume !(0 != #t~nondet33);havoc #t~nondet33; {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-10 15:09:28,552 INFO L280 TraceCheckUtils]: 27: Hoare triple {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3594#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-10 15:09:28,553 INFO L280 TraceCheckUtils]: 28: Hoare triple {3594#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {3594#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-10 15:09:28,553 INFO L280 TraceCheckUtils]: 29: Hoare triple {3594#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:28,554 INFO L280 TraceCheckUtils]: 30: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:28,555 INFO L280 TraceCheckUtils]: 31: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:28,555 INFO L280 TraceCheckUtils]: 32: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {3610#(<= 3 |main_#t~mem38|)} is VALID [2020-07-10 15:09:28,556 INFO L280 TraceCheckUtils]: 33: Hoare triple {3610#(<= 3 |main_#t~mem38|)} assume !!(1 == #t~mem38);havoc #t~mem38;call #t~mem39.base, #t~mem39.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem39.base, #t~mem39.offset;havoc #t~mem39.base, #t~mem39.offset; {3494#false} is VALID [2020-07-10 15:09:28,556 INFO L280 TraceCheckUtils]: 34: Hoare triple {3494#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {3494#false} is VALID [2020-07-10 15:09:28,556 INFO L280 TraceCheckUtils]: 35: Hoare triple {3494#false} assume !(1 == #t~mem38);havoc #t~mem38; {3494#false} is VALID [2020-07-10 15:09:28,556 INFO L280 TraceCheckUtils]: 36: Hoare triple {3494#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {3494#false} is VALID [2020-07-10 15:09:28,556 INFO L280 TraceCheckUtils]: 37: Hoare triple {3494#false} assume 3 != #t~mem40;havoc #t~mem40; {3494#false} is VALID [2020-07-10 15:09:28,556 INFO L280 TraceCheckUtils]: 38: Hoare triple {3494#false} assume !false; {3494#false} is VALID [2020-07-10 15:09:28,559 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 2 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:28,559 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-10 15:09:28,559 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 9] total 16 [2020-07-10 15:09:28,559 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [928262940] [2020-07-10 15:09:28,560 INFO L78 Accepts]: Start accepts. Automaton has 16 states. Word has length 39 [2020-07-10 15:09:28,560 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:28,560 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 16 states. [2020-07-10 15:09:28,638 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 57 edges. 57 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:28,638 INFO L459 AbstractCegarLoop]: Interpolant automaton has 16 states [2020-07-10 15:09:28,639 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:28,639 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 16 interpolants. [2020-07-10 15:09:28,639 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=37, Invalid=203, Unknown=0, NotChecked=0, Total=240 [2020-07-10 15:09:28,639 INFO L87 Difference]: Start difference. First operand 83 states and 111 transitions. Second operand 16 states. [2020-07-10 15:09:30,624 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:30,624 INFO L93 Difference]: Finished difference Result 101 states and 130 transitions. [2020-07-10 15:09:30,624 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2020-07-10 15:09:30,624 INFO L78 Accepts]: Start accepts. Automaton has 16 states. Word has length 39 [2020-07-10 15:09:30,624 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:30,625 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 16 states. [2020-07-10 15:09:30,628 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 109 transitions. [2020-07-10 15:09:30,628 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 16 states. [2020-07-10 15:09:30,630 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 109 transitions. [2020-07-10 15:09:30,630 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 109 transitions. [2020-07-10 15:09:30,793 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 109 edges. 109 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:30,794 INFO L225 Difference]: With dead ends: 101 [2020-07-10 15:09:30,795 INFO L226 Difference]: Without dead ends: 91 [2020-07-10 15:09:30,795 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 55 GetRequests, 36 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 38 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=78, Invalid=342, Unknown=0, NotChecked=0, Total=420 [2020-07-10 15:09:30,796 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 91 states. [2020-07-10 15:09:30,829 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 91 to 74. [2020-07-10 15:09:30,829 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:30,830 INFO L82 GeneralOperation]: Start isEquivalent. First operand 91 states. Second operand 74 states. [2020-07-10 15:09:30,830 INFO L74 IsIncluded]: Start isIncluded. First operand 91 states. Second operand 74 states. [2020-07-10 15:09:30,830 INFO L87 Difference]: Start difference. First operand 91 states. Second operand 74 states. [2020-07-10 15:09:30,832 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:30,832 INFO L93 Difference]: Finished difference Result 91 states and 118 transitions. [2020-07-10 15:09:30,832 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 118 transitions. [2020-07-10 15:09:30,833 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:30,833 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:30,833 INFO L74 IsIncluded]: Start isIncluded. First operand 74 states. Second operand 91 states. [2020-07-10 15:09:30,833 INFO L87 Difference]: Start difference. First operand 74 states. Second operand 91 states. [2020-07-10 15:09:30,835 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:30,835 INFO L93 Difference]: Finished difference Result 91 states and 118 transitions. [2020-07-10 15:09:30,836 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 118 transitions. [2020-07-10 15:09:30,836 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:30,836 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:30,836 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:30,836 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:30,837 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 74 states. [2020-07-10 15:09:30,838 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 74 states to 74 states and 99 transitions. [2020-07-10 15:09:30,839 INFO L78 Accepts]: Start accepts. Automaton has 74 states and 99 transitions. Word has length 39 [2020-07-10 15:09:30,839 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:30,839 INFO L479 AbstractCegarLoop]: Abstraction has 74 states and 99 transitions. [2020-07-10 15:09:30,839 INFO L480 AbstractCegarLoop]: Interpolant automaton has 16 states. [2020-07-10 15:09:30,839 INFO L276 IsEmpty]: Start isEmpty. Operand 74 states and 99 transitions. [2020-07-10 15:09:30,840 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2020-07-10 15:09:30,840 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:30,840 INFO L422 BasicCegarLoop]: trace histogram [3, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:31,049 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,5 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:31,050 INFO L427 AbstractCegarLoop]: === Iteration 11 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:31,050 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:31,051 INFO L82 PathProgramCache]: Analyzing trace with hash 1308800881, now seen corresponding path program 2 times [2020-07-10 15:09:31,051 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:31,052 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [177600800] [2020-07-10 15:09:31,052 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:31,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:31,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:31,295 INFO L280 TraceCheckUtils]: 0: Hoare triple {4041#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4029#true} is VALID [2020-07-10 15:09:31,295 INFO L280 TraceCheckUtils]: 1: Hoare triple {4029#true} assume true; {4029#true} is VALID [2020-07-10 15:09:31,296 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {4029#true} {4029#true} #225#return; {4029#true} is VALID [2020-07-10 15:09:31,297 INFO L263 TraceCheckUtils]: 0: Hoare triple {4029#true} call ULTIMATE.init(); {4041#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:31,297 INFO L280 TraceCheckUtils]: 1: Hoare triple {4041#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4029#true} is VALID [2020-07-10 15:09:31,297 INFO L280 TraceCheckUtils]: 2: Hoare triple {4029#true} assume true; {4029#true} is VALID [2020-07-10 15:09:31,297 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {4029#true} {4029#true} #225#return; {4029#true} is VALID [2020-07-10 15:09:31,298 INFO L263 TraceCheckUtils]: 4: Hoare triple {4029#true} call #t~ret41 := main(); {4029#true} is VALID [2020-07-10 15:09:31,298 INFO L280 TraceCheckUtils]: 5: Hoare triple {4029#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {4029#true} is VALID [2020-07-10 15:09:31,298 INFO L280 TraceCheckUtils]: 6: Hoare triple {4029#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {4029#true} is VALID [2020-07-10 15:09:31,298 INFO L280 TraceCheckUtils]: 7: Hoare triple {4029#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {4029#true} is VALID [2020-07-10 15:09:31,298 INFO L280 TraceCheckUtils]: 8: Hoare triple {4029#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {4029#true} is VALID [2020-07-10 15:09:31,299 INFO L280 TraceCheckUtils]: 9: Hoare triple {4029#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {4029#true} is VALID [2020-07-10 15:09:31,299 INFO L280 TraceCheckUtils]: 10: Hoare triple {4029#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {4029#true} is VALID [2020-07-10 15:09:31,299 INFO L280 TraceCheckUtils]: 11: Hoare triple {4029#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {4029#true} is VALID [2020-07-10 15:09:31,299 INFO L280 TraceCheckUtils]: 12: Hoare triple {4029#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {4029#true} is VALID [2020-07-10 15:09:31,300 INFO L280 TraceCheckUtils]: 13: Hoare triple {4029#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {4029#true} is VALID [2020-07-10 15:09:31,300 INFO L280 TraceCheckUtils]: 14: Hoare triple {4029#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {4029#true} is VALID [2020-07-10 15:09:31,300 INFO L280 TraceCheckUtils]: 15: Hoare triple {4029#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {4029#true} is VALID [2020-07-10 15:09:31,301 INFO L280 TraceCheckUtils]: 16: Hoare triple {4029#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:31,302 INFO L280 TraceCheckUtils]: 17: Hoare triple {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:31,303 INFO L280 TraceCheckUtils]: 18: Hoare triple {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:31,304 INFO L280 TraceCheckUtils]: 19: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:31,304 INFO L280 TraceCheckUtils]: 20: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:31,305 INFO L280 TraceCheckUtils]: 21: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:31,306 INFO L280 TraceCheckUtils]: 22: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:31,307 INFO L280 TraceCheckUtils]: 23: Hoare triple {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:31,309 INFO L280 TraceCheckUtils]: 24: Hoare triple {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:31,310 INFO L280 TraceCheckUtils]: 25: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:31,311 INFO L280 TraceCheckUtils]: 26: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:31,312 INFO L280 TraceCheckUtils]: 27: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4038#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-10 15:09:31,313 INFO L280 TraceCheckUtils]: 28: Hoare triple {4038#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4038#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-10 15:09:31,314 INFO L280 TraceCheckUtils]: 29: Hoare triple {4038#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {4039#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:31,314 INFO L280 TraceCheckUtils]: 30: Hoare triple {4039#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4040#(= |main_#t~mem36| 3)} is VALID [2020-07-10 15:09:31,315 INFO L280 TraceCheckUtils]: 31: Hoare triple {4040#(= |main_#t~mem36| 3)} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {4030#false} is VALID [2020-07-10 15:09:31,315 INFO L280 TraceCheckUtils]: 32: Hoare triple {4030#false} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-10 15:09:31,316 INFO L280 TraceCheckUtils]: 33: Hoare triple {4030#false} assume !(2 == #t~mem36);havoc #t~mem36; {4030#false} is VALID [2020-07-10 15:09:31,316 INFO L280 TraceCheckUtils]: 34: Hoare triple {4030#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-10 15:09:31,316 INFO L280 TraceCheckUtils]: 35: Hoare triple {4030#false} assume !(1 == #t~mem38);havoc #t~mem38; {4030#false} is VALID [2020-07-10 15:09:31,316 INFO L280 TraceCheckUtils]: 36: Hoare triple {4030#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-10 15:09:31,316 INFO L280 TraceCheckUtils]: 37: Hoare triple {4030#false} assume 3 != #t~mem40;havoc #t~mem40; {4030#false} is VALID [2020-07-10 15:09:31,317 INFO L280 TraceCheckUtils]: 38: Hoare triple {4030#false} assume !false; {4030#false} is VALID [2020-07-10 15:09:31,320 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 4 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:31,321 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [177600800] [2020-07-10 15:09:31,321 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1798568674] [2020-07-10 15:09:31,321 INFO L92 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 6 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:31,465 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2020-07-10 15:09:31,465 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2020-07-10 15:09:31,467 INFO L264 TraceCheckSpWp]: Trace formula consists of 174 conjuncts, 36 conjunts are in the unsatisfiable core [2020-07-10 15:09:31,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:31,480 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-10 15:09:31,501 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-10 15:09:31,502 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,506 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:31,507 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,507 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2020-07-10 15:09:31,509 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:31,509 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_29|]. (and (= |#valid| (store |v_#valid_29| main_~a~0.base 1)) (= 0 main_~a~0.offset)) [2020-07-10 15:09:31,510 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset)) [2020-07-10 15:09:31,546 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:31,547 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 15 [2020-07-10 15:09:31,548 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,555 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:31,558 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,558 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:20, output treesize:14 [2020-07-10 15:09:31,561 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:31,561 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_30|]. (and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 (select |v_#valid_30| main_~t~0.base)) (= 0 main_~a~0.offset) (= 1 (select |v_#valid_30| main_~p~0.base))) [2020-07-10 15:09:31,561 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base))) [2020-07-10 15:09:31,590 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-10 15:09:31,591 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,605 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:31,610 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-10 15:09:31,610 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,631 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:31,634 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,635 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:44, output treesize:26 [2020-07-10 15:09:31,642 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:31,642 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.offset_46|, main_~t~0.offset, main_~t~0.base, |v_#memory_$Pointer$.base_48|]. (and (not (= main_~t~0.base main_~a~0.base)) (= (store |v_#memory_$Pointer$.offset_46| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_46| main_~a~0.base) 4 main_~t~0.offset)) |#memory_$Pointer$.offset|) (= 0 main_~a~0.offset) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_48| main_~a~0.base (store (select |v_#memory_$Pointer$.base_48| main_~a~0.base) 4 main_~t~0.base))) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset)) [2020-07-10 15:09:31,643 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (and (not (= main_~a~0.base .cse0)) (= 0 main_~a~0.offset) (= main_~p~0.base .cse0) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))) [2020-07-10 15:09:31,684 INFO L440 ElimStorePlain]: Different costs {0=[|v_#memory_int_44|], 2=[|v_#memory_$Pointer$.base_49|, |v_#memory_$Pointer$.offset_47|]} [2020-07-10 15:09:31,689 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 15 [2020-07-10 15:09:31,689 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,706 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:31,728 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:31,729 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 94 treesize of output 108 [2020-07-10 15:09:31,741 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[5, 3, 2, 1] term [2020-07-10 15:09:31,741 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 5 disjuncts [2020-07-10 15:09:31,743 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,764 INFO L624 ElimStorePlain]: treesize reduction 36, result has 63.3 percent of original size [2020-07-10 15:09:31,770 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 51 treesize of output 41 [2020-07-10 15:09:31,773 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,779 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:31,780 INFO L544 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,780 INFO L244 ElimStorePlain]: Needed 4 recursive calls to eliminate 3 variables, input treesize:105, output treesize:27 [2020-07-10 15:09:31,788 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:31,788 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_49|, |v_#memory_int_44|, |v_#memory_$Pointer$.offset_47|]. (let ((.cse1 (select (select |v_#memory_$Pointer$.offset_47| main_~p~0.base) 4)) (.cse0 (select (select |v_#memory_$Pointer$.base_49| main_~p~0.base) 4))) (and (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_49| .cse0 (store (select |v_#memory_$Pointer$.base_49| .cse0) .cse1 (select (select |#memory_$Pointer$.base| .cse0) .cse1)))) (= (store |v_#memory_int_44| .cse0 (store (select |v_#memory_int_44| .cse0) .cse1 3)) |#memory_int|) (= 0 main_~p~0.offset) (= |#memory_$Pointer$.offset| (store |v_#memory_$Pointer$.offset_47| .cse0 (store (select |v_#memory_$Pointer$.offset_47| .cse0) .cse1 (select (select |#memory_$Pointer$.offset| .cse0) .cse1)))) (not (= main_~p~0.base .cse0)))) [2020-07-10 15:09:31,788 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~p~0.base) 4))) (and (= 3 (select (select |#memory_int| .cse0) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (not (= .cse0 main_~p~0.base)) (= 0 main_~p~0.offset))) [2020-07-10 15:09:31,830 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 19 [2020-07-10 15:09:31,832 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,840 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:31,844 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 11 [2020-07-10 15:09:31,847 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,852 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:31,853 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,854 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:38, output treesize:7 [2020-07-10 15:09:31,855 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:31,856 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_29, |#memory_$Pointer$.offset|]. (let ((.cse0 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_29) 4)) (.cse1 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_29) 4))) (and (not (= v_main_~p~0.base_29 .cse0)) (= 3 (select (select |#memory_int| .cse0) .cse1)) (= .cse0 main_~p~0.base) (= main_~p~0.offset .cse1))) [2020-07-10 15:09:31,856 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) [2020-07-10 15:09:31,865 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2020-07-10 15:09:31,867 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,869 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:31,869 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:31,869 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:15, output treesize:3 [2020-07-10 15:09:31,872 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:31,872 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (<= .cse0 |main_#t~mem36|) (= 3 .cse0))) [2020-07-10 15:09:31,872 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (<= 3 |main_#t~mem36|) [2020-07-10 15:09:31,901 INFO L263 TraceCheckUtils]: 0: Hoare triple {4029#true} call ULTIMATE.init(); {4029#true} is VALID [2020-07-10 15:09:31,901 INFO L280 TraceCheckUtils]: 1: Hoare triple {4029#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4029#true} is VALID [2020-07-10 15:09:31,902 INFO L280 TraceCheckUtils]: 2: Hoare triple {4029#true} assume true; {4029#true} is VALID [2020-07-10 15:09:31,902 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {4029#true} {4029#true} #225#return; {4029#true} is VALID [2020-07-10 15:09:31,902 INFO L263 TraceCheckUtils]: 4: Hoare triple {4029#true} call #t~ret41 := main(); {4029#true} is VALID [2020-07-10 15:09:31,902 INFO L280 TraceCheckUtils]: 5: Hoare triple {4029#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {4029#true} is VALID [2020-07-10 15:09:31,902 INFO L280 TraceCheckUtils]: 6: Hoare triple {4029#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {4029#true} is VALID [2020-07-10 15:09:31,902 INFO L280 TraceCheckUtils]: 7: Hoare triple {4029#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {4029#true} is VALID [2020-07-10 15:09:31,902 INFO L280 TraceCheckUtils]: 8: Hoare triple {4029#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {4029#true} is VALID [2020-07-10 15:09:31,902 INFO L280 TraceCheckUtils]: 9: Hoare triple {4029#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {4029#true} is VALID [2020-07-10 15:09:31,903 INFO L280 TraceCheckUtils]: 10: Hoare triple {4029#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {4029#true} is VALID [2020-07-10 15:09:31,903 INFO L280 TraceCheckUtils]: 11: Hoare triple {4029#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {4029#true} is VALID [2020-07-10 15:09:31,903 INFO L280 TraceCheckUtils]: 12: Hoare triple {4029#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {4029#true} is VALID [2020-07-10 15:09:31,903 INFO L280 TraceCheckUtils]: 13: Hoare triple {4029#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {4029#true} is VALID [2020-07-10 15:09:31,903 INFO L280 TraceCheckUtils]: 14: Hoare triple {4029#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {4029#true} is VALID [2020-07-10 15:09:31,903 INFO L280 TraceCheckUtils]: 15: Hoare triple {4029#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {4029#true} is VALID [2020-07-10 15:09:31,904 INFO L280 TraceCheckUtils]: 16: Hoare triple {4029#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:31,905 INFO L280 TraceCheckUtils]: 17: Hoare triple {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:31,905 INFO L280 TraceCheckUtils]: 18: Hoare triple {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:31,906 INFO L280 TraceCheckUtils]: 19: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:31,906 INFO L280 TraceCheckUtils]: 20: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:31,907 INFO L280 TraceCheckUtils]: 21: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:31,908 INFO L280 TraceCheckUtils]: 22: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:31,908 INFO L280 TraceCheckUtils]: 23: Hoare triple {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:31,910 INFO L280 TraceCheckUtils]: 24: Hoare triple {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:31,911 INFO L280 TraceCheckUtils]: 25: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:31,912 INFO L280 TraceCheckUtils]: 26: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:31,913 INFO L280 TraceCheckUtils]: 27: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4126#(and (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 main_~p~0.offset))} is VALID [2020-07-10 15:09:31,914 INFO L280 TraceCheckUtils]: 28: Hoare triple {4126#(and (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4126#(and (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 main_~p~0.offset))} is VALID [2020-07-10 15:09:31,914 INFO L280 TraceCheckUtils]: 29: Hoare triple {4126#(and (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 main_~p~0.offset))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {4039#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:31,915 INFO L280 TraceCheckUtils]: 30: Hoare triple {4039#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4136#(<= 3 |main_#t~mem36|)} is VALID [2020-07-10 15:09:31,915 INFO L280 TraceCheckUtils]: 31: Hoare triple {4136#(<= 3 |main_#t~mem36|)} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {4030#false} is VALID [2020-07-10 15:09:31,915 INFO L280 TraceCheckUtils]: 32: Hoare triple {4030#false} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-10 15:09:31,915 INFO L280 TraceCheckUtils]: 33: Hoare triple {4030#false} assume !(2 == #t~mem36);havoc #t~mem36; {4030#false} is VALID [2020-07-10 15:09:31,916 INFO L280 TraceCheckUtils]: 34: Hoare triple {4030#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-10 15:09:31,916 INFO L280 TraceCheckUtils]: 35: Hoare triple {4030#false} assume !(1 == #t~mem38);havoc #t~mem38; {4030#false} is VALID [2020-07-10 15:09:31,916 INFO L280 TraceCheckUtils]: 36: Hoare triple {4030#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-10 15:09:31,916 INFO L280 TraceCheckUtils]: 37: Hoare triple {4030#false} assume 3 != #t~mem40;havoc #t~mem40; {4030#false} is VALID [2020-07-10 15:09:31,916 INFO L280 TraceCheckUtils]: 38: Hoare triple {4030#false} assume !false; {4030#false} is VALID [2020-07-10 15:09:31,919 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 4 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:31,920 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-10 15:09:31,920 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 9] total 12 [2020-07-10 15:09:31,920 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [833353382] [2020-07-10 15:09:31,920 INFO L78 Accepts]: Start accepts. Automaton has 12 states. Word has length 39 [2020-07-10 15:09:31,921 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:31,921 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states. [2020-07-10 15:09:31,979 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 46 edges. 46 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:31,979 INFO L459 AbstractCegarLoop]: Interpolant automaton has 12 states [2020-07-10 15:09:31,979 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:31,980 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2020-07-10 15:09:31,980 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2020-07-10 15:09:31,980 INFO L87 Difference]: Start difference. First operand 74 states and 99 transitions. Second operand 12 states. [2020-07-10 15:09:33,362 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:33,362 INFO L93 Difference]: Finished difference Result 94 states and 121 transitions. [2020-07-10 15:09:33,363 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2020-07-10 15:09:33,363 INFO L78 Accepts]: Start accepts. Automaton has 12 states. Word has length 39 [2020-07-10 15:09:33,363 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:33,363 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 12 states. [2020-07-10 15:09:33,365 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 106 transitions. [2020-07-10 15:09:33,365 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 12 states. [2020-07-10 15:09:33,366 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 106 transitions. [2020-07-10 15:09:33,367 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 106 transitions. [2020-07-10 15:09:33,496 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 106 edges. 106 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:33,498 INFO L225 Difference]: With dead ends: 94 [2020-07-10 15:09:33,498 INFO L226 Difference]: Without dead ends: 81 [2020-07-10 15:09:33,499 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 55 GetRequests, 38 SyntacticMatches, 2 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=54, Invalid=218, Unknown=0, NotChecked=0, Total=272 [2020-07-10 15:09:33,500 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 81 states. [2020-07-10 15:09:33,523 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 81 to 69. [2020-07-10 15:09:33,523 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:33,523 INFO L82 GeneralOperation]: Start isEquivalent. First operand 81 states. Second operand 69 states. [2020-07-10 15:09:33,523 INFO L74 IsIncluded]: Start isIncluded. First operand 81 states. Second operand 69 states. [2020-07-10 15:09:33,523 INFO L87 Difference]: Start difference. First operand 81 states. Second operand 69 states. [2020-07-10 15:09:33,526 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:33,526 INFO L93 Difference]: Finished difference Result 81 states and 106 transitions. [2020-07-10 15:09:33,526 INFO L276 IsEmpty]: Start isEmpty. Operand 81 states and 106 transitions. [2020-07-10 15:09:33,527 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:33,527 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:33,527 INFO L74 IsIncluded]: Start isIncluded. First operand 69 states. Second operand 81 states. [2020-07-10 15:09:33,527 INFO L87 Difference]: Start difference. First operand 69 states. Second operand 81 states. [2020-07-10 15:09:33,530 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:33,530 INFO L93 Difference]: Finished difference Result 81 states and 106 transitions. [2020-07-10 15:09:33,530 INFO L276 IsEmpty]: Start isEmpty. Operand 81 states and 106 transitions. [2020-07-10 15:09:33,530 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:33,531 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:33,531 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:33,531 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:33,531 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 69 states. [2020-07-10 15:09:33,533 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 69 states to 69 states and 93 transitions. [2020-07-10 15:09:33,534 INFO L78 Accepts]: Start accepts. Automaton has 69 states and 93 transitions. Word has length 39 [2020-07-10 15:09:33,534 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:33,534 INFO L479 AbstractCegarLoop]: Abstraction has 69 states and 93 transitions. [2020-07-10 15:09:33,534 INFO L480 AbstractCegarLoop]: Interpolant automaton has 12 states. [2020-07-10 15:09:33,534 INFO L276 IsEmpty]: Start isEmpty. Operand 69 states and 93 transitions. [2020-07-10 15:09:33,535 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2020-07-10 15:09:33,535 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:33,536 INFO L422 BasicCegarLoop]: trace histogram [3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:33,752 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable10 [2020-07-10 15:09:33,753 INFO L427 AbstractCegarLoop]: === Iteration 12 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:33,753 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:33,754 INFO L82 PathProgramCache]: Analyzing trace with hash -315248798, now seen corresponding path program 2 times [2020-07-10 15:09:33,754 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:33,754 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1608421484] [2020-07-10 15:09:33,755 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:33,792 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:34,090 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:34,097 INFO L280 TraceCheckUtils]: 0: Hoare triple {4542#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4527#true} is VALID [2020-07-10 15:09:34,098 INFO L280 TraceCheckUtils]: 1: Hoare triple {4527#true} assume true; {4527#true} is VALID [2020-07-10 15:09:34,098 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {4527#true} {4527#true} #225#return; {4527#true} is VALID [2020-07-10 15:09:34,099 INFO L263 TraceCheckUtils]: 0: Hoare triple {4527#true} call ULTIMATE.init(); {4542#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:34,099 INFO L280 TraceCheckUtils]: 1: Hoare triple {4542#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4527#true} is VALID [2020-07-10 15:09:34,099 INFO L280 TraceCheckUtils]: 2: Hoare triple {4527#true} assume true; {4527#true} is VALID [2020-07-10 15:09:34,099 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {4527#true} {4527#true} #225#return; {4527#true} is VALID [2020-07-10 15:09:34,100 INFO L263 TraceCheckUtils]: 4: Hoare triple {4527#true} call #t~ret41 := main(); {4527#true} is VALID [2020-07-10 15:09:34,100 INFO L280 TraceCheckUtils]: 5: Hoare triple {4527#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {4527#true} is VALID [2020-07-10 15:09:34,100 INFO L280 TraceCheckUtils]: 6: Hoare triple {4527#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {4527#true} is VALID [2020-07-10 15:09:34,100 INFO L280 TraceCheckUtils]: 7: Hoare triple {4527#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {4527#true} is VALID [2020-07-10 15:09:34,100 INFO L280 TraceCheckUtils]: 8: Hoare triple {4527#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {4527#true} is VALID [2020-07-10 15:09:34,100 INFO L280 TraceCheckUtils]: 9: Hoare triple {4527#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {4527#true} is VALID [2020-07-10 15:09:34,100 INFO L280 TraceCheckUtils]: 10: Hoare triple {4527#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {4527#true} is VALID [2020-07-10 15:09:34,100 INFO L280 TraceCheckUtils]: 11: Hoare triple {4527#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {4527#true} is VALID [2020-07-10 15:09:34,101 INFO L280 TraceCheckUtils]: 12: Hoare triple {4527#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {4527#true} is VALID [2020-07-10 15:09:34,101 INFO L280 TraceCheckUtils]: 13: Hoare triple {4527#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {4527#true} is VALID [2020-07-10 15:09:34,101 INFO L280 TraceCheckUtils]: 14: Hoare triple {4527#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {4527#true} is VALID [2020-07-10 15:09:34,101 INFO L280 TraceCheckUtils]: 15: Hoare triple {4527#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {4527#true} is VALID [2020-07-10 15:09:34,102 INFO L280 TraceCheckUtils]: 16: Hoare triple {4527#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:34,103 INFO L280 TraceCheckUtils]: 17: Hoare triple {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:34,103 INFO L280 TraceCheckUtils]: 18: Hoare triple {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:34,104 INFO L280 TraceCheckUtils]: 19: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:34,104 INFO L280 TraceCheckUtils]: 20: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:34,105 INFO L280 TraceCheckUtils]: 21: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:34,106 INFO L280 TraceCheckUtils]: 22: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4534#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:34,107 INFO L280 TraceCheckUtils]: 23: Hoare triple {4534#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4534#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:34,108 INFO L280 TraceCheckUtils]: 24: Hoare triple {4534#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4535#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:34,109 INFO L280 TraceCheckUtils]: 25: Hoare triple {4535#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4535#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:34,110 INFO L280 TraceCheckUtils]: 26: Hoare triple {4535#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4536#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~a~0.offset main_~t~0.offset) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:34,111 INFO L280 TraceCheckUtils]: 27: Hoare triple {4536#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~a~0.offset main_~t~0.offset) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4536#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~a~0.offset main_~t~0.offset) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-10 15:09:34,111 INFO L280 TraceCheckUtils]: 28: Hoare triple {4536#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~a~0.offset main_~t~0.offset) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:34,112 INFO L280 TraceCheckUtils]: 29: Hoare triple {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:34,113 INFO L280 TraceCheckUtils]: 30: Hoare triple {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:34,113 INFO L280 TraceCheckUtils]: 31: Hoare triple {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4538#(or (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-10 15:09:34,114 INFO L280 TraceCheckUtils]: 32: Hoare triple {4538#(or (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4539#(or (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= |main_#t~mem36| 2))} is VALID [2020-07-10 15:09:34,114 INFO L280 TraceCheckUtils]: 33: Hoare triple {4539#(or (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= |main_#t~mem36| 2))} assume !(2 == #t~mem36);havoc #t~mem36; {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:34,115 INFO L280 TraceCheckUtils]: 34: Hoare triple {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:34,115 INFO L280 TraceCheckUtils]: 35: Hoare triple {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(1 == #t~mem38);havoc #t~mem38; {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:34,116 INFO L280 TraceCheckUtils]: 36: Hoare triple {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {4541#(= |main_#t~mem40| 3)} is VALID [2020-07-10 15:09:34,116 INFO L280 TraceCheckUtils]: 37: Hoare triple {4541#(= |main_#t~mem40| 3)} assume 3 != #t~mem40;havoc #t~mem40; {4528#false} is VALID [2020-07-10 15:09:34,116 INFO L280 TraceCheckUtils]: 38: Hoare triple {4528#false} assume !false; {4528#false} is VALID [2020-07-10 15:09:34,119 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 0 proven. 8 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:34,119 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1608421484] [2020-07-10 15:09:34,119 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1201963667] [2020-07-10 15:09:34,119 INFO L92 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 7 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:34,230 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2020-07-10 15:09:34,230 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2020-07-10 15:09:34,232 INFO L264 TraceCheckSpWp]: Trace formula consists of 184 conjuncts, 40 conjunts are in the unsatisfiable core [2020-07-10 15:09:34,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:34,247 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-10 15:09:34,274 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-10 15:09:34,274 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,281 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:34,281 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,282 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2020-07-10 15:09:34,284 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:34,284 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_31|]. (and (= (store |v_#valid_31| main_~a~0.base 1) |#valid|) (= 0 main_~a~0.offset)) [2020-07-10 15:09:34,284 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset)) [2020-07-10 15:09:34,345 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:34,346 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 39 [2020-07-10 15:09:34,348 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,383 INFO L624 ElimStorePlain]: treesize reduction 14, result has 71.4 percent of original size [2020-07-10 15:09:34,393 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-10 15:09:34,394 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,407 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:34,407 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,408 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:37, output treesize:31 [2020-07-10 15:09:34,414 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:34,414 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_45|, |v_#valid_32|]. (and (= main_~a~0.base main_~p~0.base) (= (store |v_#valid_32| main_~t~0.base 1) |#valid|) (= 0 (select |v_#valid_32| main_~t~0.base)) (= 0 main_~a~0.offset) (= (store |v_#memory_int_45| main_~p~0.base (store (select |v_#memory_int_45| main_~p~0.base) main_~p~0.offset 2)) |#memory_int|) (= 1 (select |v_#valid_32| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-10 15:09:34,415 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-10 15:09:34,500 INFO L190 IndexEqualityManager]: detected not equals via solver [2020-07-10 15:09:34,503 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 11 [2020-07-10 15:09:34,506 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,514 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:34,515 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,515 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:44, output treesize:25 [2020-07-10 15:09:34,603 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:34,604 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 16 treesize of output 26 [2020-07-10 15:09:34,605 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,618 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:34,627 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 18 [2020-07-10 15:09:34,629 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,641 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:34,641 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,642 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:41, output treesize:30 [2020-07-10 15:09:34,645 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:34,645 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_47|, |v_#valid_33|]. (and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |v_#valid_33| main_~p~0.base)) (= (select (select |v_#memory_int_47| main_~a~0.base) main_~a~0.offset) 2) (= 0 main_~a~0.offset) (= (store |v_#memory_int_47| main_~p~0.base (store (select |v_#memory_int_47| main_~p~0.base) main_~p~0.offset 2)) |#memory_int|) (= 1 (select |v_#valid_33| main_~a~0.base)) (= 0 (select |v_#valid_33| main_~t~0.base))) [2020-07-10 15:09:34,646 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (not (= main_~t~0.base main_~p~0.base))) [2020-07-10 15:09:34,721 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[2, 1] term [2020-07-10 15:09:34,722 INFO L501 QuantifierPusher]: Distributing 1 conjuncts over 3 disjuncts [2020-07-10 15:09:34,776 INFO L350 Elim1Store]: treesize reduction 27, result has 20.6 percent of original size [2020-07-10 15:09:34,777 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 34 treesize of output 21 [2020-07-10 15:09:34,779 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,791 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:34,796 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2020-07-10 15:09:34,796 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:49, output treesize:30 [2020-07-10 15:09:34,936 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 28 [2020-07-10 15:09:34,941 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:34,956 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:34,975 INFO L544 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 1 dim-2 vars, End of recursive call: 4 dim-0 vars, and 1 xjuncts. [2020-07-10 15:09:34,975 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 5 variables, input treesize:41, output treesize:37 [2020-07-10 15:09:34,980 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:34,981 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_49|, v_main_~p~0.base_32, v_main_~p~0.offset_32, v_main_~p~0.base_31, v_main_~p~0.offset_31]. (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |v_#memory_int_49| main_~p~0.base) 0)) (= 0 main_~p~0.offset) (= |#memory_int| (store |v_#memory_int_49| v_main_~p~0.base_32 (store (select |v_#memory_int_49| v_main_~p~0.base_32) v_main_~p~0.offset_32 3))) (= (select (select |v_#memory_int_49| v_main_~p~0.base_31) v_main_~p~0.offset_31) 2) (not (= v_main_~p~0.base_32 main_~p~0.base)) (not (= v_main_~p~0.base_32 v_main_~p~0.base_31))) [2020-07-10 15:09:34,981 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_32, v_main_~p~0.offset_32, v_main_~p~0.base_31, v_main_~p~0.offset_31]. (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= (select (select |#memory_int| v_main_~p~0.base_32) v_main_~p~0.offset_32) 3) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (= 2 (select (select |#memory_int| main_~p~0.base) 0)) (= 0 main_~p~0.offset) (not (= v_main_~p~0.base_32 main_~p~0.base)) (not (= v_main_~p~0.base_32 v_main_~p~0.base_31))) [2020-07-10 15:09:35,102 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 3 select indices, 3 select index equivalence classes, 3 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 13 [2020-07-10 15:09:35,108 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:35,116 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:35,120 INFO L544 ElimStorePlain]: Start of recursive call 1: 5 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:35,120 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 6 variables, input treesize:41, output treesize:3 [2020-07-10 15:09:35,123 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:35,123 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, v_main_~p~0.base_32, v_main_~p~0.offset_32, v_main_~p~0.base_31, main_~p~0.base, v_main_~p~0.offset_31]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) 0))) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= (select (select |#memory_int| v_main_~p~0.base_32) v_main_~p~0.offset_32) 3) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (= 2 .cse0) (= |main_#t~mem36| .cse0) (not (= v_main_~p~0.base_32 main_~p~0.base)) (not (= v_main_~p~0.base_32 v_main_~p~0.base_31)))) [2020-07-10 15:09:35,123 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem36| 2) [2020-07-10 15:09:35,147 INFO L263 TraceCheckUtils]: 0: Hoare triple {4527#true} call ULTIMATE.init(); {4527#true} is VALID [2020-07-10 15:09:35,148 INFO L280 TraceCheckUtils]: 1: Hoare triple {4527#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4527#true} is VALID [2020-07-10 15:09:35,148 INFO L280 TraceCheckUtils]: 2: Hoare triple {4527#true} assume true; {4527#true} is VALID [2020-07-10 15:09:35,148 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {4527#true} {4527#true} #225#return; {4527#true} is VALID [2020-07-10 15:09:35,148 INFO L263 TraceCheckUtils]: 4: Hoare triple {4527#true} call #t~ret41 := main(); {4527#true} is VALID [2020-07-10 15:09:35,149 INFO L280 TraceCheckUtils]: 5: Hoare triple {4527#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {4527#true} is VALID [2020-07-10 15:09:35,149 INFO L280 TraceCheckUtils]: 6: Hoare triple {4527#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {4527#true} is VALID [2020-07-10 15:09:35,149 INFO L280 TraceCheckUtils]: 7: Hoare triple {4527#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {4527#true} is VALID [2020-07-10 15:09:35,149 INFO L280 TraceCheckUtils]: 8: Hoare triple {4527#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {4527#true} is VALID [2020-07-10 15:09:35,150 INFO L280 TraceCheckUtils]: 9: Hoare triple {4527#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {4527#true} is VALID [2020-07-10 15:09:35,150 INFO L280 TraceCheckUtils]: 10: Hoare triple {4527#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {4527#true} is VALID [2020-07-10 15:09:35,150 INFO L280 TraceCheckUtils]: 11: Hoare triple {4527#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {4527#true} is VALID [2020-07-10 15:09:35,150 INFO L280 TraceCheckUtils]: 12: Hoare triple {4527#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {4527#true} is VALID [2020-07-10 15:09:35,150 INFO L280 TraceCheckUtils]: 13: Hoare triple {4527#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {4527#true} is VALID [2020-07-10 15:09:35,150 INFO L280 TraceCheckUtils]: 14: Hoare triple {4527#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {4527#true} is VALID [2020-07-10 15:09:35,150 INFO L280 TraceCheckUtils]: 15: Hoare triple {4527#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {4527#true} is VALID [2020-07-10 15:09:35,153 INFO L280 TraceCheckUtils]: 16: Hoare triple {4527#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:35,154 INFO L280 TraceCheckUtils]: 17: Hoare triple {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:35,154 INFO L280 TraceCheckUtils]: 18: Hoare triple {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:35,155 INFO L280 TraceCheckUtils]: 19: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:35,155 INFO L280 TraceCheckUtils]: 20: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:35,156 INFO L280 TraceCheckUtils]: 21: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:35,157 INFO L280 TraceCheckUtils]: 22: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4612#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:35,158 INFO L280 TraceCheckUtils]: 23: Hoare triple {4612#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4612#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:35,159 INFO L280 TraceCheckUtils]: 24: Hoare triple {4612#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4619#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |#valid| main_~a~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:35,160 INFO L280 TraceCheckUtils]: 25: Hoare triple {4619#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |#valid| main_~a~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4619#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |#valid| main_~a~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:35,162 INFO L280 TraceCheckUtils]: 26: Hoare triple {4619#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |#valid| main_~a~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4626#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:35,163 INFO L280 TraceCheckUtils]: 27: Hoare triple {4626#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4626#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:35,164 INFO L280 TraceCheckUtils]: 28: Hoare triple {4626#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:35,165 INFO L280 TraceCheckUtils]: 29: Hoare triple {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:35,166 INFO L280 TraceCheckUtils]: 30: Hoare triple {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:35,170 INFO L280 TraceCheckUtils]: 31: Hoare triple {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4643#(and (exists ((v_main_~p~0.base_32 Int) (v_main_~p~0.base_31 Int) (v_main_~p~0.offset_32 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= (select (select |#memory_int| v_main_~p~0.base_32) v_main_~p~0.offset_32) 3) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_32 main_~p~0.base)) (not (= v_main_~p~0.base_32 v_main_~p~0.base_31)))) (= 2 (select (select |#memory_int| main_~p~0.base) 0)) (= 0 main_~p~0.offset))} is VALID [2020-07-10 15:09:35,171 INFO L280 TraceCheckUtils]: 32: Hoare triple {4643#(and (exists ((v_main_~p~0.base_32 Int) (v_main_~p~0.base_31 Int) (v_main_~p~0.offset_32 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= (select (select |#memory_int| v_main_~p~0.base_32) v_main_~p~0.offset_32) 3) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_32 main_~p~0.base)) (not (= v_main_~p~0.base_32 v_main_~p~0.base_31)))) (= 2 (select (select |#memory_int| main_~p~0.base) 0)) (= 0 main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4647#(= |main_#t~mem36| 2)} is VALID [2020-07-10 15:09:35,171 INFO L280 TraceCheckUtils]: 33: Hoare triple {4647#(= |main_#t~mem36| 2)} assume !(2 == #t~mem36);havoc #t~mem36; {4528#false} is VALID [2020-07-10 15:09:35,172 INFO L280 TraceCheckUtils]: 34: Hoare triple {4528#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {4528#false} is VALID [2020-07-10 15:09:35,172 INFO L280 TraceCheckUtils]: 35: Hoare triple {4528#false} assume !(1 == #t~mem38);havoc #t~mem38; {4528#false} is VALID [2020-07-10 15:09:35,172 INFO L280 TraceCheckUtils]: 36: Hoare triple {4528#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {4528#false} is VALID [2020-07-10 15:09:35,172 INFO L280 TraceCheckUtils]: 37: Hoare triple {4528#false} assume 3 != #t~mem40;havoc #t~mem40; {4528#false} is VALID [2020-07-10 15:09:35,173 INFO L280 TraceCheckUtils]: 38: Hoare triple {4528#false} assume !false; {4528#false} is VALID [2020-07-10 15:09:35,178 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 0 proven. 8 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:35,178 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-10 15:09:35,179 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 10] total 19 [2020-07-10 15:09:35,179 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1688000723] [2020-07-10 15:09:35,180 INFO L78 Accepts]: Start accepts. Automaton has 19 states. Word has length 39 [2020-07-10 15:09:35,180 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:35,180 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 19 states. [2020-07-10 15:09:35,261 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 57 edges. 57 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:35,261 INFO L459 AbstractCegarLoop]: Interpolant automaton has 19 states [2020-07-10 15:09:35,261 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:35,262 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 19 interpolants. [2020-07-10 15:09:35,262 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=52, Invalid=290, Unknown=0, NotChecked=0, Total=342 [2020-07-10 15:09:35,262 INFO L87 Difference]: Start difference. First operand 69 states and 93 transitions. Second operand 19 states. [2020-07-10 15:09:37,957 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:37,957 INFO L93 Difference]: Finished difference Result 105 states and 135 transitions. [2020-07-10 15:09:37,957 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 19 states. [2020-07-10 15:09:37,957 INFO L78 Accepts]: Start accepts. Automaton has 19 states. Word has length 39 [2020-07-10 15:09:37,958 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:37,958 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 19 states. [2020-07-10 15:09:37,959 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 19 states to 19 states and 115 transitions. [2020-07-10 15:09:37,960 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 19 states. [2020-07-10 15:09:37,961 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 19 states to 19 states and 115 transitions. [2020-07-10 15:09:37,961 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 19 states and 115 transitions. [2020-07-10 15:09:38,141 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 115 edges. 115 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:38,144 INFO L225 Difference]: With dead ends: 105 [2020-07-10 15:09:38,144 INFO L226 Difference]: Without dead ends: 97 [2020-07-10 15:09:38,145 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 64 GetRequests, 34 SyntacticMatches, 1 SemanticMatches, 29 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 169 ImplicationChecksByTransitivity, 0.8s TimeCoverageRelationStatistics Valid=162, Invalid=768, Unknown=0, NotChecked=0, Total=930 [2020-07-10 15:09:38,145 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 97 states. [2020-07-10 15:09:38,182 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 97 to 87. [2020-07-10 15:09:38,182 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:38,182 INFO L82 GeneralOperation]: Start isEquivalent. First operand 97 states. Second operand 87 states. [2020-07-10 15:09:38,182 INFO L74 IsIncluded]: Start isIncluded. First operand 97 states. Second operand 87 states. [2020-07-10 15:09:38,182 INFO L87 Difference]: Start difference. First operand 97 states. Second operand 87 states. [2020-07-10 15:09:38,185 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:38,186 INFO L93 Difference]: Finished difference Result 97 states and 125 transitions. [2020-07-10 15:09:38,186 INFO L276 IsEmpty]: Start isEmpty. Operand 97 states and 125 transitions. [2020-07-10 15:09:38,186 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:38,186 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:38,186 INFO L74 IsIncluded]: Start isIncluded. First operand 87 states. Second operand 97 states. [2020-07-10 15:09:38,186 INFO L87 Difference]: Start difference. First operand 87 states. Second operand 97 states. [2020-07-10 15:09:38,189 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:38,189 INFO L93 Difference]: Finished difference Result 97 states and 125 transitions. [2020-07-10 15:09:38,189 INFO L276 IsEmpty]: Start isEmpty. Operand 97 states and 125 transitions. [2020-07-10 15:09:38,190 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:38,190 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:38,190 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:38,190 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:38,190 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 87 states. [2020-07-10 15:09:38,192 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 87 states to 87 states and 114 transitions. [2020-07-10 15:09:38,192 INFO L78 Accepts]: Start accepts. Automaton has 87 states and 114 transitions. Word has length 39 [2020-07-10 15:09:38,192 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:38,193 INFO L479 AbstractCegarLoop]: Abstraction has 87 states and 114 transitions. [2020-07-10 15:09:38,193 INFO L480 AbstractCegarLoop]: Interpolant automaton has 19 states. [2020-07-10 15:09:38,193 INFO L276 IsEmpty]: Start isEmpty. Operand 87 states and 114 transitions. [2020-07-10 15:09:38,194 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2020-07-10 15:09:38,194 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:38,194 INFO L422 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:38,395 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11,7 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:38,395 INFO L427 AbstractCegarLoop]: === Iteration 13 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:38,395 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:38,396 INFO L82 PathProgramCache]: Analyzing trace with hash -15546846, now seen corresponding path program 1 times [2020-07-10 15:09:38,396 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:38,397 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1356805577] [2020-07-10 15:09:38,397 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:38,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:38,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:38,754 INFO L280 TraceCheckUtils]: 0: Hoare triple {5123#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5108#true} is VALID [2020-07-10 15:09:38,754 INFO L280 TraceCheckUtils]: 1: Hoare triple {5108#true} assume true; {5108#true} is VALID [2020-07-10 15:09:38,754 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {5108#true} {5108#true} #225#return; {5108#true} is VALID [2020-07-10 15:09:38,761 INFO L263 TraceCheckUtils]: 0: Hoare triple {5108#true} call ULTIMATE.init(); {5123#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:38,762 INFO L280 TraceCheckUtils]: 1: Hoare triple {5123#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5108#true} is VALID [2020-07-10 15:09:38,762 INFO L280 TraceCheckUtils]: 2: Hoare triple {5108#true} assume true; {5108#true} is VALID [2020-07-10 15:09:38,762 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {5108#true} {5108#true} #225#return; {5108#true} is VALID [2020-07-10 15:09:38,763 INFO L263 TraceCheckUtils]: 4: Hoare triple {5108#true} call #t~ret41 := main(); {5108#true} is VALID [2020-07-10 15:09:38,763 INFO L280 TraceCheckUtils]: 5: Hoare triple {5108#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {5108#true} is VALID [2020-07-10 15:09:38,763 INFO L280 TraceCheckUtils]: 6: Hoare triple {5108#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {5108#true} is VALID [2020-07-10 15:09:38,763 INFO L280 TraceCheckUtils]: 7: Hoare triple {5108#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {5108#true} is VALID [2020-07-10 15:09:38,764 INFO L280 TraceCheckUtils]: 8: Hoare triple {5108#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {5108#true} is VALID [2020-07-10 15:09:38,764 INFO L280 TraceCheckUtils]: 9: Hoare triple {5108#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {5108#true} is VALID [2020-07-10 15:09:38,764 INFO L280 TraceCheckUtils]: 10: Hoare triple {5108#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {5108#true} is VALID [2020-07-10 15:09:38,764 INFO L280 TraceCheckUtils]: 11: Hoare triple {5108#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {5108#true} is VALID [2020-07-10 15:09:38,764 INFO L280 TraceCheckUtils]: 12: Hoare triple {5108#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {5108#true} is VALID [2020-07-10 15:09:38,765 INFO L280 TraceCheckUtils]: 13: Hoare triple {5108#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {5108#true} is VALID [2020-07-10 15:09:38,765 INFO L280 TraceCheckUtils]: 14: Hoare triple {5108#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {5108#true} is VALID [2020-07-10 15:09:38,765 INFO L280 TraceCheckUtils]: 15: Hoare triple {5108#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {5108#true} is VALID [2020-07-10 15:09:38,767 INFO L280 TraceCheckUtils]: 16: Hoare triple {5108#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {5113#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:38,767 INFO L280 TraceCheckUtils]: 17: Hoare triple {5113#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {5113#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:38,768 INFO L280 TraceCheckUtils]: 18: Hoare triple {5113#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5114#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:38,769 INFO L280 TraceCheckUtils]: 19: Hoare triple {5114#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5114#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:38,771 INFO L280 TraceCheckUtils]: 20: Hoare triple {5114#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet30);havoc #t~nondet30;call write~int(1, ~p~0.base, ~p~0.offset, 4);call #t~malloc31.base, #t~malloc31.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc31.base, #t~malloc31.offset; {5115#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:38,772 INFO L280 TraceCheckUtils]: 21: Hoare triple {5115#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5115#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:38,773 INFO L280 TraceCheckUtils]: 22: Hoare triple {5115#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem32.base, #t~mem32.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem32.base, #t~mem32.offset;havoc #t~mem32.base, #t~mem32.offset; {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:38,774 INFO L280 TraceCheckUtils]: 23: Hoare triple {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:38,774 INFO L280 TraceCheckUtils]: 24: Hoare triple {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:38,775 INFO L280 TraceCheckUtils]: 25: Hoare triple {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:38,776 INFO L280 TraceCheckUtils]: 26: Hoare triple {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5117#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~t~0.offset))} is VALID [2020-07-10 15:09:38,776 INFO L280 TraceCheckUtils]: 27: Hoare triple {5117#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~t~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5117#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~t~0.offset))} is VALID [2020-07-10 15:09:38,777 INFO L280 TraceCheckUtils]: 28: Hoare triple {5117#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~t~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:38,778 INFO L280 TraceCheckUtils]: 29: Hoare triple {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:38,779 INFO L280 TraceCheckUtils]: 30: Hoare triple {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:38,780 INFO L280 TraceCheckUtils]: 31: Hoare triple {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-10 15:09:38,781 INFO L280 TraceCheckUtils]: 32: Hoare triple {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-10 15:09:38,781 INFO L280 TraceCheckUtils]: 33: Hoare triple {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} assume !(2 == #t~mem36);havoc #t~mem36; {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-10 15:09:38,783 INFO L280 TraceCheckUtils]: 34: Hoare triple {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {5120#(or (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= |main_#t~mem38| 1))} is VALID [2020-07-10 15:09:38,786 INFO L280 TraceCheckUtils]: 35: Hoare triple {5120#(or (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= |main_#t~mem38| 1))} assume !(1 == #t~mem38);havoc #t~mem38; {5121#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:38,786 INFO L280 TraceCheckUtils]: 36: Hoare triple {5121#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {5122#(= |main_#t~mem40| 3)} is VALID [2020-07-10 15:09:38,787 INFO L280 TraceCheckUtils]: 37: Hoare triple {5122#(= |main_#t~mem40| 3)} assume 3 != #t~mem40;havoc #t~mem40; {5109#false} is VALID [2020-07-10 15:09:38,787 INFO L280 TraceCheckUtils]: 38: Hoare triple {5109#false} assume !false; {5109#false} is VALID [2020-07-10 15:09:38,790 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:38,790 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1356805577] [2020-07-10 15:09:38,790 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [834877414] [2020-07-10 15:09:38,790 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 8 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 8 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:38,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:38,919 INFO L264 TraceCheckSpWp]: Trace formula consists of 184 conjuncts, 38 conjunts are in the unsatisfiable core [2020-07-10 15:09:38,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:38,947 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-10 15:09:38,976 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-10 15:09:38,976 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:38,979 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:38,979 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:38,979 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2020-07-10 15:09:38,982 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:38,982 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_34|]. (= (store |v_#valid_34| main_~a~0.base 1) |#valid|) [2020-07-10 15:09:38,982 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 1 (select |#valid| main_~a~0.base)) [2020-07-10 15:09:39,062 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:39,062 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 39 [2020-07-10 15:09:39,063 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,098 INFO L624 ElimStorePlain]: treesize reduction 14, result has 69.6 percent of original size [2020-07-10 15:09:39,111 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-10 15:09:39,111 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,123 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:39,123 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,124 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:34, output treesize:28 [2020-07-10 15:09:39,128 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:39,128 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_50|, |v_#valid_35|]. (and (= main_~a~0.base main_~p~0.base) (= (store |v_#memory_int_50| main_~p~0.base (store (select |v_#memory_int_50| main_~p~0.base) main_~p~0.offset 1)) |#memory_int|) (= 0 (select |v_#valid_35| main_~t~0.base)) (= |#valid| (store |v_#valid_35| main_~t~0.base 1)) (= 1 (select |v_#valid_35| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-10 15:09:39,128 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-10 15:09:39,200 INFO L350 Elim1Store]: treesize reduction 27, result has 20.6 percent of original size [2020-07-10 15:09:39,201 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 27 treesize of output 11 [2020-07-10 15:09:39,203 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,211 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:39,212 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,212 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:41, output treesize:22 [2020-07-10 15:09:39,293 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:39,294 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 16 treesize of output 26 [2020-07-10 15:09:39,296 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,306 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:39,316 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 18 [2020-07-10 15:09:39,318 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,326 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:39,327 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,327 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:38, output treesize:27 [2020-07-10 15:09:39,330 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:39,331 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_52|, |v_#valid_36|]. (and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |v_#valid_36| main_~a~0.base)) (= 1 (select |v_#valid_36| main_~p~0.base)) (= |#memory_int| (store |v_#memory_int_52| main_~p~0.base (store (select |v_#memory_int_52| main_~p~0.base) main_~p~0.offset 2))) (= 0 (select |v_#valid_36| main_~t~0.base)) (= 1 (select (select |v_#memory_int_52| main_~a~0.base) main_~a~0.offset))) [2020-07-10 15:09:39,331 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base))) [2020-07-10 15:09:39,403 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[2, 1] term [2020-07-10 15:09:39,403 INFO L501 QuantifierPusher]: Distributing 1 conjuncts over 3 disjuncts [2020-07-10 15:09:39,458 INFO L350 Elim1Store]: treesize reduction 27, result has 20.6 percent of original size [2020-07-10 15:09:39,459 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 34 treesize of output 21 [2020-07-10 15:09:39,461 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,470 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:39,486 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2020-07-10 15:09:39,487 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:46, output treesize:27 [2020-07-10 15:09:39,610 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 28 [2020-07-10 15:09:39,612 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,625 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:39,644 INFO L544 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 1 dim-2 vars, End of recursive call: 4 dim-0 vars, and 1 xjuncts. [2020-07-10 15:09:39,644 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 5 variables, input treesize:38, output treesize:34 [2020-07-10 15:09:39,650 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:39,651 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_54|, v_main_~p~0.base_35, v_main_~p~0.offset_35, v_main_~p~0.base_34, v_main_~p~0.offset_34]. (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 2 (select (select |v_#memory_int_54| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (= (store |v_#memory_int_54| v_main_~p~0.base_35 (store (select |v_#memory_int_54| v_main_~p~0.base_35) v_main_~p~0.offset_35 3)) |#memory_int|) (= 1 (select (select |v_#memory_int_54| main_~p~0.base) main_~p~0.offset)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34))) [2020-07-10 15:09:39,651 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_35, v_main_~p~0.offset_35, v_main_~p~0.base_34, v_main_~p~0.offset_34]. (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34))) [2020-07-10 15:09:39,887 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 3 select indices, 3 select index equivalence classes, 3 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 13 [2020-07-10 15:09:39,889 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,898 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:39,904 INFO L544 ElimStorePlain]: Start of recursive call 1: 6 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:39,905 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 7 variables, input treesize:41, output treesize:3 [2020-07-10 15:09:39,911 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:39,912 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset, v_main_~p~0.base_34, v_main_~p~0.base_35, v_main_~p~0.offset_35, v_main_~p~0.offset_34]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= |main_#t~mem38| .cse0) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (= 1 .cse0) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) [2020-07-10 15:09:39,912 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem38| 1) [2020-07-10 15:09:39,938 INFO L263 TraceCheckUtils]: 0: Hoare triple {5108#true} call ULTIMATE.init(); {5108#true} is VALID [2020-07-10 15:09:39,938 INFO L280 TraceCheckUtils]: 1: Hoare triple {5108#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5108#true} is VALID [2020-07-10 15:09:39,938 INFO L280 TraceCheckUtils]: 2: Hoare triple {5108#true} assume true; {5108#true} is VALID [2020-07-10 15:09:39,939 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {5108#true} {5108#true} #225#return; {5108#true} is VALID [2020-07-10 15:09:39,939 INFO L263 TraceCheckUtils]: 4: Hoare triple {5108#true} call #t~ret41 := main(); {5108#true} is VALID [2020-07-10 15:09:39,939 INFO L280 TraceCheckUtils]: 5: Hoare triple {5108#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {5108#true} is VALID [2020-07-10 15:09:39,940 INFO L280 TraceCheckUtils]: 6: Hoare triple {5108#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {5108#true} is VALID [2020-07-10 15:09:39,940 INFO L280 TraceCheckUtils]: 7: Hoare triple {5108#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {5108#true} is VALID [2020-07-10 15:09:39,940 INFO L280 TraceCheckUtils]: 8: Hoare triple {5108#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {5108#true} is VALID [2020-07-10 15:09:39,940 INFO L280 TraceCheckUtils]: 9: Hoare triple {5108#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {5108#true} is VALID [2020-07-10 15:09:39,940 INFO L280 TraceCheckUtils]: 10: Hoare triple {5108#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {5108#true} is VALID [2020-07-10 15:09:39,941 INFO L280 TraceCheckUtils]: 11: Hoare triple {5108#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {5108#true} is VALID [2020-07-10 15:09:39,941 INFO L280 TraceCheckUtils]: 12: Hoare triple {5108#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {5108#true} is VALID [2020-07-10 15:09:39,941 INFO L280 TraceCheckUtils]: 13: Hoare triple {5108#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {5108#true} is VALID [2020-07-10 15:09:39,941 INFO L280 TraceCheckUtils]: 14: Hoare triple {5108#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {5108#true} is VALID [2020-07-10 15:09:39,941 INFO L280 TraceCheckUtils]: 15: Hoare triple {5108#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {5108#true} is VALID [2020-07-10 15:09:39,943 INFO L280 TraceCheckUtils]: 16: Hoare triple {5108#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {5175#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:39,943 INFO L280 TraceCheckUtils]: 17: Hoare triple {5175#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {5175#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-10 15:09:39,944 INFO L280 TraceCheckUtils]: 18: Hoare triple {5175#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5182#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:39,945 INFO L280 TraceCheckUtils]: 19: Hoare triple {5182#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5182#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:39,946 INFO L280 TraceCheckUtils]: 20: Hoare triple {5182#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet30);havoc #t~nondet30;call write~int(1, ~p~0.base, ~p~0.offset, 4);call #t~malloc31.base, #t~malloc31.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc31.base, #t~malloc31.offset; {5189#(and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:39,947 INFO L280 TraceCheckUtils]: 21: Hoare triple {5189#(and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5189#(and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-10 15:09:39,949 INFO L280 TraceCheckUtils]: 22: Hoare triple {5189#(and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem32.base, #t~mem32.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem32.base, #t~mem32.offset;havoc #t~mem32.base, #t~mem32.offset; {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:39,950 INFO L280 TraceCheckUtils]: 23: Hoare triple {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:39,950 INFO L280 TraceCheckUtils]: 24: Hoare triple {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:39,951 INFO L280 TraceCheckUtils]: 25: Hoare triple {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:39,953 INFO L280 TraceCheckUtils]: 26: Hoare triple {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5209#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:39,954 INFO L280 TraceCheckUtils]: 27: Hoare triple {5209#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5209#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:39,956 INFO L280 TraceCheckUtils]: 28: Hoare triple {5209#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} is VALID [2020-07-10 15:09:39,957 INFO L280 TraceCheckUtils]: 29: Hoare triple {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} is VALID [2020-07-10 15:09:39,958 INFO L280 TraceCheckUtils]: 30: Hoare triple {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} assume !(0 != #t~nondet33);havoc #t~nondet33; {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} is VALID [2020-07-10 15:09:39,963 INFO L280 TraceCheckUtils]: 31: Hoare triple {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-10 15:09:39,964 INFO L280 TraceCheckUtils]: 32: Hoare triple {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-10 15:09:39,965 INFO L280 TraceCheckUtils]: 33: Hoare triple {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} assume !(2 == #t~mem36);havoc #t~mem36; {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-10 15:09:39,965 INFO L280 TraceCheckUtils]: 34: Hoare triple {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {5236#(= |main_#t~mem38| 1)} is VALID [2020-07-10 15:09:39,966 INFO L280 TraceCheckUtils]: 35: Hoare triple {5236#(= |main_#t~mem38| 1)} assume !(1 == #t~mem38);havoc #t~mem38; {5109#false} is VALID [2020-07-10 15:09:39,966 INFO L280 TraceCheckUtils]: 36: Hoare triple {5109#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {5109#false} is VALID [2020-07-10 15:09:39,966 INFO L280 TraceCheckUtils]: 37: Hoare triple {5109#false} assume 3 != #t~mem40;havoc #t~mem40; {5109#false} is VALID [2020-07-10 15:09:39,967 INFO L280 TraceCheckUtils]: 38: Hoare triple {5109#false} assume !false; {5109#false} is VALID [2020-07-10 15:09:39,973 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:39,973 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-10 15:09:39,973 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 10] total 21 [2020-07-10 15:09:39,974 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1459937417] [2020-07-10 15:09:39,975 INFO L78 Accepts]: Start accepts. Automaton has 21 states. Word has length 39 [2020-07-10 15:09:39,975 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:39,975 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 21 states. [2020-07-10 15:09:40,065 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 63 edges. 63 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:40,065 INFO L459 AbstractCegarLoop]: Interpolant automaton has 21 states [2020-07-10 15:09:40,065 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:40,066 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 21 interpolants. [2020-07-10 15:09:40,066 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=55, Invalid=365, Unknown=0, NotChecked=0, Total=420 [2020-07-10 15:09:40,066 INFO L87 Difference]: Start difference. First operand 87 states and 114 transitions. Second operand 21 states. [2020-07-10 15:09:43,453 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:43,453 INFO L93 Difference]: Finished difference Result 125 states and 159 transitions. [2020-07-10 15:09:43,454 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 19 states. [2020-07-10 15:09:43,454 INFO L78 Accepts]: Start accepts. Automaton has 21 states. Word has length 39 [2020-07-10 15:09:43,454 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:43,454 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 21 states. [2020-07-10 15:09:43,456 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 19 states to 19 states and 123 transitions. [2020-07-10 15:09:43,456 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 21 states. [2020-07-10 15:09:43,458 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 19 states to 19 states and 123 transitions. [2020-07-10 15:09:43,458 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 19 states and 123 transitions. [2020-07-10 15:09:43,656 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 123 edges. 123 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:43,660 INFO L225 Difference]: With dead ends: 125 [2020-07-10 15:09:43,660 INFO L226 Difference]: Without dead ends: 119 [2020-07-10 15:09:43,661 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 66 GetRequests, 33 SyntacticMatches, 0 SemanticMatches, 33 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 191 ImplicationChecksByTransitivity, 0.9s TimeCoverageRelationStatistics Valid=195, Invalid=995, Unknown=0, NotChecked=0, Total=1190 [2020-07-10 15:09:43,661 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 119 states. [2020-07-10 15:09:43,698 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 119 to 95. [2020-07-10 15:09:43,699 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:43,699 INFO L82 GeneralOperation]: Start isEquivalent. First operand 119 states. Second operand 95 states. [2020-07-10 15:09:43,699 INFO L74 IsIncluded]: Start isIncluded. First operand 119 states. Second operand 95 states. [2020-07-10 15:09:43,699 INFO L87 Difference]: Start difference. First operand 119 states. Second operand 95 states. [2020-07-10 15:09:43,703 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:43,703 INFO L93 Difference]: Finished difference Result 119 states and 152 transitions. [2020-07-10 15:09:43,703 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 152 transitions. [2020-07-10 15:09:43,704 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:43,704 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:43,704 INFO L74 IsIncluded]: Start isIncluded. First operand 95 states. Second operand 119 states. [2020-07-10 15:09:43,705 INFO L87 Difference]: Start difference. First operand 95 states. Second operand 119 states. [2020-07-10 15:09:43,708 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:43,708 INFO L93 Difference]: Finished difference Result 119 states and 152 transitions. [2020-07-10 15:09:43,708 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 152 transitions. [2020-07-10 15:09:43,709 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:43,709 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:43,709 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:43,709 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:43,710 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 95 states. [2020-07-10 15:09:43,712 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 95 states to 95 states and 124 transitions. [2020-07-10 15:09:43,712 INFO L78 Accepts]: Start accepts. Automaton has 95 states and 124 transitions. Word has length 39 [2020-07-10 15:09:43,712 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:43,712 INFO L479 AbstractCegarLoop]: Abstraction has 95 states and 124 transitions. [2020-07-10 15:09:43,713 INFO L480 AbstractCegarLoop]: Interpolant automaton has 21 states. [2020-07-10 15:09:43,713 INFO L276 IsEmpty]: Start isEmpty. Operand 95 states and 124 transitions. [2020-07-10 15:09:43,713 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2020-07-10 15:09:43,713 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:43,714 INFO L422 BasicCegarLoop]: trace histogram [3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:43,928 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12,8 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:43,929 INFO L427 AbstractCegarLoop]: === Iteration 14 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:43,929 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:43,929 INFO L82 PathProgramCache]: Analyzing trace with hash -1233000963, now seen corresponding path program 3 times [2020-07-10 15:09:43,929 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:43,929 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [547565729] [2020-07-10 15:09:43,930 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:43,952 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:44,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:44,398 INFO L280 TraceCheckUtils]: 0: Hoare triple {5786#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5771#true} is VALID [2020-07-10 15:09:44,399 INFO L280 TraceCheckUtils]: 1: Hoare triple {5771#true} assume true; {5771#true} is VALID [2020-07-10 15:09:44,399 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {5771#true} {5771#true} #225#return; {5771#true} is VALID [2020-07-10 15:09:44,400 INFO L263 TraceCheckUtils]: 0: Hoare triple {5771#true} call ULTIMATE.init(); {5786#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-10 15:09:44,400 INFO L280 TraceCheckUtils]: 1: Hoare triple {5786#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5771#true} is VALID [2020-07-10 15:09:44,400 INFO L280 TraceCheckUtils]: 2: Hoare triple {5771#true} assume true; {5771#true} is VALID [2020-07-10 15:09:44,400 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {5771#true} {5771#true} #225#return; {5771#true} is VALID [2020-07-10 15:09:44,401 INFO L263 TraceCheckUtils]: 4: Hoare triple {5771#true} call #t~ret41 := main(); {5771#true} is VALID [2020-07-10 15:09:44,401 INFO L280 TraceCheckUtils]: 5: Hoare triple {5771#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {5771#true} is VALID [2020-07-10 15:09:44,401 INFO L280 TraceCheckUtils]: 6: Hoare triple {5771#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {5771#true} is VALID [2020-07-10 15:09:44,401 INFO L280 TraceCheckUtils]: 7: Hoare triple {5771#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {5771#true} is VALID [2020-07-10 15:09:44,401 INFO L280 TraceCheckUtils]: 8: Hoare triple {5771#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {5771#true} is VALID [2020-07-10 15:09:44,402 INFO L280 TraceCheckUtils]: 9: Hoare triple {5771#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {5771#true} is VALID [2020-07-10 15:09:44,402 INFO L280 TraceCheckUtils]: 10: Hoare triple {5771#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {5771#true} is VALID [2020-07-10 15:09:44,402 INFO L280 TraceCheckUtils]: 11: Hoare triple {5771#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {5771#true} is VALID [2020-07-10 15:09:44,402 INFO L280 TraceCheckUtils]: 12: Hoare triple {5771#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {5771#true} is VALID [2020-07-10 15:09:44,402 INFO L280 TraceCheckUtils]: 13: Hoare triple {5771#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {5771#true} is VALID [2020-07-10 15:09:44,403 INFO L280 TraceCheckUtils]: 14: Hoare triple {5771#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {5771#true} is VALID [2020-07-10 15:09:44,403 INFO L280 TraceCheckUtils]: 15: Hoare triple {5771#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {5771#true} is VALID [2020-07-10 15:09:44,404 INFO L280 TraceCheckUtils]: 16: Hoare triple {5771#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:44,404 INFO L280 TraceCheckUtils]: 17: Hoare triple {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:44,405 INFO L280 TraceCheckUtils]: 18: Hoare triple {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:44,405 INFO L280 TraceCheckUtils]: 19: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:44,406 INFO L280 TraceCheckUtils]: 20: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:44,407 INFO L280 TraceCheckUtils]: 21: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:44,408 INFO L280 TraceCheckUtils]: 22: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5778#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:44,408 INFO L280 TraceCheckUtils]: 23: Hoare triple {5778#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5778#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:44,410 INFO L280 TraceCheckUtils]: 24: Hoare triple {5778#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5779#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:44,410 INFO L280 TraceCheckUtils]: 25: Hoare triple {5779#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5779#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:44,412 INFO L280 TraceCheckUtils]: 26: Hoare triple {5779#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5780#(and (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.base)) main_~a~0.base) 4) main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~a~0.offset main_~t~0.offset) (= 0 main_~a~0.offset) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.offset)) main_~a~0.base) 4)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:44,413 INFO L280 TraceCheckUtils]: 27: Hoare triple {5780#(and (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.base)) main_~a~0.base) 4) main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~a~0.offset main_~t~0.offset) (= 0 main_~a~0.offset) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.offset)) main_~a~0.base) 4)) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5780#(and (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.base)) main_~a~0.base) 4) main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~a~0.offset main_~t~0.offset) (= 0 main_~a~0.offset) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.offset)) main_~a~0.base) 4)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:44,415 INFO L280 TraceCheckUtils]: 28: Hoare triple {5780#(and (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.base)) main_~a~0.base) 4) main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~a~0.offset main_~t~0.offset) (= 0 main_~a~0.offset) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.offset)) main_~a~0.base) 4)) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} is VALID [2020-07-10 15:09:44,416 INFO L280 TraceCheckUtils]: 29: Hoare triple {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} is VALID [2020-07-10 15:09:44,416 INFO L280 TraceCheckUtils]: 30: Hoare triple {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} assume !(0 != #t~nondet33);havoc #t~nondet33; {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} is VALID [2020-07-10 15:09:44,418 INFO L280 TraceCheckUtils]: 31: Hoare triple {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5782#(or (and (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4))))) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-10 15:09:44,418 INFO L280 TraceCheckUtils]: 32: Hoare triple {5782#(or (and (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4))))) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5783#(or (and (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4))))) (= |main_#t~mem36| 3))} is VALID [2020-07-10 15:09:44,419 INFO L280 TraceCheckUtils]: 33: Hoare triple {5783#(or (and (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4))))) (= |main_#t~mem36| 3))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {5784#(= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-10 15:09:44,420 INFO L280 TraceCheckUtils]: 34: Hoare triple {5784#(= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5785#(= |main_#t~mem36| 2)} is VALID [2020-07-10 15:09:44,420 INFO L280 TraceCheckUtils]: 35: Hoare triple {5785#(= |main_#t~mem36| 2)} assume !(2 == #t~mem36);havoc #t~mem36; {5772#false} is VALID [2020-07-10 15:09:44,420 INFO L280 TraceCheckUtils]: 36: Hoare triple {5772#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {5772#false} is VALID [2020-07-10 15:09:44,420 INFO L280 TraceCheckUtils]: 37: Hoare triple {5772#false} assume !(1 == #t~mem38);havoc #t~mem38; {5772#false} is VALID [2020-07-10 15:09:44,421 INFO L280 TraceCheckUtils]: 38: Hoare triple {5772#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {5772#false} is VALID [2020-07-10 15:09:44,421 INFO L280 TraceCheckUtils]: 39: Hoare triple {5772#false} assume 3 != #t~mem40;havoc #t~mem40; {5772#false} is VALID [2020-07-10 15:09:44,421 INFO L280 TraceCheckUtils]: 40: Hoare triple {5772#false} assume !false; {5772#false} is VALID [2020-07-10 15:09:44,427 INFO L134 CoverageAnalysis]: Checked inductivity of 11 backedges. 0 proven. 10 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:44,428 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [547565729] [2020-07-10 15:09:44,428 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [985604930] [2020-07-10 15:09:44,428 INFO L92 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 9 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 9 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-10 15:09:44,550 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 3 check-sat command(s) [2020-07-10 15:09:44,550 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2020-07-10 15:09:44,552 INFO L264 TraceCheckSpWp]: Trace formula consists of 192 conjuncts, 61 conjunts are in the unsatisfiable core [2020-07-10 15:09:44,569 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-10 15:09:44,572 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-10 15:09:44,601 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-10 15:09:44,601 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:44,605 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:44,606 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:44,606 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2020-07-10 15:09:44,609 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:44,609 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_37|]. (and (= 0 main_~a~0.offset) (= (store |v_#valid_37| main_~a~0.base 1) |#valid|)) [2020-07-10 15:09:44,609 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset)) [2020-07-10 15:09:44,659 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:44,660 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 39 [2020-07-10 15:09:44,662 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:44,695 INFO L624 ElimStorePlain]: treesize reduction 14, result has 63.2 percent of original size [2020-07-10 15:09:44,696 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:44,696 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:26, output treesize:24 [2020-07-10 15:09:44,700 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:44,701 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_38|]. (and (= |#valid| (store |v_#valid_38| main_~t~0.base 1)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |v_#valid_38| main_~p~0.base)) (= 0 (select |v_#valid_38| main_~t~0.base))) [2020-07-10 15:09:44,701 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base))) [2020-07-10 15:09:44,772 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-10 15:09:44,772 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:44,792 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:44,803 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-10 15:09:44,803 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:44,821 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:44,823 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:44,823 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:54, output treesize:40 [2020-07-10 15:09:44,828 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:44,828 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_55|, main_~t~0.base, |v_#memory_$Pointer$.offset_48|, main_~t~0.offset]. (and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= (store |v_#memory_$Pointer$.base_55| main_~a~0.base (store (select |v_#memory_$Pointer$.base_55| main_~a~0.base) 4 main_~t~0.base)) |#memory_$Pointer$.base|) (= (store |v_#memory_$Pointer$.offset_48| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_48| main_~a~0.base) 4 main_~t~0.offset)) |#memory_$Pointer$.offset|) (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset)) [2020-07-10 15:09:44,828 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (and (not (= main_~a~0.base .cse0)) (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset) (= main_~p~0.base .cse0) (= 1 (select |#valid| .cse0)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))) [2020-07-10 15:09:44,917 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:44,917 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 20 treesize of output 30 [2020-07-10 15:09:44,920 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:44,946 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:44,948 INFO L440 ElimStorePlain]: Different costs {0=[|v_#memory_int_55|], 2=[|v_#memory_$Pointer$.base_56|, |v_#memory_$Pointer$.offset_49|]} [2020-07-10 15:09:44,955 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-10 15:09:44,956 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:44,983 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:45,012 INFO L350 Elim1Store]: treesize reduction 21, result has 41.7 percent of original size [2020-07-10 15:09:45,013 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 39 treesize of output 27 [2020-07-10 15:09:45,015 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:45,060 INFO L624 ElimStorePlain]: treesize reduction 8, result has 87.3 percent of original size [2020-07-10 15:09:45,069 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 11 [2020-07-10 15:09:45,071 INFO L544 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:45,088 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:45,089 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:45,089 INFO L244 ElimStorePlain]: Needed 5 recursive calls to eliminate 4 variables, input treesize:89, output treesize:40 [2020-07-10 15:09:47,095 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:47,096 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.offset_49|, |v_#valid_39|, |v_#memory_$Pointer$.base_56|, |v_#memory_int_55|]. (let ((.cse0 (select (select |v_#memory_$Pointer$.base_56| main_~a~0.base) 4))) (and (= 0 (select |v_#valid_39| main_~t~0.base)) (= (store |v_#memory_$Pointer$.offset_49| main_~p~0.base (store (select |v_#memory_$Pointer$.offset_49| main_~p~0.base) main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset))) |#memory_$Pointer$.offset|) (= 1 (select |v_#valid_39| main_~a~0.base)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_56| main_~p~0.base (store (select |v_#memory_$Pointer$.base_56| main_~p~0.base) main_~p~0.offset (select (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset)))) (= |#memory_int| (store |v_#memory_int_55| main_~p~0.base (store (select |v_#memory_int_55| main_~p~0.base) main_~p~0.offset 2))) (= main_~p~0.base .cse0) (= 0 main_~a~0.offset) (= 1 (select |v_#valid_39| .cse0)) (not (= main_~a~0.base .cse0)) (= main_~p~0.offset (select (select |v_#memory_$Pointer$.offset_49| main_~a~0.base) 4)) (= 0 main_~t~0.offset))) [2020-07-10 15:09:47,096 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= 0 main_~t~0.offset)) [2020-07-10 15:09:47,216 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:47,217 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 155 treesize of output 149 [2020-07-10 15:09:47,223 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[10, 3, 2, 1] term [2020-07-10 15:09:47,224 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 10 disjuncts [2020-07-10 15:09:47,228 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:47,290 INFO L624 ElimStorePlain]: treesize reduction 26, result has 85.6 percent of original size [2020-07-10 15:09:47,298 INFO L190 IndexEqualityManager]: detected not equals via solver [2020-07-10 15:09:47,300 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 55 treesize of output 19 [2020-07-10 15:09:47,301 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:47,322 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:47,331 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 92 treesize of output 74 [2020-07-10 15:09:47,344 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:47,364 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:47,366 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:47,366 INFO L244 ElimStorePlain]: Needed 4 recursive calls to eliminate 4 variables, input treesize:162, output treesize:118 [2020-07-10 15:09:47,381 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:47,381 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_57|, |v_#memory_$Pointer$.offset_50|, main_~t~0.base, |v_#memory_int_56|]. (let ((.cse0 (select (select |v_#memory_$Pointer$.base_57| main_~a~0.base) 4)) (.cse3 (select (select |v_#memory_$Pointer$.offset_50| main_~a~0.base) 4))) (let ((.cse1 (+ .cse3 4)) (.cse2 (select |v_#memory_int_56| .cse0))) (and (not (= main_~t~0.base main_~a~0.base)) (= (select (select |#memory_$Pointer$.offset| .cse0) .cse1) main_~p~0.offset) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_57| .cse0 (store (select |v_#memory_$Pointer$.base_57| .cse0) .cse1 main_~t~0.base))) (not (= main_~a~0.base .cse0)) (not (= main_~t~0.base .cse0)) (= |#memory_int| (store |v_#memory_int_56| .cse0 (store .cse2 .cse1 (select (select |#memory_int| .cse0) .cse1)))) (= 0 main_~a~0.offset) (= |#memory_$Pointer$.offset| (store |v_#memory_$Pointer$.offset_50| .cse0 (store (select |v_#memory_$Pointer$.offset_50| .cse0) .cse1 0))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| .cse0) .cse1)) (= 2 (select .cse2 .cse3))))) [2020-07-10 15:09:47,381 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse3 (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (let ((.cse2 (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (.cse4 (+ .cse3 4))) (let ((.cse1 (select (select |#memory_$Pointer$.base| .cse2) .cse4)) (.cse0 (select (select |#memory_$Pointer$.offset| .cse2) .cse4))) (and (= 0 .cse0) (= .cse1 main_~p~0.base) (not (= main_~a~0.base .cse2)) (= 2 (select (select |#memory_int| .cse2) .cse3)) (not (= .cse1 .cse2)) (= 0 main_~a~0.offset) (not (= .cse1 main_~a~0.base)) (= main_~p~0.offset .cse0))))) [2020-07-10 15:09:47,488 INFO L440 ElimStorePlain]: Different costs {2=[|v_#memory_int_57|], 6=[|v_#memory_$Pointer$.base_58|, |v_#memory_$Pointer$.offset_51|]} [2020-07-10 15:09:47,500 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 69 treesize of output 54 [2020-07-10 15:09:47,501 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:47,528 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:47,581 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:47,582 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 5 new quantified variables, introduced 3 case distinctions, treesize of input 286 treesize of output 261 [2020-07-10 15:09:47,601 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[9, 3, 2, 1] term [2020-07-10 15:09:47,601 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 9 disjuncts [2020-07-10 15:09:47,606 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 11 disjuncts [2020-07-10 15:09:47,615 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:47,669 INFO L624 ElimStorePlain]: treesize reduction 212, result has 49.0 percent of original size [2020-07-10 15:09:47,716 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:47,717 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 5 new quantified variables, introduced 2 case distinctions, treesize of input 193 treesize of output 212 [2020-07-10 15:09:47,741 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:47,779 INFO L624 ElimStorePlain]: treesize reduction 100, result has 51.2 percent of original size [2020-07-10 15:09:47,779 INFO L544 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:47,780 INFO L244 ElimStorePlain]: Needed 4 recursive calls to eliminate 3 variables, input treesize:307, output treesize:105 [2020-07-10 15:09:47,941 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:47,942 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 3 new quantified variables, introduced 1 case distinctions, treesize of input 109 treesize of output 68 [2020-07-10 15:09:47,953 INFO L501 QuantifierPusher]: Distributing 3 conjuncts over 4 disjuncts [2020-07-10 15:09:47,965 INFO L501 QuantifierPusher]: Distributing 3 conjuncts over 4 disjuncts [2020-07-10 15:09:47,970 INFO L544 ElimStorePlain]: Start of recursive call 2: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2020-07-10 15:09:48,007 INFO L624 ElimStorePlain]: treesize reduction 22, result has 71.1 percent of original size [2020-07-10 15:09:48,013 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 3 new quantified variables, introduced 0 case distinctions, treesize of input 32 treesize of output 19 [2020-07-10 15:09:48,015 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:48,026 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:48,031 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2020-07-10 15:09:48,032 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:123, output treesize:30 [2020-07-10 15:09:48,037 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:48,037 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_39, |#memory_$Pointer$.offset|]. (let ((.cse0 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_39) 4))) (let ((.cse2 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_39) 4)) (.cse3 (+ .cse0 4))) (let ((.cse1 (select (select |#memory_$Pointer$.base| .cse2) .cse3))) (and (<= (select (select |#memory_int| v_main_~p~0.base_39) 0) 2) (= main_~p~0.offset .cse0) (not (= v_main_~p~0.base_39 .cse1)) (= main_~p~0.base .cse2) (= 2 (select (select |#memory_int| .cse2) .cse0)) (not (= .cse1 .cse2)) (= 0 (select (select |#memory_$Pointer$.offset| .cse2) .cse3)) (= (select (select |#memory_int| .cse1) 0) 3) (not (= v_main_~p~0.base_39 .cse2)))))) [2020-07-10 15:09:48,037 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_39, v_arrayElimCell_78]. (and (not (= v_main_~p~0.base_39 main_~p~0.base)) (<= (select (select |#memory_int| v_main_~p~0.base_39) 0) 2) (not (= main_~p~0.base v_arrayElimCell_78)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| v_arrayElimCell_78) 0))) [2020-07-10 15:09:48,144 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:48,145 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 3 select indices, 3 select index equivalence classes, 2 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 1 case distinctions, treesize of input 29 treesize of output 21 [2020-07-10 15:09:48,148 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 2 disjuncts [2020-07-10 15:09:48,149 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-10 15:09:48,156 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-10 15:09:48,160 INFO L544 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-10 15:09:48,160 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 5 variables, input treesize:37, output treesize:3 [2020-07-10 15:09:48,167 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-10 15:09:48,168 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset, v_main_~p~0.base_39, v_arrayElimCell_78]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (<= (select (select |#memory_int| v_main_~p~0.base_39) 0) 2) (not (= v_main_~p~0.base_39 main_~p~0.base)) (= |main_#t~mem36| .cse0) (= 2 .cse0) (not (= main_~p~0.base v_arrayElimCell_78)) (= 3 (select (select |#memory_int| v_arrayElimCell_78) 0)))) [2020-07-10 15:09:48,168 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem36| 2) [2020-07-10 15:09:48,172 INFO L263 TraceCheckUtils]: 0: Hoare triple {5771#true} call ULTIMATE.init(); {5771#true} is VALID [2020-07-10 15:09:48,172 INFO L280 TraceCheckUtils]: 1: Hoare triple {5771#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5771#true} is VALID [2020-07-10 15:09:48,172 INFO L280 TraceCheckUtils]: 2: Hoare triple {5771#true} assume true; {5771#true} is VALID [2020-07-10 15:09:48,173 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {5771#true} {5771#true} #225#return; {5771#true} is VALID [2020-07-10 15:09:48,173 INFO L263 TraceCheckUtils]: 4: Hoare triple {5771#true} call #t~ret41 := main(); {5771#true} is VALID [2020-07-10 15:09:48,173 INFO L280 TraceCheckUtils]: 5: Hoare triple {5771#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {5771#true} is VALID [2020-07-10 15:09:48,173 INFO L280 TraceCheckUtils]: 6: Hoare triple {5771#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {5771#true} is VALID [2020-07-10 15:09:48,173 INFO L280 TraceCheckUtils]: 7: Hoare triple {5771#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {5771#true} is VALID [2020-07-10 15:09:48,173 INFO L280 TraceCheckUtils]: 8: Hoare triple {5771#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {5771#true} is VALID [2020-07-10 15:09:48,174 INFO L280 TraceCheckUtils]: 9: Hoare triple {5771#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {5771#true} is VALID [2020-07-10 15:09:48,174 INFO L280 TraceCheckUtils]: 10: Hoare triple {5771#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {5771#true} is VALID [2020-07-10 15:09:48,174 INFO L280 TraceCheckUtils]: 11: Hoare triple {5771#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {5771#true} is VALID [2020-07-10 15:09:48,174 INFO L280 TraceCheckUtils]: 12: Hoare triple {5771#true} assume !#t~short24;havoc #t~mem22.base, #t~mem22.offset;havoc #t~short24;havoc #t~mem23.base, #t~mem23.offset; {5771#true} is VALID [2020-07-10 15:09:48,174 INFO L280 TraceCheckUtils]: 13: Hoare triple {5771#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {5771#true} is VALID [2020-07-10 15:09:48,174 INFO L280 TraceCheckUtils]: 14: Hoare triple {5771#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {5771#true} is VALID [2020-07-10 15:09:48,174 INFO L280 TraceCheckUtils]: 15: Hoare triple {5771#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {5771#true} is VALID [2020-07-10 15:09:48,175 INFO L280 TraceCheckUtils]: 16: Hoare triple {5771#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:48,176 INFO L280 TraceCheckUtils]: 17: Hoare triple {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-10 15:09:48,177 INFO L280 TraceCheckUtils]: 18: Hoare triple {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:48,177 INFO L280 TraceCheckUtils]: 19: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:48,178 INFO L280 TraceCheckUtils]: 20: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:48,179 INFO L280 TraceCheckUtils]: 21: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-10 15:09:48,180 INFO L280 TraceCheckUtils]: 22: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5856#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:48,181 INFO L280 TraceCheckUtils]: 23: Hoare triple {5856#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5856#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-10 15:09:48,182 INFO L280 TraceCheckUtils]: 24: Hoare triple {5856#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5863#(and (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 1 (select |#valid| main_~a~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:48,183 INFO L280 TraceCheckUtils]: 25: Hoare triple {5863#(and (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 1 (select |#valid| main_~a~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5863#(and (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 1 (select |#valid| main_~a~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-10 15:09:48,185 INFO L280 TraceCheckUtils]: 26: Hoare triple {5863#(and (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 1 (select |#valid| main_~a~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5870#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= 0 main_~t~0.offset))} is VALID [2020-07-10 15:09:48,186 INFO L280 TraceCheckUtils]: 27: Hoare triple {5870#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= 0 main_~t~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5870#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= 0 main_~t~0.offset))} is VALID [2020-07-10 15:09:48,189 INFO L280 TraceCheckUtils]: 28: Hoare triple {5870#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= 0 main_~t~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} is VALID [2020-07-10 15:09:48,190 INFO L280 TraceCheckUtils]: 29: Hoare triple {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} is VALID [2020-07-10 15:09:48,191 INFO L280 TraceCheckUtils]: 30: Hoare triple {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} assume !(0 != #t~nondet33);havoc #t~nondet33; {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} is VALID [2020-07-10 15:09:48,194 INFO L280 TraceCheckUtils]: 31: Hoare triple {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5887#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) 0)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) main_~p~0.base)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~p~0.base) 4))))} is VALID [2020-07-10 15:09:48,195 INFO L280 TraceCheckUtils]: 32: Hoare triple {5887#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) 0)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) main_~p~0.base)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~p~0.base) 4))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5891#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (<= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem36|) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) 0)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) main_~p~0.base)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~p~0.base) 4))))} is VALID [2020-07-10 15:09:48,197 INFO L280 TraceCheckUtils]: 33: Hoare triple {5891#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (<= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem36|) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) 0)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) main_~p~0.base)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~p~0.base) 4))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {5895#(and (exists ((v_arrayElimCell_78 Int)) (and (not (= main_~p~0.base v_arrayElimCell_78)) (= 3 (select (select |#memory_int| v_arrayElimCell_78) 0)))) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_39 Int)) (and (not (= v_main_~p~0.base_39 main_~p~0.base)) (<= (select (select |#memory_int| v_main_~p~0.base_39) 0) 2))))} is VALID [2020-07-10 15:09:48,198 INFO L280 TraceCheckUtils]: 34: Hoare triple {5895#(and (exists ((v_arrayElimCell_78 Int)) (and (not (= main_~p~0.base v_arrayElimCell_78)) (= 3 (select (select |#memory_int| v_arrayElimCell_78) 0)))) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_39 Int)) (and (not (= v_main_~p~0.base_39 main_~p~0.base)) (<= (select (select |#memory_int| v_main_~p~0.base_39) 0) 2))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5785#(= |main_#t~mem36| 2)} is VALID [2020-07-10 15:09:48,199 INFO L280 TraceCheckUtils]: 35: Hoare triple {5785#(= |main_#t~mem36| 2)} assume !(2 == #t~mem36);havoc #t~mem36; {5772#false} is VALID [2020-07-10 15:09:48,199 INFO L280 TraceCheckUtils]: 36: Hoare triple {5772#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {5772#false} is VALID [2020-07-10 15:09:48,199 INFO L280 TraceCheckUtils]: 37: Hoare triple {5772#false} assume !(1 == #t~mem38);havoc #t~mem38; {5772#false} is VALID [2020-07-10 15:09:48,200 INFO L280 TraceCheckUtils]: 38: Hoare triple {5772#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {5772#false} is VALID [2020-07-10 15:09:48,200 INFO L280 TraceCheckUtils]: 39: Hoare triple {5772#false} assume 3 != #t~mem40;havoc #t~mem40; {5772#false} is VALID [2020-07-10 15:09:48,200 INFO L280 TraceCheckUtils]: 40: Hoare triple {5772#false} assume !false; {5772#false} is VALID [2020-07-10 15:09:48,208 INFO L134 CoverageAnalysis]: Checked inductivity of 11 backedges. 0 proven. 10 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-10 15:09:48,208 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-10 15:09:48,209 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 12] total 20 [2020-07-10 15:09:48,209 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1259097693] [2020-07-10 15:09:48,209 INFO L78 Accepts]: Start accepts. Automaton has 20 states. Word has length 41 [2020-07-10 15:09:48,210 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-10 15:09:48,210 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 20 states. [2020-07-10 15:09:48,292 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 56 edges. 56 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:48,292 INFO L459 AbstractCegarLoop]: Interpolant automaton has 20 states [2020-07-10 15:09:48,293 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-10 15:09:48,293 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 20 interpolants. [2020-07-10 15:09:48,293 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=56, Invalid=324, Unknown=0, NotChecked=0, Total=380 [2020-07-10 15:09:48,294 INFO L87 Difference]: Start difference. First operand 95 states and 124 transitions. Second operand 20 states. [2020-07-10 15:09:51,878 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:51,878 INFO L93 Difference]: Finished difference Result 122 states and 154 transitions. [2020-07-10 15:09:51,878 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2020-07-10 15:09:51,878 INFO L78 Accepts]: Start accepts. Automaton has 20 states. Word has length 41 [2020-07-10 15:09:51,878 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-10 15:09:51,879 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 20 states. [2020-07-10 15:09:51,880 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 16 states to 16 states and 117 transitions. [2020-07-10 15:09:51,881 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 20 states. [2020-07-10 15:09:51,882 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 16 states to 16 states and 117 transitions. [2020-07-10 15:09:51,882 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 16 states and 117 transitions. [2020-07-10 15:09:52,061 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 117 edges. 117 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-10 15:09:52,063 INFO L225 Difference]: With dead ends: 122 [2020-07-10 15:09:52,064 INFO L226 Difference]: Without dead ends: 116 [2020-07-10 15:09:52,064 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 64 GetRequests, 36 SyntacticMatches, 1 SemanticMatches, 27 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 134 ImplicationChecksByTransitivity, 1.0s TimeCoverageRelationStatistics Valid=123, Invalid=689, Unknown=0, NotChecked=0, Total=812 [2020-07-10 15:09:52,065 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 116 states. [2020-07-10 15:09:52,133 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 116 to 100. [2020-07-10 15:09:52,134 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-10 15:09:52,134 INFO L82 GeneralOperation]: Start isEquivalent. First operand 116 states. Second operand 100 states. [2020-07-10 15:09:52,134 INFO L74 IsIncluded]: Start isIncluded. First operand 116 states. Second operand 100 states. [2020-07-10 15:09:52,134 INFO L87 Difference]: Start difference. First operand 116 states. Second operand 100 states. [2020-07-10 15:09:52,137 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:52,137 INFO L93 Difference]: Finished difference Result 116 states and 147 transitions. [2020-07-10 15:09:52,137 INFO L276 IsEmpty]: Start isEmpty. Operand 116 states and 147 transitions. [2020-07-10 15:09:52,138 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:52,138 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:52,138 INFO L74 IsIncluded]: Start isIncluded. First operand 100 states. Second operand 116 states. [2020-07-10 15:09:52,138 INFO L87 Difference]: Start difference. First operand 100 states. Second operand 116 states. [2020-07-10 15:09:52,142 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-10 15:09:52,142 INFO L93 Difference]: Finished difference Result 116 states and 147 transitions. [2020-07-10 15:09:52,142 INFO L276 IsEmpty]: Start isEmpty. Operand 116 states and 147 transitions. [2020-07-10 15:09:52,143 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-10 15:09:52,143 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-10 15:09:52,143 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-10 15:09:52,143 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-10 15:09:52,143 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 100 states. [2020-07-10 15:09:52,146 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 100 states to 100 states and 130 transitions. [2020-07-10 15:09:52,146 INFO L78 Accepts]: Start accepts. Automaton has 100 states and 130 transitions. Word has length 41 [2020-07-10 15:09:52,147 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-10 15:09:52,147 INFO L479 AbstractCegarLoop]: Abstraction has 100 states and 130 transitions. [2020-07-10 15:09:52,147 INFO L480 AbstractCegarLoop]: Interpolant automaton has 20 states. [2020-07-10 15:09:52,147 INFO L276 IsEmpty]: Start isEmpty. Operand 100 states and 130 transitions. [2020-07-10 15:09:52,148 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2020-07-10 15:09:52,148 INFO L414 BasicCegarLoop]: Found error trace [2020-07-10 15:09:52,148 INFO L422 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-10 15:09:52,363 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable13 [2020-07-10 15:09:52,364 INFO L427 AbstractCegarLoop]: === Iteration 15 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-10 15:09:52,364 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-10 15:09:52,364 INFO L82 PathProgramCache]: Analyzing trace with hash -2006936899, now seen corresponding path program 1 times [2020-07-10 15:09:52,364 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-10 15:09:52,365 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1009488701] [2020-07-10 15:09:52,365 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-10 15:09:52,390 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2020-07-10 15:09:52,417 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2020-07-10 15:09:52,458 INFO L174 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2020-07-10 15:09:52,458 INFO L520 BasicCegarLoop]: Counterexample might be feasible [2020-07-10 15:09:52,458 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable14 [2020-07-10 15:09:52,550 WARN L170 areAnnotationChecker]: ULTIMATE.initENTRY has no Hoare annotation [2020-07-10 15:09:52,550 WARN L170 areAnnotationChecker]: myexitENTRY has no Hoare annotation [2020-07-10 15:09:52,550 WARN L170 areAnnotationChecker]: __bswap_32ENTRY has no Hoare annotation [2020-07-10 15:09:52,550 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2020-07-10 15:09:52,551 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2020-07-10 15:09:52,551 WARN L170 areAnnotationChecker]: __bswap_64ENTRY has no Hoare annotation [2020-07-10 15:09:52,551 WARN L170 areAnnotationChecker]: mainENTRY has no Hoare annotation [2020-07-10 15:09:52,551 WARN L170 areAnnotationChecker]: ULTIMATE.initFINAL has no Hoare annotation [2020-07-10 15:09:52,551 WARN L170 areAnnotationChecker]: L530 has no Hoare annotation [2020-07-10 15:09:52,551 WARN L170 areAnnotationChecker]: __bswap_32FINAL has no Hoare annotation [2020-07-10 15:09:52,552 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2020-07-10 15:09:52,552 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2020-07-10 15:09:52,552 WARN L170 areAnnotationChecker]: __bswap_64FINAL has no Hoare annotation [2020-07-10 15:09:52,552 WARN L170 areAnnotationChecker]: L557-4 has no Hoare annotation [2020-07-10 15:09:52,552 WARN L170 areAnnotationChecker]: L557-4 has no Hoare annotation [2020-07-10 15:09:52,552 WARN L170 areAnnotationChecker]: ULTIMATE.initEXIT has no Hoare annotation [2020-07-10 15:09:52,553 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2020-07-10 15:09:52,553 WARN L170 areAnnotationChecker]: L544-3 has no Hoare annotation [2020-07-10 15:09:52,553 WARN L170 areAnnotationChecker]: L544-1 has no Hoare annotation [2020-07-10 15:09:52,553 WARN L170 areAnnotationChecker]: L544-1 has no Hoare annotation [2020-07-10 15:09:52,553 WARN L170 areAnnotationChecker]: L565-2 has no Hoare annotation [2020-07-10 15:09:52,554 WARN L170 areAnnotationChecker]: L565-2 has no Hoare annotation [2020-07-10 15:09:52,554 WARN L170 areAnnotationChecker]: L565-2 has no Hoare annotation [2020-07-10 15:09:52,554 WARN L170 areAnnotationChecker]: L547-2 has no Hoare annotation [2020-07-10 15:09:52,554 WARN L170 areAnnotationChecker]: L547-2 has no Hoare annotation [2020-07-10 15:09:52,554 WARN L170 areAnnotationChecker]: L565-3 has no Hoare annotation [2020-07-10 15:09:52,554 WARN L170 areAnnotationChecker]: L570-2 has no Hoare annotation [2020-07-10 15:09:52,555 WARN L170 areAnnotationChecker]: L570-2 has no Hoare annotation [2020-07-10 15:09:52,555 WARN L170 areAnnotationChecker]: L546-5 has no Hoare annotation [2020-07-10 15:09:52,555 WARN L170 areAnnotationChecker]: L546-1 has no Hoare annotation [2020-07-10 15:09:52,555 WARN L170 areAnnotationChecker]: L546-1 has no Hoare annotation [2020-07-10 15:09:52,555 WARN L170 areAnnotationChecker]: L585 has no Hoare annotation [2020-07-10 15:09:52,556 WARN L170 areAnnotationChecker]: L585 has no Hoare annotation [2020-07-10 15:09:52,556 WARN L170 areAnnotationChecker]: L568-5 has no Hoare annotation [2020-07-10 15:09:52,556 WARN L170 areAnnotationChecker]: L568-5 has no Hoare annotation [2020-07-10 15:09:52,556 WARN L170 areAnnotationChecker]: L568-1 has no Hoare annotation [2020-07-10 15:09:52,556 WARN L170 areAnnotationChecker]: L568-1 has no Hoare annotation [2020-07-10 15:09:52,556 WARN L170 areAnnotationChecker]: L552 has no Hoare annotation [2020-07-10 15:09:52,557 WARN L170 areAnnotationChecker]: L552 has no Hoare annotation [2020-07-10 15:09:52,557 WARN L170 areAnnotationChecker]: L546-3 has no Hoare annotation [2020-07-10 15:09:52,557 WARN L170 areAnnotationChecker]: L546-3 has no Hoare annotation [2020-07-10 15:09:52,557 WARN L170 areAnnotationChecker]: L585-1 has no Hoare annotation [2020-07-10 15:09:52,557 WARN L170 areAnnotationChecker]: L585-1 has no Hoare annotation [2020-07-10 15:09:52,557 WARN L170 areAnnotationChecker]: L585-3 has no Hoare annotation [2020-07-10 15:09:52,558 WARN L170 areAnnotationChecker]: L576 has no Hoare annotation [2020-07-10 15:09:52,558 WARN L170 areAnnotationChecker]: L576 has no Hoare annotation [2020-07-10 15:09:52,558 WARN L170 areAnnotationChecker]: L575 has no Hoare annotation [2020-07-10 15:09:52,558 WARN L170 areAnnotationChecker]: L568-3 has no Hoare annotation [2020-07-10 15:09:52,558 WARN L170 areAnnotationChecker]: L568-3 has no Hoare annotation [2020-07-10 15:09:52,558 WARN L170 areAnnotationChecker]: L552-2 has no Hoare annotation [2020-07-10 15:09:52,559 WARN L170 areAnnotationChecker]: L552-2 has no Hoare annotation [2020-07-10 15:09:52,559 WARN L170 areAnnotationChecker]: L547 has no Hoare annotation [2020-07-10 15:09:52,559 WARN L170 areAnnotationChecker]: L547 has no Hoare annotation [2020-07-10 15:09:52,559 WARN L170 areAnnotationChecker]: L588-3 has no Hoare annotation [2020-07-10 15:09:52,559 WARN L170 areAnnotationChecker]: L588-3 has no Hoare annotation [2020-07-10 15:09:52,560 WARN L170 areAnnotationChecker]: L570 has no Hoare annotation [2020-07-10 15:09:52,560 WARN L170 areAnnotationChecker]: L570 has no Hoare annotation [2020-07-10 15:09:52,560 WARN L170 areAnnotationChecker]: L552-4 has no Hoare annotation [2020-07-10 15:09:52,560 WARN L170 areAnnotationChecker]: L595-2 has no Hoare annotation [2020-07-10 15:09:52,560 WARN L170 areAnnotationChecker]: L595-2 has no Hoare annotation [2020-07-10 15:09:52,560 WARN L170 areAnnotationChecker]: L588-1 has no Hoare annotation [2020-07-10 15:09:52,561 WARN L170 areAnnotationChecker]: L588-1 has no Hoare annotation [2020-07-10 15:09:52,561 WARN L170 areAnnotationChecker]: L557 has no Hoare annotation [2020-07-10 15:09:52,561 WARN L170 areAnnotationChecker]: L557 has no Hoare annotation [2020-07-10 15:09:52,561 WARN L170 areAnnotationChecker]: L595-3 has no Hoare annotation [2020-07-10 15:09:52,561 WARN L170 areAnnotationChecker]: L595 has no Hoare annotation [2020-07-10 15:09:52,561 WARN L170 areAnnotationChecker]: L595 has no Hoare annotation [2020-07-10 15:09:52,562 WARN L170 areAnnotationChecker]: L591 has no Hoare annotation [2020-07-10 15:09:52,562 WARN L170 areAnnotationChecker]: L591 has no Hoare annotation [2020-07-10 15:09:52,562 WARN L170 areAnnotationChecker]: L557-2 has no Hoare annotation [2020-07-10 15:09:52,562 WARN L170 areAnnotationChecker]: L557-2 has no Hoare annotation [2020-07-10 15:09:52,562 WARN L170 areAnnotationChecker]: L604-3 has no Hoare annotation [2020-07-10 15:09:52,562 WARN L170 areAnnotationChecker]: L604-3 has no Hoare annotation [2020-07-10 15:09:52,563 WARN L170 areAnnotationChecker]: L598 has no Hoare annotation [2020-07-10 15:09:52,563 WARN L170 areAnnotationChecker]: L598 has no Hoare annotation [2020-07-10 15:09:52,563 WARN L170 areAnnotationChecker]: L591-1 has no Hoare annotation [2020-07-10 15:09:52,563 WARN L170 areAnnotationChecker]: L591-1 has no Hoare annotation [2020-07-10 15:09:52,563 WARN L170 areAnnotationChecker]: L591-3 has no Hoare annotation [2020-07-10 15:09:52,564 WARN L170 areAnnotationChecker]: L606-2 has no Hoare annotation [2020-07-10 15:09:52,564 WARN L170 areAnnotationChecker]: L606-2 has no Hoare annotation [2020-07-10 15:09:52,564 WARN L170 areAnnotationChecker]: L604-1 has no Hoare annotation [2020-07-10 15:09:52,564 WARN L170 areAnnotationChecker]: L604-1 has no Hoare annotation [2020-07-10 15:09:52,564 WARN L170 areAnnotationChecker]: L598-1 has no Hoare annotation [2020-07-10 15:09:52,564 WARN L170 areAnnotationChecker]: L598-1 has no Hoare annotation [2020-07-10 15:09:52,565 WARN L170 areAnnotationChecker]: L598-3 has no Hoare annotation [2020-07-10 15:09:52,565 WARN L170 areAnnotationChecker]: L606-3 has no Hoare annotation [2020-07-10 15:09:52,565 WARN L170 areAnnotationChecker]: L606 has no Hoare annotation [2020-07-10 15:09:52,565 WARN L170 areAnnotationChecker]: L606 has no Hoare annotation [2020-07-10 15:09:52,565 WARN L170 areAnnotationChecker]: L608 has no Hoare annotation [2020-07-10 15:09:52,565 WARN L170 areAnnotationChecker]: L608 has no Hoare annotation [2020-07-10 15:09:52,566 WARN L170 areAnnotationChecker]: L609 has no Hoare annotation [2020-07-10 15:09:52,566 WARN L170 areAnnotationChecker]: L609 has no Hoare annotation [2020-07-10 15:09:52,566 WARN L170 areAnnotationChecker]: L608-2 has no Hoare annotation [2020-07-10 15:09:52,566 WARN L170 areAnnotationChecker]: mainFINAL has no Hoare annotation [2020-07-10 15:09:52,566 WARN L170 areAnnotationChecker]: mainEXIT has no Hoare annotation [2020-07-10 15:09:52,567 INFO L163 areAnnotationChecker]: CFG has 0 edges. 0 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2020-07-10 15:09:52,573 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 10.07 03:09:52 BoogieIcfgContainer [2020-07-10 15:09:52,574 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2020-07-10 15:09:52,577 INFO L168 Benchmark]: Toolchain (without parser) took 40930.69 ms. Allocated memory was 135.8 MB in the beginning and 525.3 MB in the end (delta: 389.5 MB). Free memory was 98.6 MB in the beginning and 388.7 MB in the end (delta: -290.1 MB). Peak memory consumption was 99.4 MB. Max. memory is 7.1 GB. [2020-07-10 15:09:52,577 INFO L168 Benchmark]: CDTParser took 0.23 ms. Allocated memory is still 135.8 MB. Free memory was 118.9 MB in the beginning and 118.7 MB in the end (delta: 209.8 kB). Peak memory consumption was 209.8 kB. Max. memory is 7.1 GB. [2020-07-10 15:09:52,579 INFO L168 Benchmark]: CACSL2BoogieTranslator took 651.64 ms. Allocated memory was 135.8 MB in the beginning and 199.8 MB in the end (delta: 64.0 MB). Free memory was 98.4 MB in the beginning and 164.6 MB in the end (delta: -66.1 MB). Peak memory consumption was 27.3 MB. Max. memory is 7.1 GB. [2020-07-10 15:09:52,580 INFO L168 Benchmark]: Boogie Preprocessor took 95.29 ms. Allocated memory is still 199.8 MB. Free memory was 164.6 MB in the beginning and 160.3 MB in the end (delta: 4.2 MB). Peak memory consumption was 4.2 MB. Max. memory is 7.1 GB. [2020-07-10 15:09:52,580 INFO L168 Benchmark]: RCFGBuilder took 929.87 ms. Allocated memory is still 199.8 MB. Free memory was 160.3 MB in the beginning and 82.4 MB in the end (delta: 77.9 MB). Peak memory consumption was 77.9 MB. Max. memory is 7.1 GB. [2020-07-10 15:09:52,581 INFO L168 Benchmark]: TraceAbstraction took 39231.36 ms. Allocated memory was 228.1 MB in the beginning and 525.3 MB in the end (delta: 297.3 MB). Free memory was 200.1 MB in the beginning and 388.7 MB in the end (delta: -188.6 MB). Peak memory consumption was 108.7 MB. Max. memory is 7.1 GB. [2020-07-10 15:09:52,584 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.23 ms. Allocated memory is still 135.8 MB. Free memory was 118.9 MB in the beginning and 118.7 MB in the end (delta: 209.8 kB). Peak memory consumption was 209.8 kB. Max. memory is 7.1 GB. * CACSL2BoogieTranslator took 651.64 ms. Allocated memory was 135.8 MB in the beginning and 199.8 MB in the end (delta: 64.0 MB). Free memory was 98.4 MB in the beginning and 164.6 MB in the end (delta: -66.1 MB). Peak memory consumption was 27.3 MB. Max. memory is 7.1 GB. * Boogie Preprocessor took 95.29 ms. Allocated memory is still 199.8 MB. Free memory was 164.6 MB in the beginning and 160.3 MB in the end (delta: 4.2 MB). Peak memory consumption was 4.2 MB. Max. memory is 7.1 GB. * RCFGBuilder took 929.87 ms. Allocated memory is still 199.8 MB. Free memory was 160.3 MB in the beginning and 82.4 MB in the end (delta: 77.9 MB). Peak memory consumption was 77.9 MB. Max. memory is 7.1 GB. * TraceAbstraction took 39231.36 ms. Allocated memory was 228.1 MB in the beginning and 525.3 MB in the end (delta: 297.3 MB). Free memory was 200.1 MB in the beginning and 388.7 MB in the end (delta: -188.6 MB). Peak memory consumption was 108.7 MB. Max. memory is 7.1 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - CounterExampleResult [Line: 609]: a call of __VERIFIER_error() is reachable a call of __VERIFIER_error() is reachable We found a FailurePath: [L541] struct TreeNode* root = malloc(sizeof(*root)), *n; [L542] root->left = ((void *)0) [L543] root->right = ((void *)0) VAL [malloc(sizeof(*root))={-1:0}, root={-1:0}] [L544] COND FALSE !(__VERIFIER_nondet_int()) [L563] n = ((void *)0) [L564] struct TreeNode* pred; VAL [malloc(sizeof(*root))={-1:0}, n={0:0}, root={-1:0}] [L565] COND TRUE \read(*root) [L566] pred = ((void *)0) [L567] n = root VAL [malloc(sizeof(*root))={-1:0}, n={-1:0}, pred={0:0}, root={-1:0}] [L568] EXPR n->left [L568] n->left || n->right [L568] EXPR n->right [L568] n->left || n->right VAL [malloc(sizeof(*root))={-1:0}, n={-1:0}, n->left={0:0}, n->left || n->right=0, n->right={0:0}, pred={0:0}, root={-1:0}] [L568] COND FALSE !(n->left || n->right) [L575] COND FALSE !(\read(*pred)) [L581] root = ((void *)0) VAL [malloc(sizeof(*root))={-1:0}, n={-1:0}, pred={0:0}, root={0:0}] [L565] COND FALSE !(\read(*root)) VAL [malloc(sizeof(*root))={-1:0}, n={-1:0}, pred={0:0}, root={0:0}] [L584] List a = (List) malloc(sizeof(struct node)); VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, n={-1:0}, pred={0:0}, root={0:0}] [L585] COND FALSE !(a == 0) VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, n={-1:0}, pred={0:0}, root={0:0}] [L586] List t; [L587] List p = a; VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, n={-1:0}, p={-2:0}, pred={0:0}, root={0:0}] [L588] COND TRUE __VERIFIER_nondet_int() [L589] p->h = 1 [L590] t = (List) malloc(sizeof(struct node)) VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-2:0}, pred={0:0}, root={0:0}, t={-3:0}] [L591] COND FALSE !(t == 0) VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-2:0}, pred={0:0}, root={0:0}, t={-3:0}] [L592] p->n = t [L593] EXPR p->n [L593] p = p->n [L588] COND FALSE !(__VERIFIER_nondet_int()) [L595] COND TRUE __VERIFIER_nondet_int() [L596] p->h = 2 [L597] t = (List) malloc(sizeof(struct node)) VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-3:0}, pred={0:0}, root={0:0}, t={-4:0}] [L598] COND FALSE !(t == 0) VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-3:0}, pred={0:0}, root={0:0}, t={-4:0}] [L599] p->n = t [L600] EXPR p->n [L600] p = p->n [L595] COND FALSE !(__VERIFIER_nondet_int()) [L602] p->h = 3 [L603] p = a VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-2:0}, pred={0:0}, root={0:0}, t={-4:0}] [L604] EXPR p->h VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-2:0}, p->h=1, pred={0:0}, root={0:0}, t={-4:0}] [L604] COND FALSE !(p->h == 2) [L606] EXPR p->h VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-2:0}, p->h=1, pred={0:0}, root={0:0}, t={-4:0}] [L606] COND TRUE p->h == 1 [L607] EXPR p->n [L607] p = p->n [L606] EXPR p->h VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-3:0}, p->h=2, pred={0:0}, root={0:0}, t={-4:0}] [L606] COND FALSE !(p->h == 1) [L608] EXPR p->h VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-3:0}, p->h=2, pred={0:0}, root={0:0}, t={-4:0}] [L608] COND TRUE p->h != 3 [L609] __VERIFIER_error() VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-3:0}, pred={0:0}, root={0:0}, t={-4:0}] - StatisticsResult: Ultimate Automizer benchmark data CFG has 6 procedures, 64 locations, 1 error locations. Started 1 CEGAR loops. VerificationResult: UNSAFE, OverallTime: 39.0s, OverallIterations: 15, TraceHistogramMax: 3, AutomataDifference: 22.8s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 803 SDtfs, 685 SDslu, 4197 SDs, 0 SdLazy, 3644 SolverSat, 291 SolverUnsat, 0 SolverUnknown, 0 SolverNotchecked, 6.4s Time, PredicateUnifierStatistics: 0 DeclaredPredicates, 498 GetRequests, 300 SyntacticMatches, 6 SemanticMatches, 192 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 629 ImplicationChecksByTransitivity, 4.9s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=100occurred in iteration=14, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.6s AutomataMinimizationTime, 14 MinimizatonAttempts, 151 StatesRemovedByMinimization, 11 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.6s SatisfiabilityAnalysisTime, 11.1s InterpolantComputationTime, 822 NumberOfCodeBlocks, 822 NumberOfCodeBlocksAsserted, 27 NumberOfCheckSat, 759 ConstructedInterpolants, 15 QuantifiedInterpolants, 208514 SizeOfPredicates, 122 NumberOfNonLiveVariables, 1390 ConjunctsInSsa, 300 ConjunctsInUnsatCore, 22 InterpolantComputations, 6 PerfectInterpolantSequences, 36/112 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available RESULT: Ultimate proved your program to be incorrect! Received shutdown request...