/usr/bin/java -ea -Xmx8000000000 -Xss4m -jar ./plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata ./data -tc ../../../trunk/examples/toolchains/AutomizerC.xml -s ../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Default.epf -i ../../../trunk/examples/svcomp/list-ext2-properties/list_and_tree_cnstr-1.i -------------------------------------------------------------------------------- This is Ultimate 0.1.25-267fbe0 [2020-07-17 22:32:18,147 INFO L177 SettingsManager]: Resetting all preferences to default values... [2020-07-17 22:32:18,150 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2020-07-17 22:32:18,165 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2020-07-17 22:32:18,166 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2020-07-17 22:32:18,167 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2020-07-17 22:32:18,170 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2020-07-17 22:32:18,181 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2020-07-17 22:32:18,184 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2020-07-17 22:32:18,186 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2020-07-17 22:32:18,187 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2020-07-17 22:32:18,188 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2020-07-17 22:32:18,189 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2020-07-17 22:32:18,191 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2020-07-17 22:32:18,193 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2020-07-17 22:32:18,194 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2020-07-17 22:32:18,196 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2020-07-17 22:32:18,197 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2020-07-17 22:32:18,202 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2020-07-17 22:32:18,207 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2020-07-17 22:32:18,212 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2020-07-17 22:32:18,213 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2020-07-17 22:32:18,216 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2020-07-17 22:32:18,216 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2020-07-17 22:32:18,219 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2020-07-17 22:32:18,220 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2020-07-17 22:32:18,220 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2020-07-17 22:32:18,224 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2020-07-17 22:32:18,224 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2020-07-17 22:32:18,226 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2020-07-17 22:32:18,227 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2020-07-17 22:32:18,228 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2020-07-17 22:32:18,229 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2020-07-17 22:32:18,232 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2020-07-17 22:32:18,235 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2020-07-17 22:32:18,235 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2020-07-17 22:32:18,237 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2020-07-17 22:32:18,238 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2020-07-17 22:32:18,238 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2020-07-17 22:32:18,239 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2020-07-17 22:32:18,240 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2020-07-17 22:32:18,241 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Default.epf [2020-07-17 22:32:18,280 INFO L113 SettingsManager]: Loading preferences was successful [2020-07-17 22:32:18,281 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2020-07-17 22:32:18,282 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2020-07-17 22:32:18,285 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2020-07-17 22:32:18,286 INFO L138 SettingsManager]: * Use SBE=true [2020-07-17 22:32:18,286 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2020-07-17 22:32:18,286 INFO L138 SettingsManager]: * sizeof long=4 [2020-07-17 22:32:18,286 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2020-07-17 22:32:18,286 INFO L138 SettingsManager]: * sizeof POINTER=4 [2020-07-17 22:32:18,286 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2020-07-17 22:32:18,286 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2020-07-17 22:32:18,287 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2020-07-17 22:32:18,287 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2020-07-17 22:32:18,287 INFO L138 SettingsManager]: * sizeof long double=12 [2020-07-17 22:32:18,287 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2020-07-17 22:32:18,287 INFO L138 SettingsManager]: * Use constant arrays=true [2020-07-17 22:32:18,288 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2020-07-17 22:32:18,288 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2020-07-17 22:32:18,288 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2020-07-17 22:32:18,288 INFO L138 SettingsManager]: * To the following directory=./dump/ [2020-07-17 22:32:18,291 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2020-07-17 22:32:18,292 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-17 22:32:18,292 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2020-07-17 22:32:18,292 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2020-07-17 22:32:18,292 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2020-07-17 22:32:18,292 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2020-07-17 22:32:18,293 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2020-07-17 22:32:18,293 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2020-07-17 22:32:18,293 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2020-07-17 22:32:18,293 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2020-07-17 22:32:18,625 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2020-07-17 22:32:18,638 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2020-07-17 22:32:18,642 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2020-07-17 22:32:18,643 INFO L271 PluginConnector]: Initializing CDTParser... [2020-07-17 22:32:18,644 INFO L275 PluginConnector]: CDTParser initialized [2020-07-17 22:32:18,645 INFO L429 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/list-ext2-properties/list_and_tree_cnstr-1.i [2020-07-17 22:32:18,717 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5c07cba21/2258f10b215a49ea887878dac67a030a/FLAG5d4ead2ea [2020-07-17 22:32:19,270 INFO L306 CDTParser]: Found 1 translation units. [2020-07-17 22:32:19,271 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/trunk/examples/svcomp/list-ext2-properties/list_and_tree_cnstr-1.i [2020-07-17 22:32:19,287 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5c07cba21/2258f10b215a49ea887878dac67a030a/FLAG5d4ead2ea [2020-07-17 22:32:19,533 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5c07cba21/2258f10b215a49ea887878dac67a030a [2020-07-17 22:32:19,544 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2020-07-17 22:32:19,547 INFO L131 ToolchainWalker]: Walking toolchain with 4 elements. [2020-07-17 22:32:19,548 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2020-07-17 22:32:19,548 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2020-07-17 22:32:19,552 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2020-07-17 22:32:19,554 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 17.07 10:32:19" (1/1) ... [2020-07-17 22:32:19,557 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@17c8838b and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.07 10:32:19, skipping insertion in model container [2020-07-17 22:32:19,557 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 17.07 10:32:19" (1/1) ... [2020-07-17 22:32:19,566 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2020-07-17 22:32:19,631 INFO L178 MainTranslator]: Built tables and reachable declarations [2020-07-17 22:32:20,061 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-17 22:32:20,072 INFO L203 MainTranslator]: Completed pre-run [2020-07-17 22:32:20,126 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-17 22:32:20,195 INFO L208 MainTranslator]: Completed translation [2020-07-17 22:32:20,196 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.07 10:32:20 WrapperNode [2020-07-17 22:32:20,197 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2020-07-17 22:32:20,197 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2020-07-17 22:32:20,197 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2020-07-17 22:32:20,198 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2020-07-17 22:32:20,211 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.07 10:32:20" (1/1) ... [2020-07-17 22:32:20,213 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.07 10:32:20" (1/1) ... [2020-07-17 22:32:20,260 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.07 10:32:20" (1/1) ... [2020-07-17 22:32:20,260 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.07 10:32:20" (1/1) ... [2020-07-17 22:32:20,296 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.07 10:32:20" (1/1) ... [2020-07-17 22:32:20,306 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.07 10:32:20" (1/1) ... [2020-07-17 22:32:20,312 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.07 10:32:20" (1/1) ... [2020-07-17 22:32:20,320 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2020-07-17 22:32:20,321 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2020-07-17 22:32:20,321 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2020-07-17 22:32:20,321 INFO L275 PluginConnector]: RCFGBuilder initialized [2020-07-17 22:32:20,322 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.07 10:32:20" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-17 22:32:20,393 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2020-07-17 22:32:20,394 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2020-07-17 22:32:20,394 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_32 [2020-07-17 22:32:20,394 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_64 [2020-07-17 22:32:20,395 INFO L138 BoogieDeclarations]: Found implementation of procedure myexit [2020-07-17 22:32:20,395 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2020-07-17 22:32:20,395 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_error [2020-07-17 22:32:20,395 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_int [2020-07-17 22:32:20,395 INFO L130 BoogieDeclarations]: Found specification of procedure __ctype_get_mb_cur_max [2020-07-17 22:32:20,396 INFO L130 BoogieDeclarations]: Found specification of procedure atof [2020-07-17 22:32:20,396 INFO L130 BoogieDeclarations]: Found specification of procedure atoi [2020-07-17 22:32:20,396 INFO L130 BoogieDeclarations]: Found specification of procedure atol [2020-07-17 22:32:20,396 INFO L130 BoogieDeclarations]: Found specification of procedure atoll [2020-07-17 22:32:20,396 INFO L130 BoogieDeclarations]: Found specification of procedure strtod [2020-07-17 22:32:20,396 INFO L130 BoogieDeclarations]: Found specification of procedure strtof [2020-07-17 22:32:20,397 INFO L130 BoogieDeclarations]: Found specification of procedure strtold [2020-07-17 22:32:20,397 INFO L130 BoogieDeclarations]: Found specification of procedure strtol [2020-07-17 22:32:20,397 INFO L130 BoogieDeclarations]: Found specification of procedure strtoul [2020-07-17 22:32:20,397 INFO L130 BoogieDeclarations]: Found specification of procedure strtoq [2020-07-17 22:32:20,397 INFO L130 BoogieDeclarations]: Found specification of procedure strtouq [2020-07-17 22:32:20,397 INFO L130 BoogieDeclarations]: Found specification of procedure strtoll [2020-07-17 22:32:20,398 INFO L130 BoogieDeclarations]: Found specification of procedure strtoull [2020-07-17 22:32:20,398 INFO L130 BoogieDeclarations]: Found specification of procedure l64a [2020-07-17 22:32:20,398 INFO L130 BoogieDeclarations]: Found specification of procedure a64l [2020-07-17 22:32:20,398 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_32 [2020-07-17 22:32:20,398 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_64 [2020-07-17 22:32:20,398 INFO L130 BoogieDeclarations]: Found specification of procedure select [2020-07-17 22:32:20,399 INFO L130 BoogieDeclarations]: Found specification of procedure pselect [2020-07-17 22:32:20,399 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_major [2020-07-17 22:32:20,399 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_minor [2020-07-17 22:32:20,399 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_makedev [2020-07-17 22:32:20,399 INFO L130 BoogieDeclarations]: Found specification of procedure random [2020-07-17 22:32:20,399 INFO L130 BoogieDeclarations]: Found specification of procedure srandom [2020-07-17 22:32:20,399 INFO L130 BoogieDeclarations]: Found specification of procedure initstate [2020-07-17 22:32:20,400 INFO L130 BoogieDeclarations]: Found specification of procedure setstate [2020-07-17 22:32:20,400 INFO L130 BoogieDeclarations]: Found specification of procedure random_r [2020-07-17 22:32:20,400 INFO L130 BoogieDeclarations]: Found specification of procedure srandom_r [2020-07-17 22:32:20,400 INFO L130 BoogieDeclarations]: Found specification of procedure initstate_r [2020-07-17 22:32:20,400 INFO L130 BoogieDeclarations]: Found specification of procedure setstate_r [2020-07-17 22:32:20,400 INFO L130 BoogieDeclarations]: Found specification of procedure rand [2020-07-17 22:32:20,401 INFO L130 BoogieDeclarations]: Found specification of procedure srand [2020-07-17 22:32:20,401 INFO L130 BoogieDeclarations]: Found specification of procedure rand_r [2020-07-17 22:32:20,401 INFO L130 BoogieDeclarations]: Found specification of procedure drand48 [2020-07-17 22:32:20,401 INFO L130 BoogieDeclarations]: Found specification of procedure erand48 [2020-07-17 22:32:20,401 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48 [2020-07-17 22:32:20,401 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48 [2020-07-17 22:32:20,402 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48 [2020-07-17 22:32:20,402 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48 [2020-07-17 22:32:20,402 INFO L130 BoogieDeclarations]: Found specification of procedure srand48 [2020-07-17 22:32:20,402 INFO L130 BoogieDeclarations]: Found specification of procedure seed48 [2020-07-17 22:32:20,402 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48 [2020-07-17 22:32:20,402 INFO L130 BoogieDeclarations]: Found specification of procedure drand48_r [2020-07-17 22:32:20,402 INFO L130 BoogieDeclarations]: Found specification of procedure erand48_r [2020-07-17 22:32:20,403 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48_r [2020-07-17 22:32:20,403 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48_r [2020-07-17 22:32:20,403 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48_r [2020-07-17 22:32:20,403 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48_r [2020-07-17 22:32:20,403 INFO L130 BoogieDeclarations]: Found specification of procedure srand48_r [2020-07-17 22:32:20,403 INFO L130 BoogieDeclarations]: Found specification of procedure seed48_r [2020-07-17 22:32:20,404 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48_r [2020-07-17 22:32:20,404 INFO L130 BoogieDeclarations]: Found specification of procedure malloc [2020-07-17 22:32:20,404 INFO L130 BoogieDeclarations]: Found specification of procedure calloc [2020-07-17 22:32:20,404 INFO L130 BoogieDeclarations]: Found specification of procedure realloc [2020-07-17 22:32:20,404 INFO L130 BoogieDeclarations]: Found specification of procedure free [2020-07-17 22:32:20,404 INFO L130 BoogieDeclarations]: Found specification of procedure cfree [2020-07-17 22:32:20,404 INFO L130 BoogieDeclarations]: Found specification of procedure alloca [2020-07-17 22:32:20,405 INFO L130 BoogieDeclarations]: Found specification of procedure valloc [2020-07-17 22:32:20,405 INFO L130 BoogieDeclarations]: Found specification of procedure posix_memalign [2020-07-17 22:32:20,405 INFO L130 BoogieDeclarations]: Found specification of procedure aligned_alloc [2020-07-17 22:32:20,405 INFO L130 BoogieDeclarations]: Found specification of procedure abort [2020-07-17 22:32:20,405 INFO L130 BoogieDeclarations]: Found specification of procedure atexit [2020-07-17 22:32:20,405 INFO L130 BoogieDeclarations]: Found specification of procedure at_quick_exit [2020-07-17 22:32:20,406 INFO L130 BoogieDeclarations]: Found specification of procedure on_exit [2020-07-17 22:32:20,406 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2020-07-17 22:32:20,406 INFO L130 BoogieDeclarations]: Found specification of procedure quick_exit [2020-07-17 22:32:20,406 INFO L130 BoogieDeclarations]: Found specification of procedure _Exit [2020-07-17 22:32:20,406 INFO L130 BoogieDeclarations]: Found specification of procedure getenv [2020-07-17 22:32:20,406 INFO L130 BoogieDeclarations]: Found specification of procedure putenv [2020-07-17 22:32:20,406 INFO L130 BoogieDeclarations]: Found specification of procedure setenv [2020-07-17 22:32:20,407 INFO L130 BoogieDeclarations]: Found specification of procedure unsetenv [2020-07-17 22:32:20,407 INFO L130 BoogieDeclarations]: Found specification of procedure clearenv [2020-07-17 22:32:20,407 INFO L130 BoogieDeclarations]: Found specification of procedure mktemp [2020-07-17 22:32:20,407 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemp [2020-07-17 22:32:20,407 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemps [2020-07-17 22:32:20,407 INFO L130 BoogieDeclarations]: Found specification of procedure mkdtemp [2020-07-17 22:32:20,408 INFO L130 BoogieDeclarations]: Found specification of procedure system [2020-07-17 22:32:20,408 INFO L130 BoogieDeclarations]: Found specification of procedure realpath [2020-07-17 22:32:20,408 INFO L130 BoogieDeclarations]: Found specification of procedure bsearch [2020-07-17 22:32:20,408 INFO L130 BoogieDeclarations]: Found specification of procedure qsort [2020-07-17 22:32:20,408 INFO L130 BoogieDeclarations]: Found specification of procedure abs [2020-07-17 22:32:20,408 INFO L130 BoogieDeclarations]: Found specification of procedure labs [2020-07-17 22:32:20,408 INFO L130 BoogieDeclarations]: Found specification of procedure llabs [2020-07-17 22:32:20,409 INFO L130 BoogieDeclarations]: Found specification of procedure div [2020-07-17 22:32:20,409 INFO L130 BoogieDeclarations]: Found specification of procedure ldiv [2020-07-17 22:32:20,409 INFO L130 BoogieDeclarations]: Found specification of procedure lldiv [2020-07-17 22:32:20,409 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt [2020-07-17 22:32:20,409 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt [2020-07-17 22:32:20,409 INFO L130 BoogieDeclarations]: Found specification of procedure gcvt [2020-07-17 22:32:20,409 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt [2020-07-17 22:32:20,410 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt [2020-07-17 22:32:20,410 INFO L130 BoogieDeclarations]: Found specification of procedure qgcvt [2020-07-17 22:32:20,410 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt_r [2020-07-17 22:32:20,410 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt_r [2020-07-17 22:32:20,410 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt_r [2020-07-17 22:32:20,410 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt_r [2020-07-17 22:32:20,410 INFO L130 BoogieDeclarations]: Found specification of procedure mblen [2020-07-17 22:32:20,411 INFO L130 BoogieDeclarations]: Found specification of procedure mbtowc [2020-07-17 22:32:20,411 INFO L130 BoogieDeclarations]: Found specification of procedure wctomb [2020-07-17 22:32:20,411 INFO L130 BoogieDeclarations]: Found specification of procedure mbstowcs [2020-07-17 22:32:20,411 INFO L130 BoogieDeclarations]: Found specification of procedure wcstombs [2020-07-17 22:32:20,411 INFO L130 BoogieDeclarations]: Found specification of procedure rpmatch [2020-07-17 22:32:20,411 INFO L130 BoogieDeclarations]: Found specification of procedure getsubopt [2020-07-17 22:32:20,411 INFO L130 BoogieDeclarations]: Found specification of procedure getloadavg [2020-07-17 22:32:20,412 INFO L130 BoogieDeclarations]: Found specification of procedure myexit [2020-07-17 22:32:20,412 INFO L130 BoogieDeclarations]: Found specification of procedure main [2020-07-17 22:32:20,412 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2020-07-17 22:32:20,412 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2020-07-17 22:32:20,412 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2020-07-17 22:32:20,412 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2020-07-17 22:32:20,413 INFO L130 BoogieDeclarations]: Found specification of procedure write~int [2020-07-17 22:32:20,413 INFO L130 BoogieDeclarations]: Found specification of procedure read~int [2020-07-17 22:32:20,413 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2020-07-17 22:32:20,413 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2020-07-17 22:32:20,794 INFO L728 $ProcedureCfgBuilder]: dead code at ProgramPoint myexitFINAL: assume true; [2020-07-17 22:32:21,219 INFO L290 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2020-07-17 22:32:21,220 INFO L295 CfgBuilder]: Removed 8 assume(true) statements. [2020-07-17 22:32:21,223 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 17.07 10:32:21 BoogieIcfgContainer [2020-07-17 22:32:21,224 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2020-07-17 22:32:21,225 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2020-07-17 22:32:21,225 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2020-07-17 22:32:21,228 INFO L275 PluginConnector]: TraceAbstraction initialized [2020-07-17 22:32:21,229 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 17.07 10:32:19" (1/3) ... [2020-07-17 22:32:21,229 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2b6217ab and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 17.07 10:32:21, skipping insertion in model container [2020-07-17 22:32:21,230 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 17.07 10:32:20" (2/3) ... [2020-07-17 22:32:21,230 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2b6217ab and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 17.07 10:32:21, skipping insertion in model container [2020-07-17 22:32:21,230 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 17.07 10:32:21" (3/3) ... [2020-07-17 22:32:21,232 INFO L109 eAbstractionObserver]: Analyzing ICFG list_and_tree_cnstr-1.i [2020-07-17 22:32:21,242 INFO L157 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2020-07-17 22:32:21,250 INFO L169 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2020-07-17 22:32:21,264 INFO L251 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2020-07-17 22:32:21,285 INFO L375 AbstractCegarLoop]: Interprodecural is true [2020-07-17 22:32:21,286 INFO L376 AbstractCegarLoop]: Hoare is true [2020-07-17 22:32:21,286 INFO L377 AbstractCegarLoop]: Compute interpolants for FPandBP [2020-07-17 22:32:21,286 INFO L378 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2020-07-17 22:32:21,286 INFO L379 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2020-07-17 22:32:21,286 INFO L380 AbstractCegarLoop]: Difference is false [2020-07-17 22:32:21,287 INFO L381 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2020-07-17 22:32:21,287 INFO L385 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2020-07-17 22:32:21,303 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states. [2020-07-17 22:32:21,310 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2020-07-17 22:32:21,310 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:21,311 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:21,312 INFO L427 AbstractCegarLoop]: === Iteration 1 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:21,318 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:21,318 INFO L82 PathProgramCache]: Analyzing trace with hash 1575706012, now seen corresponding path program 1 times [2020-07-17 22:32:21,329 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:21,329 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [224898148] [2020-07-17 22:32:21,330 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:21,437 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:21,523 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:21,533 INFO L280 TraceCheckUtils]: 0: Hoare triple {65#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {60#true} is VALID [2020-07-17 22:32:21,534 INFO L280 TraceCheckUtils]: 1: Hoare triple {60#true} assume true; {60#true} is VALID [2020-07-17 22:32:21,534 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {60#true} {60#true} #225#return; {60#true} is VALID [2020-07-17 22:32:21,539 INFO L263 TraceCheckUtils]: 0: Hoare triple {60#true} call ULTIMATE.init(); {65#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:21,539 INFO L280 TraceCheckUtils]: 1: Hoare triple {65#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {60#true} is VALID [2020-07-17 22:32:21,539 INFO L280 TraceCheckUtils]: 2: Hoare triple {60#true} assume true; {60#true} is VALID [2020-07-17 22:32:21,540 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {60#true} {60#true} #225#return; {60#true} is VALID [2020-07-17 22:32:21,540 INFO L263 TraceCheckUtils]: 4: Hoare triple {60#true} call #t~ret41 := main(); {60#true} is VALID [2020-07-17 22:32:21,540 INFO L280 TraceCheckUtils]: 5: Hoare triple {60#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {60#true} is VALID [2020-07-17 22:32:21,542 INFO L280 TraceCheckUtils]: 6: Hoare triple {60#true} assume !true; {61#false} is VALID [2020-07-17 22:32:21,543 INFO L280 TraceCheckUtils]: 7: Hoare triple {61#false} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {61#false} is VALID [2020-07-17 22:32:21,543 INFO L280 TraceCheckUtils]: 8: Hoare triple {61#false} assume !(~root~0.base != 0 || ~root~0.offset != 0); {61#false} is VALID [2020-07-17 22:32:21,544 INFO L280 TraceCheckUtils]: 9: Hoare triple {61#false} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {61#false} is VALID [2020-07-17 22:32:21,544 INFO L280 TraceCheckUtils]: 10: Hoare triple {61#false} assume !(~a~0.base == 0 && ~a~0.offset == 0); {61#false} is VALID [2020-07-17 22:32:21,544 INFO L280 TraceCheckUtils]: 11: Hoare triple {61#false} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {61#false} is VALID [2020-07-17 22:32:21,545 INFO L280 TraceCheckUtils]: 12: Hoare triple {61#false} assume !true; {61#false} is VALID [2020-07-17 22:32:21,545 INFO L280 TraceCheckUtils]: 13: Hoare triple {61#false} assume !true; {61#false} is VALID [2020-07-17 22:32:21,545 INFO L280 TraceCheckUtils]: 14: Hoare triple {61#false} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {61#false} is VALID [2020-07-17 22:32:21,546 INFO L280 TraceCheckUtils]: 15: Hoare triple {61#false} assume !true; {61#false} is VALID [2020-07-17 22:32:21,546 INFO L280 TraceCheckUtils]: 16: Hoare triple {61#false} assume !true; {61#false} is VALID [2020-07-17 22:32:21,546 INFO L280 TraceCheckUtils]: 17: Hoare triple {61#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {61#false} is VALID [2020-07-17 22:32:21,546 INFO L280 TraceCheckUtils]: 18: Hoare triple {61#false} assume 3 != #t~mem40;havoc #t~mem40; {61#false} is VALID [2020-07-17 22:32:21,547 INFO L280 TraceCheckUtils]: 19: Hoare triple {61#false} assume !false; {61#false} is VALID [2020-07-17 22:32:21,549 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-17 22:32:21,550 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [224898148] [2020-07-17 22:32:21,551 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-17 22:32:21,551 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2020-07-17 22:32:21,552 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1173655318] [2020-07-17 22:32:21,558 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 20 [2020-07-17 22:32:21,561 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:21,565 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2020-07-17 22:32:21,600 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:21,601 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2020-07-17 22:32:21,601 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:21,608 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2020-07-17 22:32:21,608 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2020-07-17 22:32:21,610 INFO L87 Difference]: Start difference. First operand 57 states. Second operand 3 states. [2020-07-17 22:32:22,038 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:22,039 INFO L93 Difference]: Finished difference Result 108 states and 166 transitions. [2020-07-17 22:32:22,039 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2020-07-17 22:32:22,039 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 20 [2020-07-17 22:32:22,039 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:22,041 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2020-07-17 22:32:22,058 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 166 transitions. [2020-07-17 22:32:22,058 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2020-07-17 22:32:22,065 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 166 transitions. [2020-07-17 22:32:22,065 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 166 transitions. [2020-07-17 22:32:22,321 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 166 edges. 166 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:22,354 INFO L225 Difference]: With dead ends: 108 [2020-07-17 22:32:22,354 INFO L226 Difference]: Without dead ends: 47 [2020-07-17 22:32:22,362 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2020-07-17 22:32:22,387 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 47 states. [2020-07-17 22:32:22,440 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 47 to 47. [2020-07-17 22:32:22,440 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:22,441 INFO L82 GeneralOperation]: Start isEquivalent. First operand 47 states. Second operand 47 states. [2020-07-17 22:32:22,441 INFO L74 IsIncluded]: Start isIncluded. First operand 47 states. Second operand 47 states. [2020-07-17 22:32:22,442 INFO L87 Difference]: Start difference. First operand 47 states. Second operand 47 states. [2020-07-17 22:32:22,447 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:22,448 INFO L93 Difference]: Finished difference Result 47 states and 64 transitions. [2020-07-17 22:32:22,448 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 64 transitions. [2020-07-17 22:32:22,449 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:22,449 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:22,449 INFO L74 IsIncluded]: Start isIncluded. First operand 47 states. Second operand 47 states. [2020-07-17 22:32:22,449 INFO L87 Difference]: Start difference. First operand 47 states. Second operand 47 states. [2020-07-17 22:32:22,455 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:22,455 INFO L93 Difference]: Finished difference Result 47 states and 64 transitions. [2020-07-17 22:32:22,455 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 64 transitions. [2020-07-17 22:32:22,456 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:22,456 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:22,457 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:22,457 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:22,457 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 47 states. [2020-07-17 22:32:22,461 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 47 states to 47 states and 64 transitions. [2020-07-17 22:32:22,463 INFO L78 Accepts]: Start accepts. Automaton has 47 states and 64 transitions. Word has length 20 [2020-07-17 22:32:22,463 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:22,463 INFO L479 AbstractCegarLoop]: Abstraction has 47 states and 64 transitions. [2020-07-17 22:32:22,464 INFO L480 AbstractCegarLoop]: Interpolant automaton has 3 states. [2020-07-17 22:32:22,464 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 64 transitions. [2020-07-17 22:32:22,465 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2020-07-17 22:32:22,465 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:22,465 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:22,465 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2020-07-17 22:32:22,466 INFO L427 AbstractCegarLoop]: === Iteration 2 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:22,466 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:22,466 INFO L82 PathProgramCache]: Analyzing trace with hash 1627887593, now seen corresponding path program 1 times [2020-07-17 22:32:22,466 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:22,467 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1849102385] [2020-07-17 22:32:22,467 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:22,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:22,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:22,564 INFO L280 TraceCheckUtils]: 0: Hoare triple {359#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {353#true} is VALID [2020-07-17 22:32:22,564 INFO L280 TraceCheckUtils]: 1: Hoare triple {353#true} assume true; {353#true} is VALID [2020-07-17 22:32:22,564 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {353#true} {353#true} #225#return; {353#true} is VALID [2020-07-17 22:32:22,565 INFO L263 TraceCheckUtils]: 0: Hoare triple {353#true} call ULTIMATE.init(); {359#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:22,566 INFO L280 TraceCheckUtils]: 1: Hoare triple {359#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {353#true} is VALID [2020-07-17 22:32:22,566 INFO L280 TraceCheckUtils]: 2: Hoare triple {353#true} assume true; {353#true} is VALID [2020-07-17 22:32:22,566 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {353#true} {353#true} #225#return; {353#true} is VALID [2020-07-17 22:32:22,567 INFO L263 TraceCheckUtils]: 4: Hoare triple {353#true} call #t~ret41 := main(); {353#true} is VALID [2020-07-17 22:32:22,568 INFO L280 TraceCheckUtils]: 5: Hoare triple {353#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {358#(not (= 0 main_~root~0.base))} is VALID [2020-07-17 22:32:22,569 INFO L280 TraceCheckUtils]: 6: Hoare triple {358#(not (= 0 main_~root~0.base))} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {358#(not (= 0 main_~root~0.base))} is VALID [2020-07-17 22:32:22,569 INFO L280 TraceCheckUtils]: 7: Hoare triple {358#(not (= 0 main_~root~0.base))} assume !(0 != #t~nondet3);havoc #t~nondet3; {358#(not (= 0 main_~root~0.base))} is VALID [2020-07-17 22:32:22,570 INFO L280 TraceCheckUtils]: 8: Hoare triple {358#(not (= 0 main_~root~0.base))} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {358#(not (= 0 main_~root~0.base))} is VALID [2020-07-17 22:32:22,571 INFO L280 TraceCheckUtils]: 9: Hoare triple {358#(not (= 0 main_~root~0.base))} assume !(~root~0.base != 0 || ~root~0.offset != 0); {354#false} is VALID [2020-07-17 22:32:22,571 INFO L280 TraceCheckUtils]: 10: Hoare triple {354#false} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {354#false} is VALID [2020-07-17 22:32:22,572 INFO L280 TraceCheckUtils]: 11: Hoare triple {354#false} assume !(~a~0.base == 0 && ~a~0.offset == 0); {354#false} is VALID [2020-07-17 22:32:22,572 INFO L280 TraceCheckUtils]: 12: Hoare triple {354#false} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {354#false} is VALID [2020-07-17 22:32:22,572 INFO L280 TraceCheckUtils]: 13: Hoare triple {354#false} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {354#false} is VALID [2020-07-17 22:32:22,573 INFO L280 TraceCheckUtils]: 14: Hoare triple {354#false} assume !(0 != #t~nondet30);havoc #t~nondet30; {354#false} is VALID [2020-07-17 22:32:22,573 INFO L280 TraceCheckUtils]: 15: Hoare triple {354#false} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {354#false} is VALID [2020-07-17 22:32:22,573 INFO L280 TraceCheckUtils]: 16: Hoare triple {354#false} assume !(0 != #t~nondet33);havoc #t~nondet33; {354#false} is VALID [2020-07-17 22:32:22,574 INFO L280 TraceCheckUtils]: 17: Hoare triple {354#false} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {354#false} is VALID [2020-07-17 22:32:22,574 INFO L280 TraceCheckUtils]: 18: Hoare triple {354#false} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {354#false} is VALID [2020-07-17 22:32:22,577 INFO L280 TraceCheckUtils]: 19: Hoare triple {354#false} assume !(2 == #t~mem36);havoc #t~mem36; {354#false} is VALID [2020-07-17 22:32:22,577 INFO L280 TraceCheckUtils]: 20: Hoare triple {354#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {354#false} is VALID [2020-07-17 22:32:22,577 INFO L280 TraceCheckUtils]: 21: Hoare triple {354#false} assume !(1 == #t~mem38);havoc #t~mem38; {354#false} is VALID [2020-07-17 22:32:22,578 INFO L280 TraceCheckUtils]: 22: Hoare triple {354#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {354#false} is VALID [2020-07-17 22:32:22,578 INFO L280 TraceCheckUtils]: 23: Hoare triple {354#false} assume 3 != #t~mem40;havoc #t~mem40; {354#false} is VALID [2020-07-17 22:32:22,578 INFO L280 TraceCheckUtils]: 24: Hoare triple {354#false} assume !false; {354#false} is VALID [2020-07-17 22:32:22,585 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-17 22:32:22,586 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1849102385] [2020-07-17 22:32:22,586 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-17 22:32:22,586 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2020-07-17 22:32:22,586 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1728696713] [2020-07-17 22:32:22,588 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 25 [2020-07-17 22:32:22,588 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:22,588 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2020-07-17 22:32:22,622 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:22,622 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2020-07-17 22:32:22,623 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:22,623 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2020-07-17 22:32:22,623 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-17 22:32:22,624 INFO L87 Difference]: Start difference. First operand 47 states and 64 transitions. Second operand 4 states. [2020-07-17 22:32:22,973 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:22,974 INFO L93 Difference]: Finished difference Result 75 states and 101 transitions. [2020-07-17 22:32:22,974 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2020-07-17 22:32:22,974 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 25 [2020-07-17 22:32:22,974 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:22,975 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-17 22:32:22,978 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 101 transitions. [2020-07-17 22:32:22,978 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-17 22:32:22,981 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 101 transitions. [2020-07-17 22:32:22,981 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 101 transitions. [2020-07-17 22:32:23,123 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:23,129 INFO L225 Difference]: With dead ends: 75 [2020-07-17 22:32:23,129 INFO L226 Difference]: Without dead ends: 55 [2020-07-17 22:32:23,131 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-17 22:32:23,131 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 55 states. [2020-07-17 22:32:23,156 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 55 to 55. [2020-07-17 22:32:23,157 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:23,157 INFO L82 GeneralOperation]: Start isEquivalent. First operand 55 states. Second operand 55 states. [2020-07-17 22:32:23,157 INFO L74 IsIncluded]: Start isIncluded. First operand 55 states. Second operand 55 states. [2020-07-17 22:32:23,157 INFO L87 Difference]: Start difference. First operand 55 states. Second operand 55 states. [2020-07-17 22:32:23,164 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:23,165 INFO L93 Difference]: Finished difference Result 55 states and 77 transitions. [2020-07-17 22:32:23,165 INFO L276 IsEmpty]: Start isEmpty. Operand 55 states and 77 transitions. [2020-07-17 22:32:23,166 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:23,166 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:23,166 INFO L74 IsIncluded]: Start isIncluded. First operand 55 states. Second operand 55 states. [2020-07-17 22:32:23,166 INFO L87 Difference]: Start difference. First operand 55 states. Second operand 55 states. [2020-07-17 22:32:23,175 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:23,175 INFO L93 Difference]: Finished difference Result 55 states and 77 transitions. [2020-07-17 22:32:23,175 INFO L276 IsEmpty]: Start isEmpty. Operand 55 states and 77 transitions. [2020-07-17 22:32:23,176 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:23,176 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:23,176 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:23,176 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:23,176 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 55 states. [2020-07-17 22:32:23,183 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 55 states to 55 states and 77 transitions. [2020-07-17 22:32:23,185 INFO L78 Accepts]: Start accepts. Automaton has 55 states and 77 transitions. Word has length 25 [2020-07-17 22:32:23,185 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:23,186 INFO L479 AbstractCegarLoop]: Abstraction has 55 states and 77 transitions. [2020-07-17 22:32:23,186 INFO L480 AbstractCegarLoop]: Interpolant automaton has 4 states. [2020-07-17 22:32:23,186 INFO L276 IsEmpty]: Start isEmpty. Operand 55 states and 77 transitions. [2020-07-17 22:32:23,187 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2020-07-17 22:32:23,187 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:23,187 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:23,188 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2020-07-17 22:32:23,188 INFO L427 AbstractCegarLoop]: === Iteration 3 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:23,188 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:23,188 INFO L82 PathProgramCache]: Analyzing trace with hash -164754602, now seen corresponding path program 1 times [2020-07-17 22:32:23,189 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:23,189 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2040792092] [2020-07-17 22:32:23,189 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:23,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:23,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:23,277 INFO L280 TraceCheckUtils]: 0: Hoare triple {634#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {628#true} is VALID [2020-07-17 22:32:23,277 INFO L280 TraceCheckUtils]: 1: Hoare triple {628#true} assume true; {628#true} is VALID [2020-07-17 22:32:23,277 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {628#true} {628#true} #225#return; {628#true} is VALID [2020-07-17 22:32:23,278 INFO L263 TraceCheckUtils]: 0: Hoare triple {628#true} call ULTIMATE.init(); {634#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:23,279 INFO L280 TraceCheckUtils]: 1: Hoare triple {634#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {628#true} is VALID [2020-07-17 22:32:23,279 INFO L280 TraceCheckUtils]: 2: Hoare triple {628#true} assume true; {628#true} is VALID [2020-07-17 22:32:23,279 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {628#true} {628#true} #225#return; {628#true} is VALID [2020-07-17 22:32:23,279 INFO L263 TraceCheckUtils]: 4: Hoare triple {628#true} call #t~ret41 := main(); {628#true} is VALID [2020-07-17 22:32:23,280 INFO L280 TraceCheckUtils]: 5: Hoare triple {628#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {628#true} is VALID [2020-07-17 22:32:23,280 INFO L280 TraceCheckUtils]: 6: Hoare triple {628#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {628#true} is VALID [2020-07-17 22:32:23,280 INFO L280 TraceCheckUtils]: 7: Hoare triple {628#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {628#true} is VALID [2020-07-17 22:32:23,281 INFO L280 TraceCheckUtils]: 8: Hoare triple {628#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {628#true} is VALID [2020-07-17 22:32:23,281 INFO L280 TraceCheckUtils]: 9: Hoare triple {628#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {628#true} is VALID [2020-07-17 22:32:23,281 INFO L280 TraceCheckUtils]: 10: Hoare triple {628#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {628#true} is VALID [2020-07-17 22:32:23,282 INFO L280 TraceCheckUtils]: 11: Hoare triple {628#true} assume #t~short24; {633#|main_#t~short24|} is VALID [2020-07-17 22:32:23,283 INFO L280 TraceCheckUtils]: 12: Hoare triple {633#|main_#t~short24|} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {629#false} is VALID [2020-07-17 22:32:23,283 INFO L280 TraceCheckUtils]: 13: Hoare triple {629#false} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {629#false} is VALID [2020-07-17 22:32:23,283 INFO L280 TraceCheckUtils]: 14: Hoare triple {629#false} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {629#false} is VALID [2020-07-17 22:32:23,283 INFO L280 TraceCheckUtils]: 15: Hoare triple {629#false} assume !(~root~0.base != 0 || ~root~0.offset != 0); {629#false} is VALID [2020-07-17 22:32:23,284 INFO L280 TraceCheckUtils]: 16: Hoare triple {629#false} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {629#false} is VALID [2020-07-17 22:32:23,284 INFO L280 TraceCheckUtils]: 17: Hoare triple {629#false} assume !(~a~0.base == 0 && ~a~0.offset == 0); {629#false} is VALID [2020-07-17 22:32:23,284 INFO L280 TraceCheckUtils]: 18: Hoare triple {629#false} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {629#false} is VALID [2020-07-17 22:32:23,284 INFO L280 TraceCheckUtils]: 19: Hoare triple {629#false} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {629#false} is VALID [2020-07-17 22:32:23,285 INFO L280 TraceCheckUtils]: 20: Hoare triple {629#false} assume !(0 != #t~nondet30);havoc #t~nondet30; {629#false} is VALID [2020-07-17 22:32:23,285 INFO L280 TraceCheckUtils]: 21: Hoare triple {629#false} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {629#false} is VALID [2020-07-17 22:32:23,285 INFO L280 TraceCheckUtils]: 22: Hoare triple {629#false} assume !(0 != #t~nondet33);havoc #t~nondet33; {629#false} is VALID [2020-07-17 22:32:23,286 INFO L280 TraceCheckUtils]: 23: Hoare triple {629#false} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {629#false} is VALID [2020-07-17 22:32:23,286 INFO L280 TraceCheckUtils]: 24: Hoare triple {629#false} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {629#false} is VALID [2020-07-17 22:32:23,286 INFO L280 TraceCheckUtils]: 25: Hoare triple {629#false} assume !(2 == #t~mem36);havoc #t~mem36; {629#false} is VALID [2020-07-17 22:32:23,286 INFO L280 TraceCheckUtils]: 26: Hoare triple {629#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {629#false} is VALID [2020-07-17 22:32:23,287 INFO L280 TraceCheckUtils]: 27: Hoare triple {629#false} assume !(1 == #t~mem38);havoc #t~mem38; {629#false} is VALID [2020-07-17 22:32:23,287 INFO L280 TraceCheckUtils]: 28: Hoare triple {629#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {629#false} is VALID [2020-07-17 22:32:23,287 INFO L280 TraceCheckUtils]: 29: Hoare triple {629#false} assume 3 != #t~mem40;havoc #t~mem40; {629#false} is VALID [2020-07-17 22:32:23,287 INFO L280 TraceCheckUtils]: 30: Hoare triple {629#false} assume !false; {629#false} is VALID [2020-07-17 22:32:23,289 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-17 22:32:23,289 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2040792092] [2020-07-17 22:32:23,289 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-17 22:32:23,290 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2020-07-17 22:32:23,290 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [647572495] [2020-07-17 22:32:23,290 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 31 [2020-07-17 22:32:23,291 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:23,291 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2020-07-17 22:32:23,319 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:23,320 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2020-07-17 22:32:23,320 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:23,320 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2020-07-17 22:32:23,320 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-17 22:32:23,321 INFO L87 Difference]: Start difference. First operand 55 states and 77 transitions. Second operand 4 states. [2020-07-17 22:32:23,642 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:23,642 INFO L93 Difference]: Finished difference Result 93 states and 131 transitions. [2020-07-17 22:32:23,642 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2020-07-17 22:32:23,643 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 31 [2020-07-17 22:32:23,643 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:23,643 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-17 22:32:23,655 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 103 transitions. [2020-07-17 22:32:23,656 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-17 22:32:23,658 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 103 transitions. [2020-07-17 22:32:23,659 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 103 transitions. [2020-07-17 22:32:23,780 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 103 edges. 103 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:23,783 INFO L225 Difference]: With dead ends: 93 [2020-07-17 22:32:23,783 INFO L226 Difference]: Without dead ends: 57 [2020-07-17 22:32:23,784 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-17 22:32:23,785 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 57 states. [2020-07-17 22:32:23,807 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 57 to 57. [2020-07-17 22:32:23,807 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:23,807 INFO L82 GeneralOperation]: Start isEquivalent. First operand 57 states. Second operand 57 states. [2020-07-17 22:32:23,807 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand 57 states. [2020-07-17 22:32:23,808 INFO L87 Difference]: Start difference. First operand 57 states. Second operand 57 states. [2020-07-17 22:32:23,810 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:23,811 INFO L93 Difference]: Finished difference Result 57 states and 79 transitions. [2020-07-17 22:32:23,811 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 79 transitions. [2020-07-17 22:32:23,812 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:23,812 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:23,812 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand 57 states. [2020-07-17 22:32:23,812 INFO L87 Difference]: Start difference. First operand 57 states. Second operand 57 states. [2020-07-17 22:32:23,815 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:23,815 INFO L93 Difference]: Finished difference Result 57 states and 79 transitions. [2020-07-17 22:32:23,815 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 79 transitions. [2020-07-17 22:32:23,816 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:23,816 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:23,816 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:23,817 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:23,817 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 57 states. [2020-07-17 22:32:23,819 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 57 states to 57 states and 79 transitions. [2020-07-17 22:32:23,820 INFO L78 Accepts]: Start accepts. Automaton has 57 states and 79 transitions. Word has length 31 [2020-07-17 22:32:23,820 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:23,820 INFO L479 AbstractCegarLoop]: Abstraction has 57 states and 79 transitions. [2020-07-17 22:32:23,820 INFO L480 AbstractCegarLoop]: Interpolant automaton has 4 states. [2020-07-17 22:32:23,820 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 79 transitions. [2020-07-17 22:32:23,821 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2020-07-17 22:32:23,821 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:23,822 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:23,822 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2020-07-17 22:32:23,822 INFO L427 AbstractCegarLoop]: === Iteration 4 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:23,822 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:23,822 INFO L82 PathProgramCache]: Analyzing trace with hash -982403052, now seen corresponding path program 1 times [2020-07-17 22:32:23,823 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:23,823 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [897798826] [2020-07-17 22:32:23,823 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:23,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:23,928 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:23,936 INFO L280 TraceCheckUtils]: 0: Hoare triple {939#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {931#true} is VALID [2020-07-17 22:32:23,937 INFO L280 TraceCheckUtils]: 1: Hoare triple {931#true} assume true; {931#true} is VALID [2020-07-17 22:32:23,937 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {931#true} {931#true} #225#return; {931#true} is VALID [2020-07-17 22:32:23,938 INFO L263 TraceCheckUtils]: 0: Hoare triple {931#true} call ULTIMATE.init(); {939#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:23,938 INFO L280 TraceCheckUtils]: 1: Hoare triple {939#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {931#true} is VALID [2020-07-17 22:32:23,939 INFO L280 TraceCheckUtils]: 2: Hoare triple {931#true} assume true; {931#true} is VALID [2020-07-17 22:32:23,939 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {931#true} {931#true} #225#return; {931#true} is VALID [2020-07-17 22:32:23,939 INFO L263 TraceCheckUtils]: 4: Hoare triple {931#true} call #t~ret41 := main(); {931#true} is VALID [2020-07-17 22:32:23,939 INFO L280 TraceCheckUtils]: 5: Hoare triple {931#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {931#true} is VALID [2020-07-17 22:32:23,939 INFO L280 TraceCheckUtils]: 6: Hoare triple {931#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {931#true} is VALID [2020-07-17 22:32:23,940 INFO L280 TraceCheckUtils]: 7: Hoare triple {931#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {931#true} is VALID [2020-07-17 22:32:23,940 INFO L280 TraceCheckUtils]: 8: Hoare triple {931#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {931#true} is VALID [2020-07-17 22:32:23,940 INFO L280 TraceCheckUtils]: 9: Hoare triple {931#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {931#true} is VALID [2020-07-17 22:32:23,940 INFO L280 TraceCheckUtils]: 10: Hoare triple {931#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {931#true} is VALID [2020-07-17 22:32:23,941 INFO L280 TraceCheckUtils]: 11: Hoare triple {931#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {931#true} is VALID [2020-07-17 22:32:23,941 INFO L280 TraceCheckUtils]: 12: Hoare triple {931#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {931#true} is VALID [2020-07-17 22:32:23,941 INFO L280 TraceCheckUtils]: 13: Hoare triple {931#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {931#true} is VALID [2020-07-17 22:32:23,942 INFO L280 TraceCheckUtils]: 14: Hoare triple {931#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {931#true} is VALID [2020-07-17 22:32:23,942 INFO L280 TraceCheckUtils]: 15: Hoare triple {931#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {931#true} is VALID [2020-07-17 22:32:23,942 INFO L280 TraceCheckUtils]: 16: Hoare triple {931#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {931#true} is VALID [2020-07-17 22:32:23,942 INFO L280 TraceCheckUtils]: 17: Hoare triple {931#true} assume !(~a~0.base == 0 && ~a~0.offset == 0); {931#true} is VALID [2020-07-17 22:32:23,945 INFO L280 TraceCheckUtils]: 18: Hoare triple {931#true} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:23,946 INFO L280 TraceCheckUtils]: 19: Hoare triple {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:23,946 INFO L280 TraceCheckUtils]: 20: Hoare triple {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:23,947 INFO L280 TraceCheckUtils]: 21: Hoare triple {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:23,947 INFO L280 TraceCheckUtils]: 22: Hoare triple {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:23,948 INFO L280 TraceCheckUtils]: 23: Hoare triple {936#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:23,949 INFO L280 TraceCheckUtils]: 24: Hoare triple {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:23,949 INFO L280 TraceCheckUtils]: 25: Hoare triple {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:23,950 INFO L280 TraceCheckUtils]: 26: Hoare triple {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:23,950 INFO L280 TraceCheckUtils]: 27: Hoare triple {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(1 == #t~mem38);havoc #t~mem38; {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:23,951 INFO L280 TraceCheckUtils]: 28: Hoare triple {937#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {938#(= |main_#t~mem40| 3)} is VALID [2020-07-17 22:32:23,951 INFO L280 TraceCheckUtils]: 29: Hoare triple {938#(= |main_#t~mem40| 3)} assume 3 != #t~mem40;havoc #t~mem40; {932#false} is VALID [2020-07-17 22:32:23,951 INFO L280 TraceCheckUtils]: 30: Hoare triple {932#false} assume !false; {932#false} is VALID [2020-07-17 22:32:23,956 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:23,957 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [897798826] [2020-07-17 22:32:23,957 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-17 22:32:23,957 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2020-07-17 22:32:23,958 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1339062774] [2020-07-17 22:32:23,958 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 31 [2020-07-17 22:32:23,959 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:23,959 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2020-07-17 22:32:23,991 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:23,991 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2020-07-17 22:32:23,992 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:23,992 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2020-07-17 22:32:23,992 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2020-07-17 22:32:23,992 INFO L87 Difference]: Start difference. First operand 57 states and 79 transitions. Second operand 6 states. [2020-07-17 22:32:24,558 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:24,558 INFO L93 Difference]: Finished difference Result 82 states and 108 transitions. [2020-07-17 22:32:24,558 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2020-07-17 22:32:24,559 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 31 [2020-07-17 22:32:24,559 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:24,559 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-17 22:32:24,561 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 93 transitions. [2020-07-17 22:32:24,561 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-17 22:32:24,563 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 93 transitions. [2020-07-17 22:32:24,564 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 93 transitions. [2020-07-17 22:32:24,675 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 93 edges. 93 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:24,677 INFO L225 Difference]: With dead ends: 82 [2020-07-17 22:32:24,677 INFO L226 Difference]: Without dead ends: 78 [2020-07-17 22:32:24,678 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2020-07-17 22:32:24,678 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 78 states. [2020-07-17 22:32:24,694 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 78 to 66. [2020-07-17 22:32:24,694 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:24,694 INFO L82 GeneralOperation]: Start isEquivalent. First operand 78 states. Second operand 66 states. [2020-07-17 22:32:24,694 INFO L74 IsIncluded]: Start isIncluded. First operand 78 states. Second operand 66 states. [2020-07-17 22:32:24,694 INFO L87 Difference]: Start difference. First operand 78 states. Second operand 66 states. [2020-07-17 22:32:24,698 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:24,698 INFO L93 Difference]: Finished difference Result 78 states and 104 transitions. [2020-07-17 22:32:24,698 INFO L276 IsEmpty]: Start isEmpty. Operand 78 states and 104 transitions. [2020-07-17 22:32:24,699 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:24,699 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:24,699 INFO L74 IsIncluded]: Start isIncluded. First operand 66 states. Second operand 78 states. [2020-07-17 22:32:24,699 INFO L87 Difference]: Start difference. First operand 66 states. Second operand 78 states. [2020-07-17 22:32:24,703 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:24,703 INFO L93 Difference]: Finished difference Result 78 states and 104 transitions. [2020-07-17 22:32:24,704 INFO L276 IsEmpty]: Start isEmpty. Operand 78 states and 104 transitions. [2020-07-17 22:32:24,704 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:24,705 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:24,705 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:24,705 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:24,705 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 66 states. [2020-07-17 22:32:24,708 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 91 transitions. [2020-07-17 22:32:24,708 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 91 transitions. Word has length 31 [2020-07-17 22:32:24,708 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:24,708 INFO L479 AbstractCegarLoop]: Abstraction has 66 states and 91 transitions. [2020-07-17 22:32:24,708 INFO L480 AbstractCegarLoop]: Interpolant automaton has 6 states. [2020-07-17 22:32:24,709 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 91 transitions. [2020-07-17 22:32:24,709 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2020-07-17 22:32:24,710 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:24,710 INFO L422 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:24,710 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2020-07-17 22:32:24,710 INFO L427 AbstractCegarLoop]: === Iteration 5 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:24,710 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:24,711 INFO L82 PathProgramCache]: Analyzing trace with hash 852152367, now seen corresponding path program 1 times [2020-07-17 22:32:24,711 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:24,711 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1828063274] [2020-07-17 22:32:24,711 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:24,757 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:24,841 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:24,845 INFO L280 TraceCheckUtils]: 0: Hoare triple {1287#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1279#true} is VALID [2020-07-17 22:32:24,845 INFO L280 TraceCheckUtils]: 1: Hoare triple {1279#true} assume true; {1279#true} is VALID [2020-07-17 22:32:24,846 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1279#true} {1279#true} #225#return; {1279#true} is VALID [2020-07-17 22:32:24,847 INFO L263 TraceCheckUtils]: 0: Hoare triple {1279#true} call ULTIMATE.init(); {1287#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:24,847 INFO L280 TraceCheckUtils]: 1: Hoare triple {1287#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1279#true} is VALID [2020-07-17 22:32:24,847 INFO L280 TraceCheckUtils]: 2: Hoare triple {1279#true} assume true; {1279#true} is VALID [2020-07-17 22:32:24,848 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1279#true} {1279#true} #225#return; {1279#true} is VALID [2020-07-17 22:32:24,848 INFO L263 TraceCheckUtils]: 4: Hoare triple {1279#true} call #t~ret41 := main(); {1279#true} is VALID [2020-07-17 22:32:24,848 INFO L280 TraceCheckUtils]: 5: Hoare triple {1279#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {1279#true} is VALID [2020-07-17 22:32:24,849 INFO L280 TraceCheckUtils]: 6: Hoare triple {1279#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {1279#true} is VALID [2020-07-17 22:32:24,849 INFO L280 TraceCheckUtils]: 7: Hoare triple {1279#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {1279#true} is VALID [2020-07-17 22:32:24,849 INFO L280 TraceCheckUtils]: 8: Hoare triple {1279#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {1279#true} is VALID [2020-07-17 22:32:24,849 INFO L280 TraceCheckUtils]: 9: Hoare triple {1279#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1279#true} is VALID [2020-07-17 22:32:24,849 INFO L280 TraceCheckUtils]: 10: Hoare triple {1279#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {1279#true} is VALID [2020-07-17 22:32:24,850 INFO L280 TraceCheckUtils]: 11: Hoare triple {1279#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {1279#true} is VALID [2020-07-17 22:32:24,850 INFO L280 TraceCheckUtils]: 12: Hoare triple {1279#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {1279#true} is VALID [2020-07-17 22:32:24,850 INFO L280 TraceCheckUtils]: 13: Hoare triple {1279#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {1279#true} is VALID [2020-07-17 22:32:24,850 INFO L280 TraceCheckUtils]: 14: Hoare triple {1279#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1279#true} is VALID [2020-07-17 22:32:24,851 INFO L280 TraceCheckUtils]: 15: Hoare triple {1279#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {1279#true} is VALID [2020-07-17 22:32:24,851 INFO L280 TraceCheckUtils]: 16: Hoare triple {1279#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {1279#true} is VALID [2020-07-17 22:32:24,851 INFO L280 TraceCheckUtils]: 17: Hoare triple {1279#true} assume !(~a~0.base == 0 && ~a~0.offset == 0); {1279#true} is VALID [2020-07-17 22:32:24,853 INFO L280 TraceCheckUtils]: 18: Hoare triple {1279#true} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:24,855 INFO L280 TraceCheckUtils]: 19: Hoare triple {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:24,857 INFO L280 TraceCheckUtils]: 20: Hoare triple {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:24,859 INFO L280 TraceCheckUtils]: 21: Hoare triple {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:24,860 INFO L280 TraceCheckUtils]: 22: Hoare triple {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:24,862 INFO L280 TraceCheckUtils]: 23: Hoare triple {1284#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:24,862 INFO L280 TraceCheckUtils]: 24: Hoare triple {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:24,863 INFO L280 TraceCheckUtils]: 25: Hoare triple {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:24,864 INFO L280 TraceCheckUtils]: 26: Hoare triple {1285#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {1286#(= |main_#t~mem38| 3)} is VALID [2020-07-17 22:32:24,865 INFO L280 TraceCheckUtils]: 27: Hoare triple {1286#(= |main_#t~mem38| 3)} assume !!(1 == #t~mem38);havoc #t~mem38;call #t~mem39.base, #t~mem39.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem39.base, #t~mem39.offset;havoc #t~mem39.base, #t~mem39.offset; {1280#false} is VALID [2020-07-17 22:32:24,865 INFO L280 TraceCheckUtils]: 28: Hoare triple {1280#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {1280#false} is VALID [2020-07-17 22:32:24,865 INFO L280 TraceCheckUtils]: 29: Hoare triple {1280#false} assume !(1 == #t~mem38);havoc #t~mem38; {1280#false} is VALID [2020-07-17 22:32:24,865 INFO L280 TraceCheckUtils]: 30: Hoare triple {1280#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {1280#false} is VALID [2020-07-17 22:32:24,866 INFO L280 TraceCheckUtils]: 31: Hoare triple {1280#false} assume 3 != #t~mem40;havoc #t~mem40; {1280#false} is VALID [2020-07-17 22:32:24,866 INFO L280 TraceCheckUtils]: 32: Hoare triple {1280#false} assume !false; {1280#false} is VALID [2020-07-17 22:32:24,868 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:24,868 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1828063274] [2020-07-17 22:32:24,868 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-17 22:32:24,868 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2020-07-17 22:32:24,869 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1166300558] [2020-07-17 22:32:24,869 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 33 [2020-07-17 22:32:24,869 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:24,869 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2020-07-17 22:32:24,904 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 33 edges. 33 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:24,905 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2020-07-17 22:32:24,905 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:24,905 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2020-07-17 22:32:24,906 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2020-07-17 22:32:24,906 INFO L87 Difference]: Start difference. First operand 66 states and 91 transitions. Second operand 6 states. [2020-07-17 22:32:25,480 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:25,480 INFO L93 Difference]: Finished difference Result 84 states and 110 transitions. [2020-07-17 22:32:25,480 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2020-07-17 22:32:25,480 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 33 [2020-07-17 22:32:25,481 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:25,481 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-17 22:32:25,483 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 95 transitions. [2020-07-17 22:32:25,483 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-17 22:32:25,485 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 95 transitions. [2020-07-17 22:32:25,485 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 95 transitions. [2020-07-17 22:32:25,589 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:25,593 INFO L225 Difference]: With dead ends: 84 [2020-07-17 22:32:25,593 INFO L226 Difference]: Without dead ends: 76 [2020-07-17 22:32:25,593 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2020-07-17 22:32:25,594 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 76 states. [2020-07-17 22:32:25,618 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 76 to 64. [2020-07-17 22:32:25,618 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:25,618 INFO L82 GeneralOperation]: Start isEquivalent. First operand 76 states. Second operand 64 states. [2020-07-17 22:32:25,619 INFO L74 IsIncluded]: Start isIncluded. First operand 76 states. Second operand 64 states. [2020-07-17 22:32:25,619 INFO L87 Difference]: Start difference. First operand 76 states. Second operand 64 states. [2020-07-17 22:32:25,623 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:25,623 INFO L93 Difference]: Finished difference Result 76 states and 101 transitions. [2020-07-17 22:32:25,623 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 101 transitions. [2020-07-17 22:32:25,624 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:25,624 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:25,624 INFO L74 IsIncluded]: Start isIncluded. First operand 64 states. Second operand 76 states. [2020-07-17 22:32:25,624 INFO L87 Difference]: Start difference. First operand 64 states. Second operand 76 states. [2020-07-17 22:32:25,627 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:25,628 INFO L93 Difference]: Finished difference Result 76 states and 101 transitions. [2020-07-17 22:32:25,628 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 101 transitions. [2020-07-17 22:32:25,628 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:25,628 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:25,628 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:25,629 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:25,629 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 64 states. [2020-07-17 22:32:25,631 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 64 states to 64 states and 88 transitions. [2020-07-17 22:32:25,632 INFO L78 Accepts]: Start accepts. Automaton has 64 states and 88 transitions. Word has length 33 [2020-07-17 22:32:25,632 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:25,632 INFO L479 AbstractCegarLoop]: Abstraction has 64 states and 88 transitions. [2020-07-17 22:32:25,632 INFO L480 AbstractCegarLoop]: Interpolant automaton has 6 states. [2020-07-17 22:32:25,632 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 88 transitions. [2020-07-17 22:32:25,633 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2020-07-17 22:32:25,633 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:25,633 INFO L422 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:25,634 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2020-07-17 22:32:25,634 INFO L427 AbstractCegarLoop]: === Iteration 6 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:25,634 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:25,634 INFO L82 PathProgramCache]: Analyzing trace with hash 1876855343, now seen corresponding path program 1 times [2020-07-17 22:32:25,634 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:25,635 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1325382006] [2020-07-17 22:32:25,635 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:25,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:25,710 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:25,718 INFO L280 TraceCheckUtils]: 0: Hoare triple {1631#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1623#true} is VALID [2020-07-17 22:32:25,718 INFO L280 TraceCheckUtils]: 1: Hoare triple {1623#true} assume true; {1623#true} is VALID [2020-07-17 22:32:25,719 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1623#true} {1623#true} #225#return; {1623#true} is VALID [2020-07-17 22:32:25,720 INFO L263 TraceCheckUtils]: 0: Hoare triple {1623#true} call ULTIMATE.init(); {1631#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:25,720 INFO L280 TraceCheckUtils]: 1: Hoare triple {1631#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1623#true} is VALID [2020-07-17 22:32:25,720 INFO L280 TraceCheckUtils]: 2: Hoare triple {1623#true} assume true; {1623#true} is VALID [2020-07-17 22:32:25,721 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1623#true} {1623#true} #225#return; {1623#true} is VALID [2020-07-17 22:32:25,721 INFO L263 TraceCheckUtils]: 4: Hoare triple {1623#true} call #t~ret41 := main(); {1623#true} is VALID [2020-07-17 22:32:25,721 INFO L280 TraceCheckUtils]: 5: Hoare triple {1623#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {1623#true} is VALID [2020-07-17 22:32:25,721 INFO L280 TraceCheckUtils]: 6: Hoare triple {1623#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {1623#true} is VALID [2020-07-17 22:32:25,722 INFO L280 TraceCheckUtils]: 7: Hoare triple {1623#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {1623#true} is VALID [2020-07-17 22:32:25,722 INFO L280 TraceCheckUtils]: 8: Hoare triple {1623#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {1623#true} is VALID [2020-07-17 22:32:25,722 INFO L280 TraceCheckUtils]: 9: Hoare triple {1623#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1623#true} is VALID [2020-07-17 22:32:25,722 INFO L280 TraceCheckUtils]: 10: Hoare triple {1623#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {1623#true} is VALID [2020-07-17 22:32:25,723 INFO L280 TraceCheckUtils]: 11: Hoare triple {1623#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {1623#true} is VALID [2020-07-17 22:32:25,723 INFO L280 TraceCheckUtils]: 12: Hoare triple {1623#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {1623#true} is VALID [2020-07-17 22:32:25,723 INFO L280 TraceCheckUtils]: 13: Hoare triple {1623#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {1623#true} is VALID [2020-07-17 22:32:25,723 INFO L280 TraceCheckUtils]: 14: Hoare triple {1623#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1623#true} is VALID [2020-07-17 22:32:25,724 INFO L280 TraceCheckUtils]: 15: Hoare triple {1623#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {1623#true} is VALID [2020-07-17 22:32:25,724 INFO L280 TraceCheckUtils]: 16: Hoare triple {1623#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {1623#true} is VALID [2020-07-17 22:32:25,724 INFO L280 TraceCheckUtils]: 17: Hoare triple {1623#true} assume !(~a~0.base == 0 && ~a~0.offset == 0); {1623#true} is VALID [2020-07-17 22:32:25,725 INFO L280 TraceCheckUtils]: 18: Hoare triple {1623#true} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:25,726 INFO L280 TraceCheckUtils]: 19: Hoare triple {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:25,726 INFO L280 TraceCheckUtils]: 20: Hoare triple {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:25,727 INFO L280 TraceCheckUtils]: 21: Hoare triple {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:25,728 INFO L280 TraceCheckUtils]: 22: Hoare triple {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:25,729 INFO L280 TraceCheckUtils]: 23: Hoare triple {1628#(and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1629#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:25,730 INFO L280 TraceCheckUtils]: 24: Hoare triple {1629#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {1630#(= |main_#t~mem36| 3)} is VALID [2020-07-17 22:32:25,731 INFO L280 TraceCheckUtils]: 25: Hoare triple {1630#(= |main_#t~mem36| 3)} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {1624#false} is VALID [2020-07-17 22:32:25,731 INFO L280 TraceCheckUtils]: 26: Hoare triple {1624#false} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {1624#false} is VALID [2020-07-17 22:32:25,731 INFO L280 TraceCheckUtils]: 27: Hoare triple {1624#false} assume !(2 == #t~mem36);havoc #t~mem36; {1624#false} is VALID [2020-07-17 22:32:25,731 INFO L280 TraceCheckUtils]: 28: Hoare triple {1624#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {1624#false} is VALID [2020-07-17 22:32:25,732 INFO L280 TraceCheckUtils]: 29: Hoare triple {1624#false} assume !(1 == #t~mem38);havoc #t~mem38; {1624#false} is VALID [2020-07-17 22:32:25,732 INFO L280 TraceCheckUtils]: 30: Hoare triple {1624#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {1624#false} is VALID [2020-07-17 22:32:25,732 INFO L280 TraceCheckUtils]: 31: Hoare triple {1624#false} assume 3 != #t~mem40;havoc #t~mem40; {1624#false} is VALID [2020-07-17 22:32:25,732 INFO L280 TraceCheckUtils]: 32: Hoare triple {1624#false} assume !false; {1624#false} is VALID [2020-07-17 22:32:25,734 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:25,734 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1325382006] [2020-07-17 22:32:25,735 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-17 22:32:25,735 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2020-07-17 22:32:25,735 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [643250766] [2020-07-17 22:32:25,736 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 33 [2020-07-17 22:32:25,736 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:25,736 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2020-07-17 22:32:25,768 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 33 edges. 33 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:25,769 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2020-07-17 22:32:25,769 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:25,769 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2020-07-17 22:32:25,770 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2020-07-17 22:32:25,770 INFO L87 Difference]: Start difference. First operand 64 states and 88 transitions. Second operand 6 states. [2020-07-17 22:32:26,302 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:26,302 INFO L93 Difference]: Finished difference Result 84 states and 110 transitions. [2020-07-17 22:32:26,302 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2020-07-17 22:32:26,302 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 33 [2020-07-17 22:32:26,303 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:26,303 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-17 22:32:26,305 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 95 transitions. [2020-07-17 22:32:26,305 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-17 22:32:26,306 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 95 transitions. [2020-07-17 22:32:26,306 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 95 transitions. [2020-07-17 22:32:26,407 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:26,409 INFO L225 Difference]: With dead ends: 84 [2020-07-17 22:32:26,410 INFO L226 Difference]: Without dead ends: 73 [2020-07-17 22:32:26,411 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2020-07-17 22:32:26,411 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 73 states. [2020-07-17 22:32:26,441 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 73 to 61. [2020-07-17 22:32:26,442 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:26,442 INFO L82 GeneralOperation]: Start isEquivalent. First operand 73 states. Second operand 61 states. [2020-07-17 22:32:26,442 INFO L74 IsIncluded]: Start isIncluded. First operand 73 states. Second operand 61 states. [2020-07-17 22:32:26,442 INFO L87 Difference]: Start difference. First operand 73 states. Second operand 61 states. [2020-07-17 22:32:26,445 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:26,445 INFO L93 Difference]: Finished difference Result 73 states and 97 transitions. [2020-07-17 22:32:26,445 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 97 transitions. [2020-07-17 22:32:26,445 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:26,446 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:26,446 INFO L74 IsIncluded]: Start isIncluded. First operand 61 states. Second operand 73 states. [2020-07-17 22:32:26,446 INFO L87 Difference]: Start difference. First operand 61 states. Second operand 73 states. [2020-07-17 22:32:26,448 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:26,449 INFO L93 Difference]: Finished difference Result 73 states and 97 transitions. [2020-07-17 22:32:26,449 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 97 transitions. [2020-07-17 22:32:26,449 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:26,449 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:26,449 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:26,450 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:26,450 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 61 states. [2020-07-17 22:32:26,452 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 61 states to 61 states and 84 transitions. [2020-07-17 22:32:26,452 INFO L78 Accepts]: Start accepts. Automaton has 61 states and 84 transitions. Word has length 33 [2020-07-17 22:32:26,452 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:26,452 INFO L479 AbstractCegarLoop]: Abstraction has 61 states and 84 transitions. [2020-07-17 22:32:26,453 INFO L480 AbstractCegarLoop]: Interpolant automaton has 6 states. [2020-07-17 22:32:26,453 INFO L276 IsEmpty]: Start isEmpty. Operand 61 states and 84 transitions. [2020-07-17 22:32:26,453 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2020-07-17 22:32:26,453 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:26,454 INFO L422 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:26,454 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2020-07-17 22:32:26,454 INFO L427 AbstractCegarLoop]: === Iteration 7 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:26,454 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:26,454 INFO L82 PathProgramCache]: Analyzing trace with hash -778946181, now seen corresponding path program 1 times [2020-07-17 22:32:26,455 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:26,455 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1827053849] [2020-07-17 22:32:26,455 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:26,485 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:26,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:26,628 INFO L280 TraceCheckUtils]: 0: Hoare triple {1969#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1958#true} is VALID [2020-07-17 22:32:26,629 INFO L280 TraceCheckUtils]: 1: Hoare triple {1958#true} assume true; {1958#true} is VALID [2020-07-17 22:32:26,629 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1958#true} {1958#true} #225#return; {1958#true} is VALID [2020-07-17 22:32:26,633 INFO L263 TraceCheckUtils]: 0: Hoare triple {1958#true} call ULTIMATE.init(); {1969#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:26,634 INFO L280 TraceCheckUtils]: 1: Hoare triple {1969#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1958#true} is VALID [2020-07-17 22:32:26,634 INFO L280 TraceCheckUtils]: 2: Hoare triple {1958#true} assume true; {1958#true} is VALID [2020-07-17 22:32:26,634 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1958#true} {1958#true} #225#return; {1958#true} is VALID [2020-07-17 22:32:26,634 INFO L263 TraceCheckUtils]: 4: Hoare triple {1958#true} call #t~ret41 := main(); {1958#true} is VALID [2020-07-17 22:32:26,634 INFO L280 TraceCheckUtils]: 5: Hoare triple {1958#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {1958#true} is VALID [2020-07-17 22:32:26,634 INFO L280 TraceCheckUtils]: 6: Hoare triple {1958#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {1958#true} is VALID [2020-07-17 22:32:26,635 INFO L280 TraceCheckUtils]: 7: Hoare triple {1958#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {1958#true} is VALID [2020-07-17 22:32:26,635 INFO L280 TraceCheckUtils]: 8: Hoare triple {1958#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {1958#true} is VALID [2020-07-17 22:32:26,635 INFO L280 TraceCheckUtils]: 9: Hoare triple {1958#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1958#true} is VALID [2020-07-17 22:32:26,635 INFO L280 TraceCheckUtils]: 10: Hoare triple {1958#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {1958#true} is VALID [2020-07-17 22:32:26,635 INFO L280 TraceCheckUtils]: 11: Hoare triple {1958#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {1958#true} is VALID [2020-07-17 22:32:26,636 INFO L280 TraceCheckUtils]: 12: Hoare triple {1958#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {1958#true} is VALID [2020-07-17 22:32:26,636 INFO L280 TraceCheckUtils]: 13: Hoare triple {1958#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {1958#true} is VALID [2020-07-17 22:32:26,636 INFO L280 TraceCheckUtils]: 14: Hoare triple {1958#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1958#true} is VALID [2020-07-17 22:32:26,636 INFO L280 TraceCheckUtils]: 15: Hoare triple {1958#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {1958#true} is VALID [2020-07-17 22:32:26,638 INFO L280 TraceCheckUtils]: 16: Hoare triple {1958#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {1963#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:26,639 INFO L280 TraceCheckUtils]: 17: Hoare triple {1963#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {1963#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:26,641 INFO L280 TraceCheckUtils]: 18: Hoare triple {1963#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:26,641 INFO L280 TraceCheckUtils]: 19: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:26,642 INFO L280 TraceCheckUtils]: 20: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:26,643 INFO L280 TraceCheckUtils]: 21: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:26,644 INFO L280 TraceCheckUtils]: 22: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:26,644 INFO L280 TraceCheckUtils]: 23: Hoare triple {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:26,646 INFO L280 TraceCheckUtils]: 24: Hoare triple {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:26,647 INFO L280 TraceCheckUtils]: 25: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:26,647 INFO L280 TraceCheckUtils]: 26: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet33);havoc #t~nondet33; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:26,648 INFO L280 TraceCheckUtils]: 27: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1967#(= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:26,649 INFO L280 TraceCheckUtils]: 28: Hoare triple {1967#(= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {1968#(= |main_#t~mem36| 2)} is VALID [2020-07-17 22:32:26,649 INFO L280 TraceCheckUtils]: 29: Hoare triple {1968#(= |main_#t~mem36| 2)} assume !(2 == #t~mem36);havoc #t~mem36; {1959#false} is VALID [2020-07-17 22:32:26,649 INFO L280 TraceCheckUtils]: 30: Hoare triple {1959#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {1959#false} is VALID [2020-07-17 22:32:26,649 INFO L280 TraceCheckUtils]: 31: Hoare triple {1959#false} assume !(1 == #t~mem38);havoc #t~mem38; {1959#false} is VALID [2020-07-17 22:32:26,650 INFO L280 TraceCheckUtils]: 32: Hoare triple {1959#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {1959#false} is VALID [2020-07-17 22:32:26,650 INFO L280 TraceCheckUtils]: 33: Hoare triple {1959#false} assume 3 != #t~mem40;havoc #t~mem40; {1959#false} is VALID [2020-07-17 22:32:26,650 INFO L280 TraceCheckUtils]: 34: Hoare triple {1959#false} assume !false; {1959#false} is VALID [2020-07-17 22:32:26,655 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:26,656 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1827053849] [2020-07-17 22:32:26,656 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [195202266] [2020-07-17 22:32:26,656 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:26,761 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:26,763 INFO L264 TraceCheckSpWp]: Trace formula consists of 158 conjuncts, 28 conjunts are in the unsatisfiable core [2020-07-17 22:32:26,783 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:26,789 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-17 22:32:26,896 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-17 22:32:26,897 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:26,908 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:26,908 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:26,909 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2020-07-17 22:32:26,913 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:26,913 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_21|]. (= |#valid| (store |v_#valid_21| main_~a~0.base 1)) [2020-07-17 22:32:26,913 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 1 (select |#valid| main_~a~0.base)) [2020-07-17 22:32:26,969 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:26,969 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 15 [2020-07-17 22:32:26,971 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:26,980 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:26,989 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-17 22:32:26,989 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:26,998 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:26,998 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:26,999 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:28, output treesize:18 [2020-07-17 22:32:27,002 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:27,002 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_36|, |v_#valid_22|]. (and (= |#memory_int| (store |v_#memory_int_36| main_~p~0.base (store (select |v_#memory_int_36| main_~p~0.base) main_~p~0.offset 2))) (= main_~a~0.base main_~p~0.base) (= 1 (select |v_#valid_22| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset) (= 0 (select |v_#valid_22| main_~t~0.base))) [2020-07-17 22:32:27,003 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-17 22:32:27,050 INFO L350 Elim1Store]: treesize reduction 27, result has 20.6 percent of original size [2020-07-17 22:32:27,051 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 27 treesize of output 11 [2020-07-17 22:32:27,053 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:27,058 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:27,058 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:27,059 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:31, output treesize:12 [2020-07-17 22:32:27,096 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 18 [2020-07-17 22:32:27,097 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:27,104 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:27,109 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2020-07-17 22:32:27,110 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:23, output treesize:19 [2020-07-17 22:32:27,115 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:27,115 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_38|, v_main_~p~0.base_18, v_main_~p~0.offset_18]. (and (not (= v_main_~p~0.base_18 main_~p~0.base)) (= 2 (select (select |v_#memory_int_38| main_~p~0.base) main_~p~0.offset)) (= (store |v_#memory_int_38| v_main_~p~0.base_18 (store (select |v_#memory_int_38| v_main_~p~0.base_18) v_main_~p~0.offset_18 3)) |#memory_int|)) [2020-07-17 22:32:27,115 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_18, v_main_~p~0.offset_18]. (and (not (= v_main_~p~0.base_18 main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| v_main_~p~0.base_18) v_main_~p~0.offset_18))) [2020-07-17 22:32:27,171 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 10 [2020-07-17 22:32:27,173 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:27,178 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:27,180 INFO L544 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:27,181 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 5 variables, input treesize:26, output treesize:3 [2020-07-17 22:32:27,183 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:27,183 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset, v_main_~p~0.base_18, v_main_~p~0.offset_18]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (not (= v_main_~p~0.base_18 main_~p~0.base)) (= |main_#t~mem36| .cse0) (= 2 .cse0) (= 3 (select (select |#memory_int| v_main_~p~0.base_18) v_main_~p~0.offset_18)))) [2020-07-17 22:32:27,184 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem36| 2) [2020-07-17 22:32:27,189 INFO L263 TraceCheckUtils]: 0: Hoare triple {1958#true} call ULTIMATE.init(); {1958#true} is VALID [2020-07-17 22:32:27,190 INFO L280 TraceCheckUtils]: 1: Hoare triple {1958#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1958#true} is VALID [2020-07-17 22:32:27,190 INFO L280 TraceCheckUtils]: 2: Hoare triple {1958#true} assume true; {1958#true} is VALID [2020-07-17 22:32:27,190 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1958#true} {1958#true} #225#return; {1958#true} is VALID [2020-07-17 22:32:27,190 INFO L263 TraceCheckUtils]: 4: Hoare triple {1958#true} call #t~ret41 := main(); {1958#true} is VALID [2020-07-17 22:32:27,191 INFO L280 TraceCheckUtils]: 5: Hoare triple {1958#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {1958#true} is VALID [2020-07-17 22:32:27,191 INFO L280 TraceCheckUtils]: 6: Hoare triple {1958#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {1958#true} is VALID [2020-07-17 22:32:27,191 INFO L280 TraceCheckUtils]: 7: Hoare triple {1958#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {1958#true} is VALID [2020-07-17 22:32:27,191 INFO L280 TraceCheckUtils]: 8: Hoare triple {1958#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {1958#true} is VALID [2020-07-17 22:32:27,192 INFO L280 TraceCheckUtils]: 9: Hoare triple {1958#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {1958#true} is VALID [2020-07-17 22:32:27,192 INFO L280 TraceCheckUtils]: 10: Hoare triple {1958#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {1958#true} is VALID [2020-07-17 22:32:27,192 INFO L280 TraceCheckUtils]: 11: Hoare triple {1958#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {1958#true} is VALID [2020-07-17 22:32:27,193 INFO L280 TraceCheckUtils]: 12: Hoare triple {1958#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {1958#true} is VALID [2020-07-17 22:32:27,193 INFO L280 TraceCheckUtils]: 13: Hoare triple {1958#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {1958#true} is VALID [2020-07-17 22:32:27,193 INFO L280 TraceCheckUtils]: 14: Hoare triple {1958#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {1958#true} is VALID [2020-07-17 22:32:27,193 INFO L280 TraceCheckUtils]: 15: Hoare triple {1958#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {1958#true} is VALID [2020-07-17 22:32:27,195 INFO L280 TraceCheckUtils]: 16: Hoare triple {1958#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {1963#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:27,196 INFO L280 TraceCheckUtils]: 17: Hoare triple {1963#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {1963#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:27,197 INFO L280 TraceCheckUtils]: 18: Hoare triple {1963#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:27,198 INFO L280 TraceCheckUtils]: 19: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:27,199 INFO L280 TraceCheckUtils]: 20: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:27,200 INFO L280 TraceCheckUtils]: 21: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:27,202 INFO L280 TraceCheckUtils]: 22: Hoare triple {1964#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:27,203 INFO L280 TraceCheckUtils]: 23: Hoare triple {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:27,205 INFO L280 TraceCheckUtils]: 24: Hoare triple {1965#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:27,207 INFO L280 TraceCheckUtils]: 25: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:27,208 INFO L280 TraceCheckUtils]: 26: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet33);havoc #t~nondet33; {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:27,209 INFO L280 TraceCheckUtils]: 27: Hoare triple {1966#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2054#(and (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.offset_18 Int) (v_main_~p~0.base_18 Int)) (and (not (= v_main_~p~0.base_18 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_18) v_main_~p~0.offset_18)))))} is VALID [2020-07-17 22:32:27,211 INFO L280 TraceCheckUtils]: 28: Hoare triple {2054#(and (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.offset_18 Int) (v_main_~p~0.base_18 Int)) (and (not (= v_main_~p~0.base_18 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_18) v_main_~p~0.offset_18)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {1968#(= |main_#t~mem36| 2)} is VALID [2020-07-17 22:32:27,215 INFO L280 TraceCheckUtils]: 29: Hoare triple {1968#(= |main_#t~mem36| 2)} assume !(2 == #t~mem36);havoc #t~mem36; {1959#false} is VALID [2020-07-17 22:32:27,216 INFO L280 TraceCheckUtils]: 30: Hoare triple {1959#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {1959#false} is VALID [2020-07-17 22:32:27,216 INFO L280 TraceCheckUtils]: 31: Hoare triple {1959#false} assume !(1 == #t~mem38);havoc #t~mem38; {1959#false} is VALID [2020-07-17 22:32:27,216 INFO L280 TraceCheckUtils]: 32: Hoare triple {1959#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {1959#false} is VALID [2020-07-17 22:32:27,217 INFO L280 TraceCheckUtils]: 33: Hoare triple {1959#false} assume 3 != #t~mem40;havoc #t~mem40; {1959#false} is VALID [2020-07-17 22:32:27,217 INFO L280 TraceCheckUtils]: 34: Hoare triple {1959#false} assume !false; {1959#false} is VALID [2020-07-17 22:32:27,222 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:27,223 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-17 22:32:27,223 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 8] total 10 [2020-07-17 22:32:27,223 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [876849667] [2020-07-17 22:32:27,224 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 35 [2020-07-17 22:32:27,224 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:27,225 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states. [2020-07-17 22:32:27,316 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:27,316 INFO L459 AbstractCegarLoop]: Interpolant automaton has 10 states [2020-07-17 22:32:27,316 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:27,317 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2020-07-17 22:32:27,317 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=70, Unknown=0, NotChecked=0, Total=90 [2020-07-17 22:32:27,317 INFO L87 Difference]: Start difference. First operand 61 states and 84 transitions. Second operand 10 states. [2020-07-17 22:32:28,442 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:28,442 INFO L93 Difference]: Finished difference Result 86 states and 112 transitions. [2020-07-17 22:32:28,442 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2020-07-17 22:32:28,442 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 35 [2020-07-17 22:32:28,442 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:28,442 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-17 22:32:28,444 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 97 transitions. [2020-07-17 22:32:28,444 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-17 22:32:28,446 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 97 transitions. [2020-07-17 22:32:28,447 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 97 transitions. [2020-07-17 22:32:28,594 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 97 edges. 97 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:28,596 INFO L225 Difference]: With dead ends: 86 [2020-07-17 22:32:28,596 INFO L226 Difference]: Without dead ends: 80 [2020-07-17 22:32:28,597 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 35 SyntacticMatches, 1 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=58, Invalid=182, Unknown=0, NotChecked=0, Total=240 [2020-07-17 22:32:28,597 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 80 states. [2020-07-17 22:32:28,628 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 80 to 68. [2020-07-17 22:32:28,628 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:28,629 INFO L82 GeneralOperation]: Start isEquivalent. First operand 80 states. Second operand 68 states. [2020-07-17 22:32:28,629 INFO L74 IsIncluded]: Start isIncluded. First operand 80 states. Second operand 68 states. [2020-07-17 22:32:28,629 INFO L87 Difference]: Start difference. First operand 80 states. Second operand 68 states. [2020-07-17 22:32:28,631 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:28,632 INFO L93 Difference]: Finished difference Result 80 states and 105 transitions. [2020-07-17 22:32:28,632 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 105 transitions. [2020-07-17 22:32:28,632 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:28,632 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:28,632 INFO L74 IsIncluded]: Start isIncluded. First operand 68 states. Second operand 80 states. [2020-07-17 22:32:28,632 INFO L87 Difference]: Start difference. First operand 68 states. Second operand 80 states. [2020-07-17 22:32:28,635 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:28,635 INFO L93 Difference]: Finished difference Result 80 states and 105 transitions. [2020-07-17 22:32:28,636 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 105 transitions. [2020-07-17 22:32:28,636 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:28,636 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:28,636 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:28,636 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:28,636 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 68 states. [2020-07-17 22:32:28,639 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 68 states to 68 states and 92 transitions. [2020-07-17 22:32:28,639 INFO L78 Accepts]: Start accepts. Automaton has 68 states and 92 transitions. Word has length 35 [2020-07-17 22:32:28,639 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:28,639 INFO L479 AbstractCegarLoop]: Abstraction has 68 states and 92 transitions. [2020-07-17 22:32:28,639 INFO L480 AbstractCegarLoop]: Interpolant automaton has 10 states. [2020-07-17 22:32:28,639 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 92 transitions. [2020-07-17 22:32:28,640 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2020-07-17 22:32:28,640 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:28,640 INFO L422 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:28,854 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable6 [2020-07-17 22:32:28,855 INFO L427 AbstractCegarLoop]: === Iteration 8 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:28,856 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:28,856 INFO L82 PathProgramCache]: Analyzing trace with hash 84455483, now seen corresponding path program 1 times [2020-07-17 22:32:28,857 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:28,857 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1500518331] [2020-07-17 22:32:28,857 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:28,875 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:29,016 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:29,030 INFO L280 TraceCheckUtils]: 0: Hoare triple {2441#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2430#true} is VALID [2020-07-17 22:32:29,031 INFO L280 TraceCheckUtils]: 1: Hoare triple {2430#true} assume true; {2430#true} is VALID [2020-07-17 22:32:29,031 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2430#true} {2430#true} #225#return; {2430#true} is VALID [2020-07-17 22:32:29,032 INFO L263 TraceCheckUtils]: 0: Hoare triple {2430#true} call ULTIMATE.init(); {2441#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:29,032 INFO L280 TraceCheckUtils]: 1: Hoare triple {2441#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2430#true} is VALID [2020-07-17 22:32:29,032 INFO L280 TraceCheckUtils]: 2: Hoare triple {2430#true} assume true; {2430#true} is VALID [2020-07-17 22:32:29,032 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2430#true} {2430#true} #225#return; {2430#true} is VALID [2020-07-17 22:32:29,032 INFO L263 TraceCheckUtils]: 4: Hoare triple {2430#true} call #t~ret41 := main(); {2430#true} is VALID [2020-07-17 22:32:29,032 INFO L280 TraceCheckUtils]: 5: Hoare triple {2430#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {2430#true} is VALID [2020-07-17 22:32:29,033 INFO L280 TraceCheckUtils]: 6: Hoare triple {2430#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {2430#true} is VALID [2020-07-17 22:32:29,033 INFO L280 TraceCheckUtils]: 7: Hoare triple {2430#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {2430#true} is VALID [2020-07-17 22:32:29,033 INFO L280 TraceCheckUtils]: 8: Hoare triple {2430#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {2430#true} is VALID [2020-07-17 22:32:29,033 INFO L280 TraceCheckUtils]: 9: Hoare triple {2430#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2430#true} is VALID [2020-07-17 22:32:29,033 INFO L280 TraceCheckUtils]: 10: Hoare triple {2430#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {2430#true} is VALID [2020-07-17 22:32:29,033 INFO L280 TraceCheckUtils]: 11: Hoare triple {2430#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {2430#true} is VALID [2020-07-17 22:32:29,034 INFO L280 TraceCheckUtils]: 12: Hoare triple {2430#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {2430#true} is VALID [2020-07-17 22:32:29,034 INFO L280 TraceCheckUtils]: 13: Hoare triple {2430#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {2430#true} is VALID [2020-07-17 22:32:29,034 INFO L280 TraceCheckUtils]: 14: Hoare triple {2430#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2430#true} is VALID [2020-07-17 22:32:29,034 INFO L280 TraceCheckUtils]: 15: Hoare triple {2430#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {2430#true} is VALID [2020-07-17 22:32:29,035 INFO L280 TraceCheckUtils]: 16: Hoare triple {2430#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {2435#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:29,035 INFO L280 TraceCheckUtils]: 17: Hoare triple {2435#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {2435#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:29,036 INFO L280 TraceCheckUtils]: 18: Hoare triple {2435#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:29,036 INFO L280 TraceCheckUtils]: 19: Hoare triple {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:29,040 INFO L280 TraceCheckUtils]: 20: Hoare triple {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet30);havoc #t~nondet30;call write~int(1, ~p~0.base, ~p~0.offset, 4);call #t~malloc31.base, #t~malloc31.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc31.base, #t~malloc31.offset; {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:29,041 INFO L280 TraceCheckUtils]: 21: Hoare triple {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:29,042 INFO L280 TraceCheckUtils]: 22: Hoare triple {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem32.base, #t~mem32.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem32.base, #t~mem32.offset;havoc #t~mem32.base, #t~mem32.offset; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:29,048 INFO L280 TraceCheckUtils]: 23: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:29,049 INFO L280 TraceCheckUtils]: 24: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:29,050 INFO L280 TraceCheckUtils]: 25: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:29,051 INFO L280 TraceCheckUtils]: 26: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet33);havoc #t~nondet33; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:29,052 INFO L280 TraceCheckUtils]: 27: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:29,052 INFO L280 TraceCheckUtils]: 28: Hoare triple {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:29,053 INFO L280 TraceCheckUtils]: 29: Hoare triple {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:29,053 INFO L280 TraceCheckUtils]: 30: Hoare triple {2439#(= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {2440#(= |main_#t~mem38| 1)} is VALID [2020-07-17 22:32:29,054 INFO L280 TraceCheckUtils]: 31: Hoare triple {2440#(= |main_#t~mem38| 1)} assume !(1 == #t~mem38);havoc #t~mem38; {2431#false} is VALID [2020-07-17 22:32:29,054 INFO L280 TraceCheckUtils]: 32: Hoare triple {2431#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {2431#false} is VALID [2020-07-17 22:32:29,054 INFO L280 TraceCheckUtils]: 33: Hoare triple {2431#false} assume 3 != #t~mem40;havoc #t~mem40; {2431#false} is VALID [2020-07-17 22:32:29,054 INFO L280 TraceCheckUtils]: 34: Hoare triple {2431#false} assume !false; {2431#false} is VALID [2020-07-17 22:32:29,057 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:29,057 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1500518331] [2020-07-17 22:32:29,057 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [600040732] [2020-07-17 22:32:29,057 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:29,154 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:29,155 INFO L264 TraceCheckSpWp]: Trace formula consists of 158 conjuncts, 28 conjunts are in the unsatisfiable core [2020-07-17 22:32:29,171 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:29,174 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-17 22:32:29,215 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-17 22:32:29,215 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:29,218 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:29,218 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:29,218 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2020-07-17 22:32:29,221 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:29,221 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_23|]. (= (store |v_#valid_23| main_~a~0.base 1) |#valid|) [2020-07-17 22:32:29,221 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 1 (select |#valid| main_~a~0.base)) [2020-07-17 22:32:29,265 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:29,266 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 15 [2020-07-17 22:32:29,267 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:29,274 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:29,282 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-17 22:32:29,282 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:29,289 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:29,289 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:29,289 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:28, output treesize:18 [2020-07-17 22:32:29,292 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:29,292 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_39|, |v_#valid_24|]. (and (= |#memory_int| (store |v_#memory_int_39| main_~p~0.base (store (select |v_#memory_int_39| main_~p~0.base) main_~p~0.offset 1))) (= main_~a~0.base main_~p~0.base) (= 0 (select |v_#valid_24| main_~t~0.base)) (= main_~a~0.offset main_~p~0.offset) (= 1 (select |v_#valid_24| main_~p~0.base))) [2020-07-17 22:32:29,292 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-17 22:32:29,338 INFO L350 Elim1Store]: treesize reduction 27, result has 20.6 percent of original size [2020-07-17 22:32:29,339 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 27 treesize of output 11 [2020-07-17 22:32:29,340 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:29,345 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:29,346 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:29,346 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:31, output treesize:12 [2020-07-17 22:32:29,378 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 18 [2020-07-17 22:32:29,380 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:29,387 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:29,389 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2020-07-17 22:32:29,390 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:23, output treesize:19 [2020-07-17 22:32:29,393 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:29,394 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_41|, v_main_~p~0.base_20, v_main_~p~0.offset_20]. (and (= 1 (select (select |v_#memory_int_41| main_~p~0.base) main_~p~0.offset)) (not (= v_main_~p~0.base_20 main_~p~0.base)) (= (store |v_#memory_int_41| v_main_~p~0.base_20 (store (select |v_#memory_int_41| v_main_~p~0.base_20) v_main_~p~0.offset_20 3)) |#memory_int|)) [2020-07-17 22:32:29,394 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_20, v_main_~p~0.offset_20]. (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) [2020-07-17 22:32:29,469 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 22 treesize of output 10 [2020-07-17 22:32:29,470 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:29,475 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:29,479 INFO L544 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:29,480 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 5 variables, input treesize:26, output treesize:3 [2020-07-17 22:32:29,481 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:29,482 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset, v_main_~p~0.base_20, v_main_~p~0.offset_20]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (= |main_#t~mem38| .cse0) (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)) (= 1 .cse0))) [2020-07-17 22:32:29,482 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem38| 1) [2020-07-17 22:32:29,484 INFO L263 TraceCheckUtils]: 0: Hoare triple {2430#true} call ULTIMATE.init(); {2430#true} is VALID [2020-07-17 22:32:29,484 INFO L280 TraceCheckUtils]: 1: Hoare triple {2430#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2430#true} is VALID [2020-07-17 22:32:29,484 INFO L280 TraceCheckUtils]: 2: Hoare triple {2430#true} assume true; {2430#true} is VALID [2020-07-17 22:32:29,485 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2430#true} {2430#true} #225#return; {2430#true} is VALID [2020-07-17 22:32:29,485 INFO L263 TraceCheckUtils]: 4: Hoare triple {2430#true} call #t~ret41 := main(); {2430#true} is VALID [2020-07-17 22:32:29,485 INFO L280 TraceCheckUtils]: 5: Hoare triple {2430#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {2430#true} is VALID [2020-07-17 22:32:29,485 INFO L280 TraceCheckUtils]: 6: Hoare triple {2430#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {2430#true} is VALID [2020-07-17 22:32:29,485 INFO L280 TraceCheckUtils]: 7: Hoare triple {2430#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {2430#true} is VALID [2020-07-17 22:32:29,486 INFO L280 TraceCheckUtils]: 8: Hoare triple {2430#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {2430#true} is VALID [2020-07-17 22:32:29,486 INFO L280 TraceCheckUtils]: 9: Hoare triple {2430#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2430#true} is VALID [2020-07-17 22:32:29,486 INFO L280 TraceCheckUtils]: 10: Hoare triple {2430#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {2430#true} is VALID [2020-07-17 22:32:29,486 INFO L280 TraceCheckUtils]: 11: Hoare triple {2430#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {2430#true} is VALID [2020-07-17 22:32:29,486 INFO L280 TraceCheckUtils]: 12: Hoare triple {2430#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {2430#true} is VALID [2020-07-17 22:32:29,486 INFO L280 TraceCheckUtils]: 13: Hoare triple {2430#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {2430#true} is VALID [2020-07-17 22:32:29,487 INFO L280 TraceCheckUtils]: 14: Hoare triple {2430#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2430#true} is VALID [2020-07-17 22:32:29,487 INFO L280 TraceCheckUtils]: 15: Hoare triple {2430#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {2430#true} is VALID [2020-07-17 22:32:29,488 INFO L280 TraceCheckUtils]: 16: Hoare triple {2430#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {2435#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:29,488 INFO L280 TraceCheckUtils]: 17: Hoare triple {2435#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {2435#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:29,489 INFO L280 TraceCheckUtils]: 18: Hoare triple {2435#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:29,489 INFO L280 TraceCheckUtils]: 19: Hoare triple {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:29,491 INFO L280 TraceCheckUtils]: 20: Hoare triple {2436#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet30);havoc #t~nondet30;call write~int(1, ~p~0.base, ~p~0.offset, 4);call #t~malloc31.base, #t~malloc31.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc31.base, #t~malloc31.offset; {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:29,491 INFO L280 TraceCheckUtils]: 21: Hoare triple {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:29,493 INFO L280 TraceCheckUtils]: 22: Hoare triple {2437#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem32.base, #t~mem32.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem32.base, #t~mem32.offset;havoc #t~mem32.base, #t~mem32.offset; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:29,494 INFO L280 TraceCheckUtils]: 23: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:29,495 INFO L280 TraceCheckUtils]: 24: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:29,496 INFO L280 TraceCheckUtils]: 25: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:29,497 INFO L280 TraceCheckUtils]: 26: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(0 != #t~nondet33);havoc #t~nondet33; {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:29,498 INFO L280 TraceCheckUtils]: 27: Hoare triple {2438#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} is VALID [2020-07-17 22:32:29,500 INFO L280 TraceCheckUtils]: 28: Hoare triple {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} is VALID [2020-07-17 22:32:29,501 INFO L280 TraceCheckUtils]: 29: Hoare triple {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} assume !(2 == #t~mem36);havoc #t~mem36; {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} is VALID [2020-07-17 22:32:29,502 INFO L280 TraceCheckUtils]: 30: Hoare triple {2526#(and (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_20 Int) (v_main_~p~0.offset_20 Int)) (and (= 3 (select (select |#memory_int| v_main_~p~0.base_20) v_main_~p~0.offset_20)) (not (= v_main_~p~0.base_20 main_~p~0.base)))))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {2440#(= |main_#t~mem38| 1)} is VALID [2020-07-17 22:32:29,503 INFO L280 TraceCheckUtils]: 31: Hoare triple {2440#(= |main_#t~mem38| 1)} assume !(1 == #t~mem38);havoc #t~mem38; {2431#false} is VALID [2020-07-17 22:32:29,503 INFO L280 TraceCheckUtils]: 32: Hoare triple {2431#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {2431#false} is VALID [2020-07-17 22:32:29,503 INFO L280 TraceCheckUtils]: 33: Hoare triple {2431#false} assume 3 != #t~mem40;havoc #t~mem40; {2431#false} is VALID [2020-07-17 22:32:29,503 INFO L280 TraceCheckUtils]: 34: Hoare triple {2431#false} assume !false; {2431#false} is VALID [2020-07-17 22:32:29,505 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:29,506 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-17 22:32:29,506 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 8] total 10 [2020-07-17 22:32:29,506 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1282393953] [2020-07-17 22:32:29,507 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 35 [2020-07-17 22:32:29,507 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:29,507 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states. [2020-07-17 22:32:29,563 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:29,563 INFO L459 AbstractCegarLoop]: Interpolant automaton has 10 states [2020-07-17 22:32:29,564 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:29,564 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2020-07-17 22:32:29,564 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=70, Unknown=0, NotChecked=0, Total=90 [2020-07-17 22:32:29,564 INFO L87 Difference]: Start difference. First operand 68 states and 92 transitions. Second operand 10 states. [2020-07-17 22:32:30,707 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:30,708 INFO L93 Difference]: Finished difference Result 95 states and 123 transitions. [2020-07-17 22:32:30,708 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2020-07-17 22:32:30,708 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 35 [2020-07-17 22:32:30,708 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:30,708 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-17 22:32:30,710 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 102 transitions. [2020-07-17 22:32:30,710 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-17 22:32:30,712 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 102 transitions. [2020-07-17 22:32:30,712 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 102 transitions. [2020-07-17 22:32:30,855 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:30,857 INFO L225 Difference]: With dead ends: 95 [2020-07-17 22:32:30,857 INFO L226 Difference]: Without dead ends: 91 [2020-07-17 22:32:30,858 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 35 SyntacticMatches, 1 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 23 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=58, Invalid=182, Unknown=0, NotChecked=0, Total=240 [2020-07-17 22:32:30,859 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 91 states. [2020-07-17 22:32:30,890 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 91 to 79. [2020-07-17 22:32:30,890 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:30,890 INFO L82 GeneralOperation]: Start isEquivalent. First operand 91 states. Second operand 79 states. [2020-07-17 22:32:30,890 INFO L74 IsIncluded]: Start isIncluded. First operand 91 states. Second operand 79 states. [2020-07-17 22:32:30,890 INFO L87 Difference]: Start difference. First operand 91 states. Second operand 79 states. [2020-07-17 22:32:30,893 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:30,894 INFO L93 Difference]: Finished difference Result 91 states and 119 transitions. [2020-07-17 22:32:30,894 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 119 transitions. [2020-07-17 22:32:30,894 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:30,894 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:30,894 INFO L74 IsIncluded]: Start isIncluded. First operand 79 states. Second operand 91 states. [2020-07-17 22:32:30,895 INFO L87 Difference]: Start difference. First operand 79 states. Second operand 91 states. [2020-07-17 22:32:30,897 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:30,898 INFO L93 Difference]: Finished difference Result 91 states and 119 transitions. [2020-07-17 22:32:30,898 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 119 transitions. [2020-07-17 22:32:30,898 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:30,898 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:30,898 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:30,899 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:30,899 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 79 states. [2020-07-17 22:32:30,901 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 106 transitions. [2020-07-17 22:32:30,901 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 106 transitions. Word has length 35 [2020-07-17 22:32:30,902 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:30,902 INFO L479 AbstractCegarLoop]: Abstraction has 79 states and 106 transitions. [2020-07-17 22:32:30,902 INFO L480 AbstractCegarLoop]: Interpolant automaton has 10 states. [2020-07-17 22:32:30,902 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 106 transitions. [2020-07-17 22:32:30,903 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2020-07-17 22:32:30,903 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:30,903 INFO L422 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:31,117 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7,3 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:31,118 INFO L427 AbstractCegarLoop]: === Iteration 9 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:31,119 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:31,119 INFO L82 PathProgramCache]: Analyzing trace with hash -169587242, now seen corresponding path program 1 times [2020-07-17 22:32:31,119 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:31,120 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [409770010] [2020-07-17 22:32:31,120 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:31,147 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:31,429 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:31,432 INFO L280 TraceCheckUtils]: 0: Hoare triple {2960#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2948#true} is VALID [2020-07-17 22:32:31,432 INFO L280 TraceCheckUtils]: 1: Hoare triple {2948#true} assume true; {2948#true} is VALID [2020-07-17 22:32:31,432 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2948#true} {2948#true} #225#return; {2948#true} is VALID [2020-07-17 22:32:31,433 INFO L263 TraceCheckUtils]: 0: Hoare triple {2948#true} call ULTIMATE.init(); {2960#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:31,433 INFO L280 TraceCheckUtils]: 1: Hoare triple {2960#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2948#true} is VALID [2020-07-17 22:32:31,433 INFO L280 TraceCheckUtils]: 2: Hoare triple {2948#true} assume true; {2948#true} is VALID [2020-07-17 22:32:31,434 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2948#true} {2948#true} #225#return; {2948#true} is VALID [2020-07-17 22:32:31,434 INFO L263 TraceCheckUtils]: 4: Hoare triple {2948#true} call #t~ret41 := main(); {2948#true} is VALID [2020-07-17 22:32:31,434 INFO L280 TraceCheckUtils]: 5: Hoare triple {2948#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {2948#true} is VALID [2020-07-17 22:32:31,434 INFO L280 TraceCheckUtils]: 6: Hoare triple {2948#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {2948#true} is VALID [2020-07-17 22:32:31,434 INFO L280 TraceCheckUtils]: 7: Hoare triple {2948#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {2948#true} is VALID [2020-07-17 22:32:31,434 INFO L280 TraceCheckUtils]: 8: Hoare triple {2948#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {2948#true} is VALID [2020-07-17 22:32:31,435 INFO L280 TraceCheckUtils]: 9: Hoare triple {2948#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2948#true} is VALID [2020-07-17 22:32:31,435 INFO L280 TraceCheckUtils]: 10: Hoare triple {2948#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {2948#true} is VALID [2020-07-17 22:32:31,435 INFO L280 TraceCheckUtils]: 11: Hoare triple {2948#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {2948#true} is VALID [2020-07-17 22:32:31,435 INFO L280 TraceCheckUtils]: 12: Hoare triple {2948#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {2948#true} is VALID [2020-07-17 22:32:31,436 INFO L280 TraceCheckUtils]: 13: Hoare triple {2948#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {2948#true} is VALID [2020-07-17 22:32:31,436 INFO L280 TraceCheckUtils]: 14: Hoare triple {2948#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2948#true} is VALID [2020-07-17 22:32:31,436 INFO L280 TraceCheckUtils]: 15: Hoare triple {2948#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {2948#true} is VALID [2020-07-17 22:32:31,437 INFO L280 TraceCheckUtils]: 16: Hoare triple {2948#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {2953#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:31,438 INFO L280 TraceCheckUtils]: 17: Hoare triple {2953#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {2953#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:31,439 INFO L280 TraceCheckUtils]: 18: Hoare triple {2953#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:31,440 INFO L280 TraceCheckUtils]: 19: Hoare triple {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:31,441 INFO L280 TraceCheckUtils]: 20: Hoare triple {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:31,442 INFO L280 TraceCheckUtils]: 21: Hoare triple {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:31,443 INFO L280 TraceCheckUtils]: 22: Hoare triple {2954#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {2955#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:31,444 INFO L280 TraceCheckUtils]: 23: Hoare triple {2955#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {2955#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:31,445 INFO L280 TraceCheckUtils]: 24: Hoare triple {2955#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:31,461 INFO L280 TraceCheckUtils]: 25: Hoare triple {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:31,461 INFO L280 TraceCheckUtils]: 26: Hoare triple {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:31,463 INFO L280 TraceCheckUtils]: 27: Hoare triple {2956#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {2957#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-17 22:32:31,463 INFO L280 TraceCheckUtils]: 28: Hoare triple {2957#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {2957#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-17 22:32:31,464 INFO L280 TraceCheckUtils]: 29: Hoare triple {2957#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:31,465 INFO L280 TraceCheckUtils]: 30: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:31,465 INFO L280 TraceCheckUtils]: 31: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:31,465 INFO L280 TraceCheckUtils]: 32: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:31,466 INFO L280 TraceCheckUtils]: 33: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(1 == #t~mem38);havoc #t~mem38; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:31,466 INFO L280 TraceCheckUtils]: 34: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {2959#(= |main_#t~mem40| 3)} is VALID [2020-07-17 22:32:31,467 INFO L280 TraceCheckUtils]: 35: Hoare triple {2959#(= |main_#t~mem40| 3)} assume 3 != #t~mem40;havoc #t~mem40; {2949#false} is VALID [2020-07-17 22:32:31,467 INFO L280 TraceCheckUtils]: 36: Hoare triple {2949#false} assume !false; {2949#false} is VALID [2020-07-17 22:32:31,469 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:31,470 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [409770010] [2020-07-17 22:32:31,470 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1037500509] [2020-07-17 22:32:31,470 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:31,568 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:31,570 INFO L264 TraceCheckSpWp]: Trace formula consists of 166 conjuncts, 35 conjunts are in the unsatisfiable core [2020-07-17 22:32:31,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:31,593 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-17 22:32:31,623 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-17 22:32:31,624 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,626 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:31,626 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,627 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2020-07-17 22:32:31,629 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:31,629 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_25|]. (= |#valid| (store |v_#valid_25| main_~a~0.base 1)) [2020-07-17 22:32:31,629 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 1 (select |#valid| main_~a~0.base)) [2020-07-17 22:32:31,696 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:31,696 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 15 [2020-07-17 22:32:31,697 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,703 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:31,703 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,704 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:17, output treesize:11 [2020-07-17 22:32:31,706 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:31,706 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_26|]. (and (= main_~a~0.base main_~p~0.base) (= 0 (select |v_#valid_26| main_~t~0.base)) (= 1 (select |v_#valid_26| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-17 22:32:31,706 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)) [2020-07-17 22:32:31,752 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 9 [2020-07-17 22:32:31,752 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,762 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:31,770 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 9 [2020-07-17 22:32:31,770 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,783 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:31,785 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,785 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:49, output treesize:29 [2020-07-17 22:32:31,788 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:31,789 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.offset_42|, main_~t~0.offset, main_~t~0.base, |v_#memory_$Pointer$.base_44|]. (let ((.cse0 (+ main_~a~0.offset 4))) (and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse0)) (not (= main_~t~0.base main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse0)) (= (store |v_#memory_$Pointer$.offset_42| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_42| main_~a~0.base) .cse0 main_~t~0.offset)) |#memory_$Pointer$.offset|) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_44| main_~a~0.base (store (select |v_#memory_$Pointer$.base_44| main_~a~0.base) .cse0 main_~t~0.base))))) [2020-07-17 22:32:31,789 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (+ main_~a~0.offset 4))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse1))) (and (= main_~p~0.base .cse0) (not (= main_~a~0.base .cse0)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse1))))) [2020-07-17 22:32:31,841 INFO L440 ElimStorePlain]: Different costs {0=[|v_#memory_int_42|], 2=[|v_#memory_$Pointer$.base_45|, |v_#memory_$Pointer$.offset_43|]} [2020-07-17 22:32:31,848 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 19 [2020-07-17 22:32:31,848 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,859 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:31,884 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:31,885 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 120 treesize of output 132 [2020-07-17 22:32:31,893 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[5, 3, 2, 1] term [2020-07-17 22:32:31,893 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 5 disjuncts [2020-07-17 22:32:31,895 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,914 INFO L624 ElimStorePlain]: treesize reduction 48, result has 61.0 percent of original size [2020-07-17 22:32:31,920 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 65 treesize of output 49 [2020-07-17 22:32:31,925 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,930 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:31,931 INFO L544 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,931 INFO L244 ElimStorePlain]: Needed 4 recursive calls to eliminate 3 variables, input treesize:130, output treesize:30 [2020-07-17 22:32:31,937 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:31,938 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_45|, |v_#memory_int_42|, |v_#memory_$Pointer$.offset_43|]. (let ((.cse2 (+ main_~p~0.offset 4))) (let ((.cse0 (select (select |v_#memory_$Pointer$.base_45| main_~p~0.base) .cse2)) (.cse1 (select (select |v_#memory_$Pointer$.offset_43| main_~p~0.base) .cse2))) (and (not (= main_~p~0.base .cse0)) (= (store |v_#memory_$Pointer$.offset_43| .cse0 (store (select |v_#memory_$Pointer$.offset_43| .cse0) .cse1 (select (select |#memory_$Pointer$.offset| .cse0) .cse1))) |#memory_$Pointer$.offset|) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_45| .cse0 (store (select |v_#memory_$Pointer$.base_45| .cse0) .cse1 (select (select |#memory_$Pointer$.base| .cse0) .cse1)))) (= |#memory_int| (store |v_#memory_int_42| .cse0 (store (select |v_#memory_int_42| .cse0) .cse1 3)))))) [2020-07-17 22:32:31,938 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (+ main_~p~0.offset 4))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~p~0.base) .cse1))) (and (not (= .cse0 main_~p~0.base)) (= 3 (select (select |#memory_int| .cse0) (select (select |#memory_$Pointer$.offset| main_~p~0.base) .cse1)))))) [2020-07-17 22:32:31,985 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 21 [2020-07-17 22:32:31,987 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:31,994 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:31,997 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 11 [2020-07-17 22:32:32,001 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:32,005 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:32,007 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:32,008 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:48, output treesize:7 [2020-07-17 22:32:32,010 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:32,010 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_23, v_main_~p~0.offset_23, |#memory_$Pointer$.offset|]. (let ((.cse2 (+ v_main_~p~0.offset_23 4))) (let ((.cse0 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_23) .cse2)) (.cse1 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_23) .cse2))) (and (= main_~p~0.offset .cse0) (= main_~p~0.base .cse1) (= 3 (select (select |#memory_int| .cse1) .cse0)) (not (= v_main_~p~0.base_23 .cse1))))) [2020-07-17 22:32:32,010 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) [2020-07-17 22:32:32,028 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2020-07-17 22:32:32,029 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:32,031 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:32,032 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:32,032 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:15, output treesize:3 [2020-07-17 22:32:32,034 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:32,034 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (= 3 .cse0) (= |main_#t~mem40| .cse0))) [2020-07-17 22:32:32,034 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem40| 3) [2020-07-17 22:32:32,036 INFO L263 TraceCheckUtils]: 0: Hoare triple {2948#true} call ULTIMATE.init(); {2948#true} is VALID [2020-07-17 22:32:32,036 INFO L280 TraceCheckUtils]: 1: Hoare triple {2948#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2948#true} is VALID [2020-07-17 22:32:32,036 INFO L280 TraceCheckUtils]: 2: Hoare triple {2948#true} assume true; {2948#true} is VALID [2020-07-17 22:32:32,036 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2948#true} {2948#true} #225#return; {2948#true} is VALID [2020-07-17 22:32:32,037 INFO L263 TraceCheckUtils]: 4: Hoare triple {2948#true} call #t~ret41 := main(); {2948#true} is VALID [2020-07-17 22:32:32,037 INFO L280 TraceCheckUtils]: 5: Hoare triple {2948#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {2948#true} is VALID [2020-07-17 22:32:32,037 INFO L280 TraceCheckUtils]: 6: Hoare triple {2948#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {2948#true} is VALID [2020-07-17 22:32:32,037 INFO L280 TraceCheckUtils]: 7: Hoare triple {2948#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {2948#true} is VALID [2020-07-17 22:32:32,038 INFO L280 TraceCheckUtils]: 8: Hoare triple {2948#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {2948#true} is VALID [2020-07-17 22:32:32,038 INFO L280 TraceCheckUtils]: 9: Hoare triple {2948#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {2948#true} is VALID [2020-07-17 22:32:32,038 INFO L280 TraceCheckUtils]: 10: Hoare triple {2948#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {2948#true} is VALID [2020-07-17 22:32:32,038 INFO L280 TraceCheckUtils]: 11: Hoare triple {2948#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {2948#true} is VALID [2020-07-17 22:32:32,038 INFO L280 TraceCheckUtils]: 12: Hoare triple {2948#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {2948#true} is VALID [2020-07-17 22:32:32,039 INFO L280 TraceCheckUtils]: 13: Hoare triple {2948#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {2948#true} is VALID [2020-07-17 22:32:32,039 INFO L280 TraceCheckUtils]: 14: Hoare triple {2948#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {2948#true} is VALID [2020-07-17 22:32:32,039 INFO L280 TraceCheckUtils]: 15: Hoare triple {2948#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {2948#true} is VALID [2020-07-17 22:32:32,041 INFO L280 TraceCheckUtils]: 16: Hoare triple {2948#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {3012#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:32,041 INFO L280 TraceCheckUtils]: 17: Hoare triple {3012#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {3012#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:32,042 INFO L280 TraceCheckUtils]: 18: Hoare triple {3012#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:32,043 INFO L280 TraceCheckUtils]: 19: Hoare triple {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:32,043 INFO L280 TraceCheckUtils]: 20: Hoare triple {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:32,044 INFO L280 TraceCheckUtils]: 21: Hoare triple {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:32,044 INFO L280 TraceCheckUtils]: 22: Hoare triple {3019#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {3032#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:32,045 INFO L280 TraceCheckUtils]: 23: Hoare triple {3032#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {3032#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:32,047 INFO L280 TraceCheckUtils]: 24: Hoare triple {3032#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-17 22:32:32,048 INFO L280 TraceCheckUtils]: 25: Hoare triple {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-17 22:32:32,049 INFO L280 TraceCheckUtils]: 26: Hoare triple {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} assume !(0 != #t~nondet33);havoc #t~nondet33; {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-17 22:32:32,050 INFO L280 TraceCheckUtils]: 27: Hoare triple {3039#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3049#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-17 22:32:32,050 INFO L280 TraceCheckUtils]: 28: Hoare triple {3049#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {3049#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-17 22:32:32,055 INFO L280 TraceCheckUtils]: 29: Hoare triple {3049#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:32,055 INFO L280 TraceCheckUtils]: 30: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:32,056 INFO L280 TraceCheckUtils]: 31: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:32,056 INFO L280 TraceCheckUtils]: 32: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:32,056 INFO L280 TraceCheckUtils]: 33: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(1 == #t~mem38);havoc #t~mem38; {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:32,057 INFO L280 TraceCheckUtils]: 34: Hoare triple {2958#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {2959#(= |main_#t~mem40| 3)} is VALID [2020-07-17 22:32:32,057 INFO L280 TraceCheckUtils]: 35: Hoare triple {2959#(= |main_#t~mem40| 3)} assume 3 != #t~mem40;havoc #t~mem40; {2949#false} is VALID [2020-07-17 22:32:32,057 INFO L280 TraceCheckUtils]: 36: Hoare triple {2949#false} assume !false; {2949#false} is VALID [2020-07-17 22:32:32,060 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:32,060 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-17 22:32:32,060 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 9] total 15 [2020-07-17 22:32:32,060 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1633906397] [2020-07-17 22:32:32,061 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 37 [2020-07-17 22:32:32,061 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:32,061 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states. [2020-07-17 22:32:32,128 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 53 edges. 53 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:32,128 INFO L459 AbstractCegarLoop]: Interpolant automaton has 15 states [2020-07-17 22:32:32,128 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:32,129 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2020-07-17 22:32:32,129 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=34, Invalid=176, Unknown=0, NotChecked=0, Total=210 [2020-07-17 22:32:32,129 INFO L87 Difference]: Start difference. First operand 79 states and 106 transitions. Second operand 15 states. [2020-07-17 22:32:34,045 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:34,046 INFO L93 Difference]: Finished difference Result 99 states and 128 transitions. [2020-07-17 22:32:34,046 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2020-07-17 22:32:34,046 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 37 [2020-07-17 22:32:34,046 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:34,046 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2020-07-17 22:32:34,048 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 107 transitions. [2020-07-17 22:32:34,049 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2020-07-17 22:32:34,051 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 107 transitions. [2020-07-17 22:32:34,051 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 107 transitions. [2020-07-17 22:32:34,203 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 107 edges. 107 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:34,205 INFO L225 Difference]: With dead ends: 99 [2020-07-17 22:32:34,205 INFO L226 Difference]: Without dead ends: 95 [2020-07-17 22:32:34,205 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 35 SyntacticMatches, 0 SemanticMatches, 18 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 32 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=74, Invalid=306, Unknown=0, NotChecked=0, Total=380 [2020-07-17 22:32:34,206 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 95 states. [2020-07-17 22:32:34,237 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 95 to 83. [2020-07-17 22:32:34,237 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:34,237 INFO L82 GeneralOperation]: Start isEquivalent. First operand 95 states. Second operand 83 states. [2020-07-17 22:32:34,237 INFO L74 IsIncluded]: Start isIncluded. First operand 95 states. Second operand 83 states. [2020-07-17 22:32:34,237 INFO L87 Difference]: Start difference. First operand 95 states. Second operand 83 states. [2020-07-17 22:32:34,241 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:34,241 INFO L93 Difference]: Finished difference Result 95 states and 124 transitions. [2020-07-17 22:32:34,241 INFO L276 IsEmpty]: Start isEmpty. Operand 95 states and 124 transitions. [2020-07-17 22:32:34,241 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:34,242 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:34,242 INFO L74 IsIncluded]: Start isIncluded. First operand 83 states. Second operand 95 states. [2020-07-17 22:32:34,242 INFO L87 Difference]: Start difference. First operand 83 states. Second operand 95 states. [2020-07-17 22:32:34,245 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:34,245 INFO L93 Difference]: Finished difference Result 95 states and 124 transitions. [2020-07-17 22:32:34,245 INFO L276 IsEmpty]: Start isEmpty. Operand 95 states and 124 transitions. [2020-07-17 22:32:34,246 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:34,246 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:34,246 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:34,246 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:34,246 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 83 states. [2020-07-17 22:32:34,249 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 83 states to 83 states and 111 transitions. [2020-07-17 22:32:34,249 INFO L78 Accepts]: Start accepts. Automaton has 83 states and 111 transitions. Word has length 37 [2020-07-17 22:32:34,249 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:34,249 INFO L479 AbstractCegarLoop]: Abstraction has 83 states and 111 transitions. [2020-07-17 22:32:34,249 INFO L480 AbstractCegarLoop]: Interpolant automaton has 15 states. [2020-07-17 22:32:34,249 INFO L276 IsEmpty]: Start isEmpty. Operand 83 states and 111 transitions. [2020-07-17 22:32:34,250 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2020-07-17 22:32:34,250 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:34,250 INFO L422 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:34,470 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,4 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:34,471 INFO L427 AbstractCegarLoop]: === Iteration 10 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:34,472 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:34,472 INFO L82 PathProgramCache]: Analyzing trace with hash 284097905, now seen corresponding path program 1 times [2020-07-17 22:32:34,472 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:34,473 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [460795939] [2020-07-17 22:32:34,473 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:34,513 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:34,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:34,809 INFO L280 TraceCheckUtils]: 0: Hoare triple {3505#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {3493#true} is VALID [2020-07-17 22:32:34,809 INFO L280 TraceCheckUtils]: 1: Hoare triple {3493#true} assume true; {3493#true} is VALID [2020-07-17 22:32:34,809 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {3493#true} {3493#true} #225#return; {3493#true} is VALID [2020-07-17 22:32:34,811 INFO L263 TraceCheckUtils]: 0: Hoare triple {3493#true} call ULTIMATE.init(); {3505#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:34,811 INFO L280 TraceCheckUtils]: 1: Hoare triple {3505#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {3493#true} is VALID [2020-07-17 22:32:34,811 INFO L280 TraceCheckUtils]: 2: Hoare triple {3493#true} assume true; {3493#true} is VALID [2020-07-17 22:32:34,811 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {3493#true} {3493#true} #225#return; {3493#true} is VALID [2020-07-17 22:32:34,811 INFO L263 TraceCheckUtils]: 4: Hoare triple {3493#true} call #t~ret41 := main(); {3493#true} is VALID [2020-07-17 22:32:34,812 INFO L280 TraceCheckUtils]: 5: Hoare triple {3493#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {3493#true} is VALID [2020-07-17 22:32:34,812 INFO L280 TraceCheckUtils]: 6: Hoare triple {3493#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {3493#true} is VALID [2020-07-17 22:32:34,812 INFO L280 TraceCheckUtils]: 7: Hoare triple {3493#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {3493#true} is VALID [2020-07-17 22:32:34,812 INFO L280 TraceCheckUtils]: 8: Hoare triple {3493#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {3493#true} is VALID [2020-07-17 22:32:34,813 INFO L280 TraceCheckUtils]: 9: Hoare triple {3493#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {3493#true} is VALID [2020-07-17 22:32:34,813 INFO L280 TraceCheckUtils]: 10: Hoare triple {3493#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {3493#true} is VALID [2020-07-17 22:32:34,813 INFO L280 TraceCheckUtils]: 11: Hoare triple {3493#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {3493#true} is VALID [2020-07-17 22:32:34,813 INFO L280 TraceCheckUtils]: 12: Hoare triple {3493#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {3493#true} is VALID [2020-07-17 22:32:34,813 INFO L280 TraceCheckUtils]: 13: Hoare triple {3493#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {3493#true} is VALID [2020-07-17 22:32:34,814 INFO L280 TraceCheckUtils]: 14: Hoare triple {3493#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {3493#true} is VALID [2020-07-17 22:32:34,814 INFO L280 TraceCheckUtils]: 15: Hoare triple {3493#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {3493#true} is VALID [2020-07-17 22:32:34,815 INFO L280 TraceCheckUtils]: 16: Hoare triple {3493#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {3498#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:34,816 INFO L280 TraceCheckUtils]: 17: Hoare triple {3498#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {3498#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:34,817 INFO L280 TraceCheckUtils]: 18: Hoare triple {3498#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:34,818 INFO L280 TraceCheckUtils]: 19: Hoare triple {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:34,819 INFO L280 TraceCheckUtils]: 20: Hoare triple {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:34,819 INFO L280 TraceCheckUtils]: 21: Hoare triple {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:34,821 INFO L280 TraceCheckUtils]: 22: Hoare triple {3499#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {3500#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:34,822 INFO L280 TraceCheckUtils]: 23: Hoare triple {3500#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {3500#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:34,824 INFO L280 TraceCheckUtils]: 24: Hoare triple {3500#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:34,825 INFO L280 TraceCheckUtils]: 25: Hoare triple {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:34,826 INFO L280 TraceCheckUtils]: 26: Hoare triple {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:34,828 INFO L280 TraceCheckUtils]: 27: Hoare triple {3501#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3502#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-17 22:32:34,829 INFO L280 TraceCheckUtils]: 28: Hoare triple {3502#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {3502#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-17 22:32:34,830 INFO L280 TraceCheckUtils]: 29: Hoare triple {3502#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:34,831 INFO L280 TraceCheckUtils]: 30: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:34,832 INFO L280 TraceCheckUtils]: 31: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:34,832 INFO L280 TraceCheckUtils]: 32: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {3504#(= |main_#t~mem38| 3)} is VALID [2020-07-17 22:32:34,833 INFO L280 TraceCheckUtils]: 33: Hoare triple {3504#(= |main_#t~mem38| 3)} assume !!(1 == #t~mem38);havoc #t~mem38;call #t~mem39.base, #t~mem39.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem39.base, #t~mem39.offset;havoc #t~mem39.base, #t~mem39.offset; {3494#false} is VALID [2020-07-17 22:32:34,834 INFO L280 TraceCheckUtils]: 34: Hoare triple {3494#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {3494#false} is VALID [2020-07-17 22:32:34,834 INFO L280 TraceCheckUtils]: 35: Hoare triple {3494#false} assume !(1 == #t~mem38);havoc #t~mem38; {3494#false} is VALID [2020-07-17 22:32:34,834 INFO L280 TraceCheckUtils]: 36: Hoare triple {3494#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {3494#false} is VALID [2020-07-17 22:32:34,834 INFO L280 TraceCheckUtils]: 37: Hoare triple {3494#false} assume 3 != #t~mem40;havoc #t~mem40; {3494#false} is VALID [2020-07-17 22:32:34,834 INFO L280 TraceCheckUtils]: 38: Hoare triple {3494#false} assume !false; {3494#false} is VALID [2020-07-17 22:32:34,839 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 2 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:34,839 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [460795939] [2020-07-17 22:32:34,839 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [854028262] [2020-07-17 22:32:34,840 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:34,937 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:34,938 INFO L264 TraceCheckSpWp]: Trace formula consists of 174 conjuncts, 34 conjunts are in the unsatisfiable core [2020-07-17 22:32:34,959 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:34,963 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-17 22:32:34,989 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-17 22:32:34,989 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:34,991 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:34,992 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:34,992 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2020-07-17 22:32:34,994 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:34,995 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_27|]. (= |#valid| (store |v_#valid_27| main_~a~0.base 1)) [2020-07-17 22:32:34,995 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 1 (select |#valid| main_~a~0.base)) [2020-07-17 22:32:35,061 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:35,062 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 15 [2020-07-17 22:32:35,063 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,069 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:35,070 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,070 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:17, output treesize:11 [2020-07-17 22:32:35,073 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:35,073 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_28|]. (and (= 0 (select |v_#valid_28| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select |v_#valid_28| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-17 22:32:35,073 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)) [2020-07-17 22:32:35,128 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 9 [2020-07-17 22:32:35,129 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,141 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:35,147 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 9 [2020-07-17 22:32:35,147 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,158 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:35,160 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,160 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:49, output treesize:29 [2020-07-17 22:32:35,166 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:35,166 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_46|, main_~t~0.base, |v_#memory_$Pointer$.offset_44|, main_~t~0.offset]. (let ((.cse0 (+ main_~a~0.offset 4))) (and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse0)) (not (= main_~t~0.base main_~a~0.base)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_46| main_~a~0.base (store (select |v_#memory_$Pointer$.base_46| main_~a~0.base) .cse0 main_~t~0.base))) (= (store |v_#memory_$Pointer$.offset_44| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_44| main_~a~0.base) .cse0 main_~t~0.offset)) |#memory_$Pointer$.offset|) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse0)))) [2020-07-17 22:32:35,166 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (+ main_~a~0.offset 4))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) .cse1))) (and (= main_~p~0.base .cse0) (not (= main_~a~0.base .cse0)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) .cse1))))) [2020-07-17 22:32:35,219 INFO L440 ElimStorePlain]: Different costs {0=[|v_#memory_int_43|], 2=[|v_#memory_$Pointer$.base_47|, |v_#memory_$Pointer$.offset_45|]} [2020-07-17 22:32:35,225 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 19 [2020-07-17 22:32:35,225 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,236 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:35,266 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:35,266 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 120 treesize of output 132 [2020-07-17 22:32:35,271 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[5, 3, 2, 1] term [2020-07-17 22:32:35,272 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 5 disjuncts [2020-07-17 22:32:35,274 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,291 INFO L624 ElimStorePlain]: treesize reduction 48, result has 61.0 percent of original size [2020-07-17 22:32:35,299 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 65 treesize of output 49 [2020-07-17 22:32:35,300 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,305 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:35,305 INFO L544 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,306 INFO L244 ElimStorePlain]: Needed 4 recursive calls to eliminate 3 variables, input treesize:130, output treesize:30 [2020-07-17 22:32:35,312 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:35,313 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_47|, |v_#memory_int_43|, |v_#memory_$Pointer$.offset_45|]. (let ((.cse2 (+ main_~p~0.offset 4))) (let ((.cse0 (select (select |v_#memory_$Pointer$.base_47| main_~p~0.base) .cse2)) (.cse1 (select (select |v_#memory_$Pointer$.offset_45| main_~p~0.base) .cse2))) (and (= (store |v_#memory_$Pointer$.offset_45| .cse0 (store (select |v_#memory_$Pointer$.offset_45| .cse0) .cse1 (select (select |#memory_$Pointer$.offset| .cse0) .cse1))) |#memory_$Pointer$.offset|) (= |#memory_int| (store |v_#memory_int_43| .cse0 (store (select |v_#memory_int_43| .cse0) .cse1 3))) (not (= main_~p~0.base .cse0)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_47| .cse0 (store (select |v_#memory_$Pointer$.base_47| .cse0) .cse1 (select (select |#memory_$Pointer$.base| .cse0) .cse1))))))) [2020-07-17 22:32:35,313 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse1 (+ main_~p~0.offset 4))) (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~p~0.base) .cse1))) (and (not (= .cse0 main_~p~0.base)) (= 3 (select (select |#memory_int| .cse0) (select (select |#memory_$Pointer$.offset| main_~p~0.base) .cse1)))))) [2020-07-17 22:32:35,372 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 39 treesize of output 21 [2020-07-17 22:32:35,374 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,379 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:35,387 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 11 [2020-07-17 22:32:35,388 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,392 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:35,394 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,395 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:48, output treesize:7 [2020-07-17 22:32:35,397 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:35,398 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_26, v_main_~p~0.offset_26, |#memory_$Pointer$.offset|]. (let ((.cse2 (+ v_main_~p~0.offset_26 4))) (let ((.cse0 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_26) .cse2)) (.cse1 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_26) .cse2))) (and (not (= v_main_~p~0.base_26 .cse0)) (= .cse1 main_~p~0.offset) (= main_~p~0.base .cse0) (= 3 (select (select |#memory_int| .cse0) .cse1))))) [2020-07-17 22:32:35,398 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) [2020-07-17 22:32:35,410 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2020-07-17 22:32:35,412 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,415 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:35,415 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:35,415 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:15, output treesize:3 [2020-07-17 22:32:35,418 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:35,419 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (= 3 .cse0) (<= .cse0 |main_#t~mem38|))) [2020-07-17 22:32:35,419 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (<= 3 |main_#t~mem38|) [2020-07-17 22:32:35,446 INFO L263 TraceCheckUtils]: 0: Hoare triple {3493#true} call ULTIMATE.init(); {3493#true} is VALID [2020-07-17 22:32:35,446 INFO L280 TraceCheckUtils]: 1: Hoare triple {3493#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {3493#true} is VALID [2020-07-17 22:32:35,446 INFO L280 TraceCheckUtils]: 2: Hoare triple {3493#true} assume true; {3493#true} is VALID [2020-07-17 22:32:35,447 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {3493#true} {3493#true} #225#return; {3493#true} is VALID [2020-07-17 22:32:35,447 INFO L263 TraceCheckUtils]: 4: Hoare triple {3493#true} call #t~ret41 := main(); {3493#true} is VALID [2020-07-17 22:32:35,447 INFO L280 TraceCheckUtils]: 5: Hoare triple {3493#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {3493#true} is VALID [2020-07-17 22:32:35,447 INFO L280 TraceCheckUtils]: 6: Hoare triple {3493#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {3493#true} is VALID [2020-07-17 22:32:35,447 INFO L280 TraceCheckUtils]: 7: Hoare triple {3493#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {3493#true} is VALID [2020-07-17 22:32:35,447 INFO L280 TraceCheckUtils]: 8: Hoare triple {3493#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {3493#true} is VALID [2020-07-17 22:32:35,447 INFO L280 TraceCheckUtils]: 9: Hoare triple {3493#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {3493#true} is VALID [2020-07-17 22:32:35,448 INFO L280 TraceCheckUtils]: 10: Hoare triple {3493#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {3493#true} is VALID [2020-07-17 22:32:35,448 INFO L280 TraceCheckUtils]: 11: Hoare triple {3493#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {3493#true} is VALID [2020-07-17 22:32:35,448 INFO L280 TraceCheckUtils]: 12: Hoare triple {3493#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {3493#true} is VALID [2020-07-17 22:32:35,448 INFO L280 TraceCheckUtils]: 13: Hoare triple {3493#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {3493#true} is VALID [2020-07-17 22:32:35,448 INFO L280 TraceCheckUtils]: 14: Hoare triple {3493#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {3493#true} is VALID [2020-07-17 22:32:35,448 INFO L280 TraceCheckUtils]: 15: Hoare triple {3493#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {3493#true} is VALID [2020-07-17 22:32:35,449 INFO L280 TraceCheckUtils]: 16: Hoare triple {3493#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {3557#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:35,450 INFO L280 TraceCheckUtils]: 17: Hoare triple {3557#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {3557#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:35,451 INFO L280 TraceCheckUtils]: 18: Hoare triple {3557#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:35,451 INFO L280 TraceCheckUtils]: 19: Hoare triple {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:35,452 INFO L280 TraceCheckUtils]: 20: Hoare triple {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:35,453 INFO L280 TraceCheckUtils]: 21: Hoare triple {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:35,454 INFO L280 TraceCheckUtils]: 22: Hoare triple {3564#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {3577#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:35,454 INFO L280 TraceCheckUtils]: 23: Hoare triple {3577#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {3577#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:35,456 INFO L280 TraceCheckUtils]: 24: Hoare triple {3577#(and (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-17 22:32:35,456 INFO L280 TraceCheckUtils]: 25: Hoare triple {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-17 22:32:35,457 INFO L280 TraceCheckUtils]: 26: Hoare triple {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} assume !(0 != #t~nondet33);havoc #t~nondet33; {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} is VALID [2020-07-17 22:32:35,458 INFO L280 TraceCheckUtils]: 27: Hoare triple {3584#(and (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) (+ main_~a~0.offset 4)))) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~a~0.base) (+ main_~a~0.offset 4))))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {3594#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-17 22:32:35,459 INFO L280 TraceCheckUtils]: 28: Hoare triple {3594#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {3594#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-17 22:32:35,459 INFO L280 TraceCheckUtils]: 29: Hoare triple {3594#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4)) main_~p~0.base)) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:35,460 INFO L280 TraceCheckUtils]: 30: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:35,460 INFO L280 TraceCheckUtils]: 31: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(2 == #t~mem36);havoc #t~mem36; {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:35,461 INFO L280 TraceCheckUtils]: 32: Hoare triple {3503#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {3610#(<= 3 |main_#t~mem38|)} is VALID [2020-07-17 22:32:35,466 INFO L280 TraceCheckUtils]: 33: Hoare triple {3610#(<= 3 |main_#t~mem38|)} assume !!(1 == #t~mem38);havoc #t~mem38;call #t~mem39.base, #t~mem39.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem39.base, #t~mem39.offset;havoc #t~mem39.base, #t~mem39.offset; {3494#false} is VALID [2020-07-17 22:32:35,467 INFO L280 TraceCheckUtils]: 34: Hoare triple {3494#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {3494#false} is VALID [2020-07-17 22:32:35,467 INFO L280 TraceCheckUtils]: 35: Hoare triple {3494#false} assume !(1 == #t~mem38);havoc #t~mem38; {3494#false} is VALID [2020-07-17 22:32:35,467 INFO L280 TraceCheckUtils]: 36: Hoare triple {3494#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {3494#false} is VALID [2020-07-17 22:32:35,467 INFO L280 TraceCheckUtils]: 37: Hoare triple {3494#false} assume 3 != #t~mem40;havoc #t~mem40; {3494#false} is VALID [2020-07-17 22:32:35,468 INFO L280 TraceCheckUtils]: 38: Hoare triple {3494#false} assume !false; {3494#false} is VALID [2020-07-17 22:32:35,471 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 2 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:35,471 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-17 22:32:35,471 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 9] total 16 [2020-07-17 22:32:35,472 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1277231019] [2020-07-17 22:32:35,475 INFO L78 Accepts]: Start accepts. Automaton has 16 states. Word has length 39 [2020-07-17 22:32:35,476 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:35,476 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 16 states. [2020-07-17 22:32:35,548 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 57 edges. 57 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:35,548 INFO L459 AbstractCegarLoop]: Interpolant automaton has 16 states [2020-07-17 22:32:35,548 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:35,549 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 16 interpolants. [2020-07-17 22:32:35,549 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=37, Invalid=203, Unknown=0, NotChecked=0, Total=240 [2020-07-17 22:32:35,549 INFO L87 Difference]: Start difference. First operand 83 states and 111 transitions. Second operand 16 states. [2020-07-17 22:32:37,522 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:37,523 INFO L93 Difference]: Finished difference Result 101 states and 130 transitions. [2020-07-17 22:32:37,523 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2020-07-17 22:32:37,523 INFO L78 Accepts]: Start accepts. Automaton has 16 states. Word has length 39 [2020-07-17 22:32:37,524 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:37,524 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 16 states. [2020-07-17 22:32:37,526 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 109 transitions. [2020-07-17 22:32:37,526 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 16 states. [2020-07-17 22:32:37,528 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 109 transitions. [2020-07-17 22:32:37,528 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 109 transitions. [2020-07-17 22:32:37,695 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 109 edges. 109 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:37,697 INFO L225 Difference]: With dead ends: 101 [2020-07-17 22:32:37,697 INFO L226 Difference]: Without dead ends: 91 [2020-07-17 22:32:37,698 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 55 GetRequests, 36 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 38 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=78, Invalid=342, Unknown=0, NotChecked=0, Total=420 [2020-07-17 22:32:37,698 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 91 states. [2020-07-17 22:32:37,735 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 91 to 74. [2020-07-17 22:32:37,736 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:37,736 INFO L82 GeneralOperation]: Start isEquivalent. First operand 91 states. Second operand 74 states. [2020-07-17 22:32:37,736 INFO L74 IsIncluded]: Start isIncluded. First operand 91 states. Second operand 74 states. [2020-07-17 22:32:37,736 INFO L87 Difference]: Start difference. First operand 91 states. Second operand 74 states. [2020-07-17 22:32:37,738 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:37,739 INFO L93 Difference]: Finished difference Result 91 states and 118 transitions. [2020-07-17 22:32:37,739 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 118 transitions. [2020-07-17 22:32:37,739 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:37,739 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:37,740 INFO L74 IsIncluded]: Start isIncluded. First operand 74 states. Second operand 91 states. [2020-07-17 22:32:37,740 INFO L87 Difference]: Start difference. First operand 74 states. Second operand 91 states. [2020-07-17 22:32:37,742 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:37,742 INFO L93 Difference]: Finished difference Result 91 states and 118 transitions. [2020-07-17 22:32:37,742 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 118 transitions. [2020-07-17 22:32:37,743 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:37,743 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:37,743 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:37,743 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:37,743 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 74 states. [2020-07-17 22:32:37,745 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 74 states to 74 states and 99 transitions. [2020-07-17 22:32:37,745 INFO L78 Accepts]: Start accepts. Automaton has 74 states and 99 transitions. Word has length 39 [2020-07-17 22:32:37,745 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:37,745 INFO L479 AbstractCegarLoop]: Abstraction has 74 states and 99 transitions. [2020-07-17 22:32:37,746 INFO L480 AbstractCegarLoop]: Interpolant automaton has 16 states. [2020-07-17 22:32:37,746 INFO L276 IsEmpty]: Start isEmpty. Operand 74 states and 99 transitions. [2020-07-17 22:32:37,746 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2020-07-17 22:32:37,746 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:37,746 INFO L422 BasicCegarLoop]: trace histogram [3, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:37,947 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,5 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:37,948 INFO L427 AbstractCegarLoop]: === Iteration 11 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:37,948 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:37,948 INFO L82 PathProgramCache]: Analyzing trace with hash 1308800881, now seen corresponding path program 2 times [2020-07-17 22:32:37,949 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:37,949 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [689169412] [2020-07-17 22:32:37,949 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:37,976 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:38,227 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:38,230 INFO L280 TraceCheckUtils]: 0: Hoare triple {4041#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4029#true} is VALID [2020-07-17 22:32:38,231 INFO L280 TraceCheckUtils]: 1: Hoare triple {4029#true} assume true; {4029#true} is VALID [2020-07-17 22:32:38,231 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {4029#true} {4029#true} #225#return; {4029#true} is VALID [2020-07-17 22:32:38,232 INFO L263 TraceCheckUtils]: 0: Hoare triple {4029#true} call ULTIMATE.init(); {4041#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:38,232 INFO L280 TraceCheckUtils]: 1: Hoare triple {4041#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4029#true} is VALID [2020-07-17 22:32:38,232 INFO L280 TraceCheckUtils]: 2: Hoare triple {4029#true} assume true; {4029#true} is VALID [2020-07-17 22:32:38,233 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {4029#true} {4029#true} #225#return; {4029#true} is VALID [2020-07-17 22:32:38,233 INFO L263 TraceCheckUtils]: 4: Hoare triple {4029#true} call #t~ret41 := main(); {4029#true} is VALID [2020-07-17 22:32:38,233 INFO L280 TraceCheckUtils]: 5: Hoare triple {4029#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {4029#true} is VALID [2020-07-17 22:32:38,233 INFO L280 TraceCheckUtils]: 6: Hoare triple {4029#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {4029#true} is VALID [2020-07-17 22:32:38,233 INFO L280 TraceCheckUtils]: 7: Hoare triple {4029#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {4029#true} is VALID [2020-07-17 22:32:38,234 INFO L280 TraceCheckUtils]: 8: Hoare triple {4029#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {4029#true} is VALID [2020-07-17 22:32:38,234 INFO L280 TraceCheckUtils]: 9: Hoare triple {4029#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {4029#true} is VALID [2020-07-17 22:32:38,234 INFO L280 TraceCheckUtils]: 10: Hoare triple {4029#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {4029#true} is VALID [2020-07-17 22:32:38,234 INFO L280 TraceCheckUtils]: 11: Hoare triple {4029#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {4029#true} is VALID [2020-07-17 22:32:38,234 INFO L280 TraceCheckUtils]: 12: Hoare triple {4029#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {4029#true} is VALID [2020-07-17 22:32:38,235 INFO L280 TraceCheckUtils]: 13: Hoare triple {4029#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {4029#true} is VALID [2020-07-17 22:32:38,235 INFO L280 TraceCheckUtils]: 14: Hoare triple {4029#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {4029#true} is VALID [2020-07-17 22:32:38,235 INFO L280 TraceCheckUtils]: 15: Hoare triple {4029#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {4029#true} is VALID [2020-07-17 22:32:38,250 INFO L280 TraceCheckUtils]: 16: Hoare triple {4029#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:38,251 INFO L280 TraceCheckUtils]: 17: Hoare triple {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:38,252 INFO L280 TraceCheckUtils]: 18: Hoare triple {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:38,253 INFO L280 TraceCheckUtils]: 19: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:38,254 INFO L280 TraceCheckUtils]: 20: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:38,255 INFO L280 TraceCheckUtils]: 21: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:38,256 INFO L280 TraceCheckUtils]: 22: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:38,257 INFO L280 TraceCheckUtils]: 23: Hoare triple {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:38,259 INFO L280 TraceCheckUtils]: 24: Hoare triple {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:38,260 INFO L280 TraceCheckUtils]: 25: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:38,260 INFO L280 TraceCheckUtils]: 26: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:38,262 INFO L280 TraceCheckUtils]: 27: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4038#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-17 22:32:38,263 INFO L280 TraceCheckUtils]: 28: Hoare triple {4038#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4038#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} is VALID [2020-07-17 22:32:38,264 INFO L280 TraceCheckUtils]: 29: Hoare triple {4038#(and (= 0 main_~p~0.offset) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4)))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {4039#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:38,265 INFO L280 TraceCheckUtils]: 30: Hoare triple {4039#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4040#(= |main_#t~mem36| 3)} is VALID [2020-07-17 22:32:38,265 INFO L280 TraceCheckUtils]: 31: Hoare triple {4040#(= |main_#t~mem36| 3)} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {4030#false} is VALID [2020-07-17 22:32:38,266 INFO L280 TraceCheckUtils]: 32: Hoare triple {4030#false} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-17 22:32:38,266 INFO L280 TraceCheckUtils]: 33: Hoare triple {4030#false} assume !(2 == #t~mem36);havoc #t~mem36; {4030#false} is VALID [2020-07-17 22:32:38,266 INFO L280 TraceCheckUtils]: 34: Hoare triple {4030#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-17 22:32:38,266 INFO L280 TraceCheckUtils]: 35: Hoare triple {4030#false} assume !(1 == #t~mem38);havoc #t~mem38; {4030#false} is VALID [2020-07-17 22:32:38,266 INFO L280 TraceCheckUtils]: 36: Hoare triple {4030#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-17 22:32:38,266 INFO L280 TraceCheckUtils]: 37: Hoare triple {4030#false} assume 3 != #t~mem40;havoc #t~mem40; {4030#false} is VALID [2020-07-17 22:32:38,267 INFO L280 TraceCheckUtils]: 38: Hoare triple {4030#false} assume !false; {4030#false} is VALID [2020-07-17 22:32:38,270 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 4 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:38,271 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [689169412] [2020-07-17 22:32:38,271 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [360400481] [2020-07-17 22:32:38,271 INFO L92 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 6 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:38,389 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2020-07-17 22:32:38,389 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2020-07-17 22:32:38,390 INFO L264 TraceCheckSpWp]: Trace formula consists of 174 conjuncts, 36 conjunts are in the unsatisfiable core [2020-07-17 22:32:38,403 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:38,406 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-17 22:32:38,432 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-17 22:32:38,432 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,439 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:38,439 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,439 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2020-07-17 22:32:38,441 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:38,442 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_29|]. (and (= |#valid| (store |v_#valid_29| main_~a~0.base 1)) (= 0 main_~a~0.offset)) [2020-07-17 22:32:38,442 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset)) [2020-07-17 22:32:38,481 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:38,481 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 15 [2020-07-17 22:32:38,482 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,490 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:38,490 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,490 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:20, output treesize:14 [2020-07-17 22:32:38,495 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:38,496 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_30|]. (and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 (select |v_#valid_30| main_~t~0.base)) (= 0 main_~a~0.offset) (= 1 (select |v_#valid_30| main_~p~0.base))) [2020-07-17 22:32:38,496 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base))) [2020-07-17 22:32:38,529 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-17 22:32:38,530 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,543 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:38,548 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-17 22:32:38,549 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,563 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:38,565 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,566 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:44, output treesize:26 [2020-07-17 22:32:38,570 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:38,571 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.offset_46|, main_~t~0.offset, main_~t~0.base, |v_#memory_$Pointer$.base_48|]. (and (not (= main_~t~0.base main_~a~0.base)) (= (store |v_#memory_$Pointer$.offset_46| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_46| main_~a~0.base) 4 main_~t~0.offset)) |#memory_$Pointer$.offset|) (= 0 main_~a~0.offset) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_48| main_~a~0.base (store (select |v_#memory_$Pointer$.base_48| main_~a~0.base) 4 main_~t~0.base))) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset)) [2020-07-17 22:32:38,571 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (and (not (= main_~a~0.base .cse0)) (= 0 main_~a~0.offset) (= main_~p~0.base .cse0) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))) [2020-07-17 22:32:38,606 INFO L440 ElimStorePlain]: Different costs {0=[|v_#memory_int_44|], 2=[|v_#memory_$Pointer$.base_49|, |v_#memory_$Pointer$.offset_47|]} [2020-07-17 22:32:38,613 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 15 [2020-07-17 22:32:38,613 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,626 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:38,649 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:38,649 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 94 treesize of output 108 [2020-07-17 22:32:38,654 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[5, 3, 2, 1] term [2020-07-17 22:32:38,654 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 5 disjuncts [2020-07-17 22:32:38,655 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,676 INFO L624 ElimStorePlain]: treesize reduction 36, result has 63.3 percent of original size [2020-07-17 22:32:38,681 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 51 treesize of output 41 [2020-07-17 22:32:38,684 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,690 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:38,690 INFO L544 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,691 INFO L244 ElimStorePlain]: Needed 4 recursive calls to eliminate 3 variables, input treesize:105, output treesize:27 [2020-07-17 22:32:38,699 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:38,700 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_49|, |v_#memory_int_44|, |v_#memory_$Pointer$.offset_47|]. (let ((.cse1 (select (select |v_#memory_$Pointer$.offset_47| main_~p~0.base) 4)) (.cse0 (select (select |v_#memory_$Pointer$.base_49| main_~p~0.base) 4))) (and (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_49| .cse0 (store (select |v_#memory_$Pointer$.base_49| .cse0) .cse1 (select (select |#memory_$Pointer$.base| .cse0) .cse1)))) (= (store |v_#memory_int_44| .cse0 (store (select |v_#memory_int_44| .cse0) .cse1 3)) |#memory_int|) (= 0 main_~p~0.offset) (= |#memory_$Pointer$.offset| (store |v_#memory_$Pointer$.offset_47| .cse0 (store (select |v_#memory_$Pointer$.offset_47| .cse0) .cse1 (select (select |#memory_$Pointer$.offset| .cse0) .cse1)))) (not (= main_~p~0.base .cse0)))) [2020-07-17 22:32:38,700 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~p~0.base) 4))) (and (= 3 (select (select |#memory_int| .cse0) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (not (= .cse0 main_~p~0.base)) (= 0 main_~p~0.offset))) [2020-07-17 22:32:38,742 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 31 treesize of output 19 [2020-07-17 22:32:38,747 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,754 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:38,758 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 11 [2020-07-17 22:32:38,759 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,763 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:38,764 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,765 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:38, output treesize:7 [2020-07-17 22:32:38,767 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:38,768 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_29, |#memory_$Pointer$.offset|]. (let ((.cse0 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_29) 4)) (.cse1 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_29) 4))) (and (not (= v_main_~p~0.base_29 .cse0)) (= 3 (select (select |#memory_int| .cse0) .cse1)) (= .cse0 main_~p~0.base) (= main_~p~0.offset .cse1))) [2020-07-17 22:32:38,768 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) [2020-07-17 22:32:38,782 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2020-07-17 22:32:38,784 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,785 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:38,786 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:38,786 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:15, output treesize:3 [2020-07-17 22:32:38,787 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:38,787 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (<= .cse0 |main_#t~mem36|) (= 3 .cse0))) [2020-07-17 22:32:38,788 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (<= 3 |main_#t~mem36|) [2020-07-17 22:32:38,822 INFO L263 TraceCheckUtils]: 0: Hoare triple {4029#true} call ULTIMATE.init(); {4029#true} is VALID [2020-07-17 22:32:38,822 INFO L280 TraceCheckUtils]: 1: Hoare triple {4029#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4029#true} is VALID [2020-07-17 22:32:38,822 INFO L280 TraceCheckUtils]: 2: Hoare triple {4029#true} assume true; {4029#true} is VALID [2020-07-17 22:32:38,823 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {4029#true} {4029#true} #225#return; {4029#true} is VALID [2020-07-17 22:32:38,823 INFO L263 TraceCheckUtils]: 4: Hoare triple {4029#true} call #t~ret41 := main(); {4029#true} is VALID [2020-07-17 22:32:38,823 INFO L280 TraceCheckUtils]: 5: Hoare triple {4029#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {4029#true} is VALID [2020-07-17 22:32:38,823 INFO L280 TraceCheckUtils]: 6: Hoare triple {4029#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {4029#true} is VALID [2020-07-17 22:32:38,824 INFO L280 TraceCheckUtils]: 7: Hoare triple {4029#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {4029#true} is VALID [2020-07-17 22:32:38,824 INFO L280 TraceCheckUtils]: 8: Hoare triple {4029#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {4029#true} is VALID [2020-07-17 22:32:38,824 INFO L280 TraceCheckUtils]: 9: Hoare triple {4029#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {4029#true} is VALID [2020-07-17 22:32:38,824 INFO L280 TraceCheckUtils]: 10: Hoare triple {4029#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {4029#true} is VALID [2020-07-17 22:32:38,824 INFO L280 TraceCheckUtils]: 11: Hoare triple {4029#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {4029#true} is VALID [2020-07-17 22:32:38,824 INFO L280 TraceCheckUtils]: 12: Hoare triple {4029#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {4029#true} is VALID [2020-07-17 22:32:38,824 INFO L280 TraceCheckUtils]: 13: Hoare triple {4029#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {4029#true} is VALID [2020-07-17 22:32:38,825 INFO L280 TraceCheckUtils]: 14: Hoare triple {4029#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {4029#true} is VALID [2020-07-17 22:32:38,825 INFO L280 TraceCheckUtils]: 15: Hoare triple {4029#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {4029#true} is VALID [2020-07-17 22:32:38,825 INFO L280 TraceCheckUtils]: 16: Hoare triple {4029#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:38,826 INFO L280 TraceCheckUtils]: 17: Hoare triple {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:38,827 INFO L280 TraceCheckUtils]: 18: Hoare triple {4034#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:38,827 INFO L280 TraceCheckUtils]: 19: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:38,828 INFO L280 TraceCheckUtils]: 20: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:38,828 INFO L280 TraceCheckUtils]: 21: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:38,829 INFO L280 TraceCheckUtils]: 22: Hoare triple {4035#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:38,830 INFO L280 TraceCheckUtils]: 23: Hoare triple {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:38,831 INFO L280 TraceCheckUtils]: 24: Hoare triple {4036#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:38,832 INFO L280 TraceCheckUtils]: 25: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:38,833 INFO L280 TraceCheckUtils]: 26: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:38,834 INFO L280 TraceCheckUtils]: 27: Hoare triple {4037#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4126#(and (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 main_~p~0.offset))} is VALID [2020-07-17 22:32:38,834 INFO L280 TraceCheckUtils]: 28: Hoare triple {4126#(and (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4126#(and (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 main_~p~0.offset))} is VALID [2020-07-17 22:32:38,835 INFO L280 TraceCheckUtils]: 29: Hoare triple {4126#(and (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 main_~p~0.offset))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {4039#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:38,835 INFO L280 TraceCheckUtils]: 30: Hoare triple {4039#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4136#(<= 3 |main_#t~mem36|)} is VALID [2020-07-17 22:32:38,836 INFO L280 TraceCheckUtils]: 31: Hoare triple {4136#(<= 3 |main_#t~mem36|)} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {4030#false} is VALID [2020-07-17 22:32:38,836 INFO L280 TraceCheckUtils]: 32: Hoare triple {4030#false} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-17 22:32:38,836 INFO L280 TraceCheckUtils]: 33: Hoare triple {4030#false} assume !(2 == #t~mem36);havoc #t~mem36; {4030#false} is VALID [2020-07-17 22:32:38,836 INFO L280 TraceCheckUtils]: 34: Hoare triple {4030#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-17 22:32:38,836 INFO L280 TraceCheckUtils]: 35: Hoare triple {4030#false} assume !(1 == #t~mem38);havoc #t~mem38; {4030#false} is VALID [2020-07-17 22:32:38,836 INFO L280 TraceCheckUtils]: 36: Hoare triple {4030#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {4030#false} is VALID [2020-07-17 22:32:38,837 INFO L280 TraceCheckUtils]: 37: Hoare triple {4030#false} assume 3 != #t~mem40;havoc #t~mem40; {4030#false} is VALID [2020-07-17 22:32:38,837 INFO L280 TraceCheckUtils]: 38: Hoare triple {4030#false} assume !false; {4030#false} is VALID [2020-07-17 22:32:38,840 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 4 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:38,840 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-17 22:32:38,840 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 9] total 12 [2020-07-17 22:32:38,841 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [814033071] [2020-07-17 22:32:38,841 INFO L78 Accepts]: Start accepts. Automaton has 12 states. Word has length 39 [2020-07-17 22:32:38,841 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:38,841 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states. [2020-07-17 22:32:38,900 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 46 edges. 46 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:38,900 INFO L459 AbstractCegarLoop]: Interpolant automaton has 12 states [2020-07-17 22:32:38,900 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:38,900 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2020-07-17 22:32:38,900 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2020-07-17 22:32:38,901 INFO L87 Difference]: Start difference. First operand 74 states and 99 transitions. Second operand 12 states. [2020-07-17 22:32:40,247 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:40,248 INFO L93 Difference]: Finished difference Result 94 states and 121 transitions. [2020-07-17 22:32:40,248 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2020-07-17 22:32:40,248 INFO L78 Accepts]: Start accepts. Automaton has 12 states. Word has length 39 [2020-07-17 22:32:40,248 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:40,248 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 12 states. [2020-07-17 22:32:40,249 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 106 transitions. [2020-07-17 22:32:40,250 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 12 states. [2020-07-17 22:32:40,251 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 106 transitions. [2020-07-17 22:32:40,251 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 106 transitions. [2020-07-17 22:32:40,401 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 106 edges. 106 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:40,403 INFO L225 Difference]: With dead ends: 94 [2020-07-17 22:32:40,403 INFO L226 Difference]: Without dead ends: 81 [2020-07-17 22:32:40,404 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 55 GetRequests, 38 SyntacticMatches, 2 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=54, Invalid=218, Unknown=0, NotChecked=0, Total=272 [2020-07-17 22:32:40,404 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 81 states. [2020-07-17 22:32:40,426 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 81 to 69. [2020-07-17 22:32:40,426 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:40,426 INFO L82 GeneralOperation]: Start isEquivalent. First operand 81 states. Second operand 69 states. [2020-07-17 22:32:40,426 INFO L74 IsIncluded]: Start isIncluded. First operand 81 states. Second operand 69 states. [2020-07-17 22:32:40,426 INFO L87 Difference]: Start difference. First operand 81 states. Second operand 69 states. [2020-07-17 22:32:40,428 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:40,429 INFO L93 Difference]: Finished difference Result 81 states and 106 transitions. [2020-07-17 22:32:40,429 INFO L276 IsEmpty]: Start isEmpty. Operand 81 states and 106 transitions. [2020-07-17 22:32:40,429 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:40,429 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:40,429 INFO L74 IsIncluded]: Start isIncluded. First operand 69 states. Second operand 81 states. [2020-07-17 22:32:40,429 INFO L87 Difference]: Start difference. First operand 69 states. Second operand 81 states. [2020-07-17 22:32:40,431 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:40,431 INFO L93 Difference]: Finished difference Result 81 states and 106 transitions. [2020-07-17 22:32:40,431 INFO L276 IsEmpty]: Start isEmpty. Operand 81 states and 106 transitions. [2020-07-17 22:32:40,431 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:40,432 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:40,432 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:40,432 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:40,432 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 69 states. [2020-07-17 22:32:40,433 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 69 states to 69 states and 93 transitions. [2020-07-17 22:32:40,434 INFO L78 Accepts]: Start accepts. Automaton has 69 states and 93 transitions. Word has length 39 [2020-07-17 22:32:40,434 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:40,434 INFO L479 AbstractCegarLoop]: Abstraction has 69 states and 93 transitions. [2020-07-17 22:32:40,434 INFO L480 AbstractCegarLoop]: Interpolant automaton has 12 states. [2020-07-17 22:32:40,434 INFO L276 IsEmpty]: Start isEmpty. Operand 69 states and 93 transitions. [2020-07-17 22:32:40,435 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2020-07-17 22:32:40,435 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:40,435 INFO L422 BasicCegarLoop]: trace histogram [3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:40,645 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable10 [2020-07-17 22:32:40,646 INFO L427 AbstractCegarLoop]: === Iteration 12 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:40,647 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:40,647 INFO L82 PathProgramCache]: Analyzing trace with hash -315248798, now seen corresponding path program 2 times [2020-07-17 22:32:40,647 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:40,648 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [806192542] [2020-07-17 22:32:40,648 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:40,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:40,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:40,898 INFO L280 TraceCheckUtils]: 0: Hoare triple {4542#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4527#true} is VALID [2020-07-17 22:32:40,898 INFO L280 TraceCheckUtils]: 1: Hoare triple {4527#true} assume true; {4527#true} is VALID [2020-07-17 22:32:40,899 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {4527#true} {4527#true} #225#return; {4527#true} is VALID [2020-07-17 22:32:40,899 INFO L263 TraceCheckUtils]: 0: Hoare triple {4527#true} call ULTIMATE.init(); {4542#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:40,900 INFO L280 TraceCheckUtils]: 1: Hoare triple {4542#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4527#true} is VALID [2020-07-17 22:32:40,900 INFO L280 TraceCheckUtils]: 2: Hoare triple {4527#true} assume true; {4527#true} is VALID [2020-07-17 22:32:40,900 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {4527#true} {4527#true} #225#return; {4527#true} is VALID [2020-07-17 22:32:40,900 INFO L263 TraceCheckUtils]: 4: Hoare triple {4527#true} call #t~ret41 := main(); {4527#true} is VALID [2020-07-17 22:32:40,900 INFO L280 TraceCheckUtils]: 5: Hoare triple {4527#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {4527#true} is VALID [2020-07-17 22:32:40,900 INFO L280 TraceCheckUtils]: 6: Hoare triple {4527#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {4527#true} is VALID [2020-07-17 22:32:40,900 INFO L280 TraceCheckUtils]: 7: Hoare triple {4527#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {4527#true} is VALID [2020-07-17 22:32:40,900 INFO L280 TraceCheckUtils]: 8: Hoare triple {4527#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {4527#true} is VALID [2020-07-17 22:32:40,901 INFO L280 TraceCheckUtils]: 9: Hoare triple {4527#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {4527#true} is VALID [2020-07-17 22:32:40,901 INFO L280 TraceCheckUtils]: 10: Hoare triple {4527#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {4527#true} is VALID [2020-07-17 22:32:40,901 INFO L280 TraceCheckUtils]: 11: Hoare triple {4527#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {4527#true} is VALID [2020-07-17 22:32:40,901 INFO L280 TraceCheckUtils]: 12: Hoare triple {4527#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {4527#true} is VALID [2020-07-17 22:32:40,901 INFO L280 TraceCheckUtils]: 13: Hoare triple {4527#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {4527#true} is VALID [2020-07-17 22:32:40,901 INFO L280 TraceCheckUtils]: 14: Hoare triple {4527#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {4527#true} is VALID [2020-07-17 22:32:40,901 INFO L280 TraceCheckUtils]: 15: Hoare triple {4527#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {4527#true} is VALID [2020-07-17 22:32:40,902 INFO L280 TraceCheckUtils]: 16: Hoare triple {4527#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:40,903 INFO L280 TraceCheckUtils]: 17: Hoare triple {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:40,903 INFO L280 TraceCheckUtils]: 18: Hoare triple {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:40,904 INFO L280 TraceCheckUtils]: 19: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:40,905 INFO L280 TraceCheckUtils]: 20: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:40,905 INFO L280 TraceCheckUtils]: 21: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:40,906 INFO L280 TraceCheckUtils]: 22: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4534#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:40,907 INFO L280 TraceCheckUtils]: 23: Hoare triple {4534#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4534#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:40,909 INFO L280 TraceCheckUtils]: 24: Hoare triple {4534#(and (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4535#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:40,910 INFO L280 TraceCheckUtils]: 25: Hoare triple {4535#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4535#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:40,912 INFO L280 TraceCheckUtils]: 26: Hoare triple {4535#(and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4536#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~a~0.offset main_~t~0.offset) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:40,913 INFO L280 TraceCheckUtils]: 27: Hoare triple {4536#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~a~0.offset main_~t~0.offset) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4536#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~a~0.offset main_~t~0.offset) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} is VALID [2020-07-17 22:32:40,914 INFO L280 TraceCheckUtils]: 28: Hoare triple {4536#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~a~0.offset main_~t~0.offset) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:40,915 INFO L280 TraceCheckUtils]: 29: Hoare triple {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:40,916 INFO L280 TraceCheckUtils]: 30: Hoare triple {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:40,917 INFO L280 TraceCheckUtils]: 31: Hoare triple {4537#(and (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4538#(or (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-17 22:32:40,918 INFO L280 TraceCheckUtils]: 32: Hoare triple {4538#(or (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4539#(or (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= |main_#t~mem36| 2))} is VALID [2020-07-17 22:32:40,918 INFO L280 TraceCheckUtils]: 33: Hoare triple {4539#(or (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= |main_#t~mem36| 2))} assume !(2 == #t~mem36);havoc #t~mem36; {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:40,919 INFO L280 TraceCheckUtils]: 34: Hoare triple {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:40,919 INFO L280 TraceCheckUtils]: 35: Hoare triple {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} assume !(1 == #t~mem38);havoc #t~mem38; {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:40,919 INFO L280 TraceCheckUtils]: 36: Hoare triple {4540#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {4541#(= |main_#t~mem40| 3)} is VALID [2020-07-17 22:32:40,920 INFO L280 TraceCheckUtils]: 37: Hoare triple {4541#(= |main_#t~mem40| 3)} assume 3 != #t~mem40;havoc #t~mem40; {4528#false} is VALID [2020-07-17 22:32:40,920 INFO L280 TraceCheckUtils]: 38: Hoare triple {4528#false} assume !false; {4528#false} is VALID [2020-07-17 22:32:40,923 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 0 proven. 8 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:40,923 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [806192542] [2020-07-17 22:32:40,923 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [352842186] [2020-07-17 22:32:40,923 INFO L92 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 7 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:41,043 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2020-07-17 22:32:41,044 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2020-07-17 22:32:41,045 INFO L264 TraceCheckSpWp]: Trace formula consists of 184 conjuncts, 40 conjunts are in the unsatisfiable core [2020-07-17 22:32:41,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:41,066 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-17 22:32:41,090 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-17 22:32:41,090 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,094 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:41,094 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,095 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2020-07-17 22:32:41,098 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:41,099 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_31|]. (and (= (store |v_#valid_31| main_~a~0.base 1) |#valid|) (= 0 main_~a~0.offset)) [2020-07-17 22:32:41,099 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset)) [2020-07-17 22:32:41,161 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:41,162 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 39 [2020-07-17 22:32:41,163 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,195 INFO L624 ElimStorePlain]: treesize reduction 14, result has 71.4 percent of original size [2020-07-17 22:32:41,204 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-17 22:32:41,205 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,218 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:41,219 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,219 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:37, output treesize:31 [2020-07-17 22:32:41,224 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:41,224 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_45|, |v_#valid_32|]. (and (= main_~a~0.base main_~p~0.base) (= (store |v_#valid_32| main_~t~0.base 1) |#valid|) (= 0 (select |v_#valid_32| main_~t~0.base)) (= 0 main_~a~0.offset) (= (store |v_#memory_int_45| main_~p~0.base (store (select |v_#memory_int_45| main_~p~0.base) main_~p~0.offset 2)) |#memory_int|) (= 1 (select |v_#valid_32| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-17 22:32:41,224 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-17 22:32:41,303 INFO L190 IndexEqualityManager]: detected not equals via solver [2020-07-17 22:32:41,304 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 27 treesize of output 11 [2020-07-17 22:32:41,306 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,315 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:41,315 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,316 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:44, output treesize:25 [2020-07-17 22:32:41,391 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:41,391 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 16 treesize of output 26 [2020-07-17 22:32:41,393 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,406 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:41,435 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 18 [2020-07-17 22:32:41,437 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,449 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:41,450 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,450 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:41, output treesize:30 [2020-07-17 22:32:41,453 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:41,453 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_47|, |v_#valid_33|]. (and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |v_#valid_33| main_~p~0.base)) (= (select (select |v_#memory_int_47| main_~a~0.base) main_~a~0.offset) 2) (= 0 main_~a~0.offset) (= (store |v_#memory_int_47| main_~p~0.base (store (select |v_#memory_int_47| main_~p~0.base) main_~p~0.offset 2)) |#memory_int|) (= 1 (select |v_#valid_33| main_~a~0.base)) (= 0 (select |v_#valid_33| main_~t~0.base))) [2020-07-17 22:32:41,453 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (not (= main_~t~0.base main_~p~0.base))) [2020-07-17 22:32:41,532 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[2, 1] term [2020-07-17 22:32:41,533 INFO L501 QuantifierPusher]: Distributing 1 conjuncts over 3 disjuncts [2020-07-17 22:32:41,592 INFO L350 Elim1Store]: treesize reduction 27, result has 20.6 percent of original size [2020-07-17 22:32:41,592 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 34 treesize of output 21 [2020-07-17 22:32:41,594 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,604 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:41,609 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2020-07-17 22:32:41,609 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:49, output treesize:30 [2020-07-17 22:32:41,732 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 28 [2020-07-17 22:32:41,738 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,751 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:41,771 INFO L544 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 1 dim-2 vars, End of recursive call: 4 dim-0 vars, and 1 xjuncts. [2020-07-17 22:32:41,772 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 5 variables, input treesize:41, output treesize:37 [2020-07-17 22:32:41,776 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:41,777 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_49|, v_main_~p~0.base_32, v_main_~p~0.offset_32, v_main_~p~0.base_31, v_main_~p~0.offset_31]. (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |v_#memory_int_49| main_~p~0.base) 0)) (= 0 main_~p~0.offset) (= |#memory_int| (store |v_#memory_int_49| v_main_~p~0.base_32 (store (select |v_#memory_int_49| v_main_~p~0.base_32) v_main_~p~0.offset_32 3))) (= (select (select |v_#memory_int_49| v_main_~p~0.base_31) v_main_~p~0.offset_31) 2) (not (= v_main_~p~0.base_32 main_~p~0.base)) (not (= v_main_~p~0.base_32 v_main_~p~0.base_31))) [2020-07-17 22:32:41,777 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_32, v_main_~p~0.offset_32, v_main_~p~0.base_31, v_main_~p~0.offset_31]. (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= (select (select |#memory_int| v_main_~p~0.base_32) v_main_~p~0.offset_32) 3) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (= 2 (select (select |#memory_int| main_~p~0.base) 0)) (= 0 main_~p~0.offset) (not (= v_main_~p~0.base_32 main_~p~0.base)) (not (= v_main_~p~0.base_32 v_main_~p~0.base_31))) [2020-07-17 22:32:41,901 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 3 select indices, 3 select index equivalence classes, 3 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 13 [2020-07-17 22:32:41,904 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,911 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:41,915 INFO L544 ElimStorePlain]: Start of recursive call 1: 5 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:41,915 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 6 variables, input treesize:41, output treesize:3 [2020-07-17 22:32:41,917 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:41,917 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, v_main_~p~0.base_32, v_main_~p~0.offset_32, v_main_~p~0.base_31, main_~p~0.base, v_main_~p~0.offset_31]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) 0))) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= (select (select |#memory_int| v_main_~p~0.base_32) v_main_~p~0.offset_32) 3) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (= 2 .cse0) (= |main_#t~mem36| .cse0) (not (= v_main_~p~0.base_32 main_~p~0.base)) (not (= v_main_~p~0.base_32 v_main_~p~0.base_31)))) [2020-07-17 22:32:41,917 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem36| 2) [2020-07-17 22:32:41,938 INFO L263 TraceCheckUtils]: 0: Hoare triple {4527#true} call ULTIMATE.init(); {4527#true} is VALID [2020-07-17 22:32:41,939 INFO L280 TraceCheckUtils]: 1: Hoare triple {4527#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {4527#true} is VALID [2020-07-17 22:32:41,939 INFO L280 TraceCheckUtils]: 2: Hoare triple {4527#true} assume true; {4527#true} is VALID [2020-07-17 22:32:41,939 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {4527#true} {4527#true} #225#return; {4527#true} is VALID [2020-07-17 22:32:41,939 INFO L263 TraceCheckUtils]: 4: Hoare triple {4527#true} call #t~ret41 := main(); {4527#true} is VALID [2020-07-17 22:32:41,939 INFO L280 TraceCheckUtils]: 5: Hoare triple {4527#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {4527#true} is VALID [2020-07-17 22:32:41,939 INFO L280 TraceCheckUtils]: 6: Hoare triple {4527#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {4527#true} is VALID [2020-07-17 22:32:41,939 INFO L280 TraceCheckUtils]: 7: Hoare triple {4527#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {4527#true} is VALID [2020-07-17 22:32:41,940 INFO L280 TraceCheckUtils]: 8: Hoare triple {4527#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {4527#true} is VALID [2020-07-17 22:32:41,940 INFO L280 TraceCheckUtils]: 9: Hoare triple {4527#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {4527#true} is VALID [2020-07-17 22:32:41,940 INFO L280 TraceCheckUtils]: 10: Hoare triple {4527#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {4527#true} is VALID [2020-07-17 22:32:41,940 INFO L280 TraceCheckUtils]: 11: Hoare triple {4527#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {4527#true} is VALID [2020-07-17 22:32:41,941 INFO L280 TraceCheckUtils]: 12: Hoare triple {4527#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {4527#true} is VALID [2020-07-17 22:32:41,941 INFO L280 TraceCheckUtils]: 13: Hoare triple {4527#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {4527#true} is VALID [2020-07-17 22:32:41,941 INFO L280 TraceCheckUtils]: 14: Hoare triple {4527#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {4527#true} is VALID [2020-07-17 22:32:41,942 INFO L280 TraceCheckUtils]: 15: Hoare triple {4527#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {4527#true} is VALID [2020-07-17 22:32:41,944 INFO L280 TraceCheckUtils]: 16: Hoare triple {4527#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:41,945 INFO L280 TraceCheckUtils]: 17: Hoare triple {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:41,945 INFO L280 TraceCheckUtils]: 18: Hoare triple {4532#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:41,946 INFO L280 TraceCheckUtils]: 19: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:41,946 INFO L280 TraceCheckUtils]: 20: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:41,947 INFO L280 TraceCheckUtils]: 21: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:41,951 INFO L280 TraceCheckUtils]: 22: Hoare triple {4533#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4612#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:41,953 INFO L280 TraceCheckUtils]: 23: Hoare triple {4612#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4612#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:41,954 INFO L280 TraceCheckUtils]: 24: Hoare triple {4612#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4619#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |#valid| main_~a~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:41,955 INFO L280 TraceCheckUtils]: 25: Hoare triple {4619#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |#valid| main_~a~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4619#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |#valid| main_~a~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:41,957 INFO L280 TraceCheckUtils]: 26: Hoare triple {4619#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |#valid| main_~a~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {4626#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:41,958 INFO L280 TraceCheckUtils]: 27: Hoare triple {4626#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {4626#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:41,960 INFO L280 TraceCheckUtils]: 28: Hoare triple {4626#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:41,961 INFO L280 TraceCheckUtils]: 29: Hoare triple {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:41,962 INFO L280 TraceCheckUtils]: 30: Hoare triple {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:41,965 INFO L280 TraceCheckUtils]: 31: Hoare triple {4633#(and (exists ((v_main_~p~0.base_31 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_31 main_~a~0.base)))) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {4643#(and (exists ((v_main_~p~0.base_32 Int) (v_main_~p~0.base_31 Int) (v_main_~p~0.offset_32 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= (select (select |#memory_int| v_main_~p~0.base_32) v_main_~p~0.offset_32) 3) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_32 main_~p~0.base)) (not (= v_main_~p~0.base_32 v_main_~p~0.base_31)))) (= 2 (select (select |#memory_int| main_~p~0.base) 0)) (= 0 main_~p~0.offset))} is VALID [2020-07-17 22:32:41,965 INFO L280 TraceCheckUtils]: 32: Hoare triple {4643#(and (exists ((v_main_~p~0.base_32 Int) (v_main_~p~0.base_31 Int) (v_main_~p~0.offset_32 Int) (v_main_~p~0.offset_31 Int)) (and (not (= v_main_~p~0.base_31 main_~p~0.base)) (= (select (select |#memory_int| v_main_~p~0.base_32) v_main_~p~0.offset_32) 3) (= 2 (select (select |#memory_int| v_main_~p~0.base_31) v_main_~p~0.offset_31)) (not (= v_main_~p~0.base_32 main_~p~0.base)) (not (= v_main_~p~0.base_32 v_main_~p~0.base_31)))) (= 2 (select (select |#memory_int| main_~p~0.base) 0)) (= 0 main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {4647#(= |main_#t~mem36| 2)} is VALID [2020-07-17 22:32:41,966 INFO L280 TraceCheckUtils]: 33: Hoare triple {4647#(= |main_#t~mem36| 2)} assume !(2 == #t~mem36);havoc #t~mem36; {4528#false} is VALID [2020-07-17 22:32:41,966 INFO L280 TraceCheckUtils]: 34: Hoare triple {4528#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {4528#false} is VALID [2020-07-17 22:32:41,966 INFO L280 TraceCheckUtils]: 35: Hoare triple {4528#false} assume !(1 == #t~mem38);havoc #t~mem38; {4528#false} is VALID [2020-07-17 22:32:41,966 INFO L280 TraceCheckUtils]: 36: Hoare triple {4528#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {4528#false} is VALID [2020-07-17 22:32:41,966 INFO L280 TraceCheckUtils]: 37: Hoare triple {4528#false} assume 3 != #t~mem40;havoc #t~mem40; {4528#false} is VALID [2020-07-17 22:32:41,966 INFO L280 TraceCheckUtils]: 38: Hoare triple {4528#false} assume !false; {4528#false} is VALID [2020-07-17 22:32:41,971 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 0 proven. 8 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:41,971 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-17 22:32:41,971 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 10] total 19 [2020-07-17 22:32:41,971 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [947814714] [2020-07-17 22:32:41,972 INFO L78 Accepts]: Start accepts. Automaton has 19 states. Word has length 39 [2020-07-17 22:32:41,972 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:41,972 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 19 states. [2020-07-17 22:32:42,052 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 57 edges. 57 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:42,052 INFO L459 AbstractCegarLoop]: Interpolant automaton has 19 states [2020-07-17 22:32:42,052 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:42,053 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 19 interpolants. [2020-07-17 22:32:42,053 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=52, Invalid=290, Unknown=0, NotChecked=0, Total=342 [2020-07-17 22:32:42,053 INFO L87 Difference]: Start difference. First operand 69 states and 93 transitions. Second operand 19 states. [2020-07-17 22:32:46,646 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:46,646 INFO L93 Difference]: Finished difference Result 105 states and 135 transitions. [2020-07-17 22:32:46,646 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 19 states. [2020-07-17 22:32:46,647 INFO L78 Accepts]: Start accepts. Automaton has 19 states. Word has length 39 [2020-07-17 22:32:46,647 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:46,647 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 19 states. [2020-07-17 22:32:46,649 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 19 states to 19 states and 115 transitions. [2020-07-17 22:32:46,649 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 19 states. [2020-07-17 22:32:46,651 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 19 states to 19 states and 115 transitions. [2020-07-17 22:32:46,651 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 19 states and 115 transitions. [2020-07-17 22:32:46,821 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 115 edges. 115 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:46,823 INFO L225 Difference]: With dead ends: 105 [2020-07-17 22:32:46,823 INFO L226 Difference]: Without dead ends: 97 [2020-07-17 22:32:46,824 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 64 GetRequests, 34 SyntacticMatches, 1 SemanticMatches, 29 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 169 ImplicationChecksByTransitivity, 0.8s TimeCoverageRelationStatistics Valid=162, Invalid=768, Unknown=0, NotChecked=0, Total=930 [2020-07-17 22:32:46,824 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 97 states. [2020-07-17 22:32:46,855 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 97 to 87. [2020-07-17 22:32:46,856 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:46,856 INFO L82 GeneralOperation]: Start isEquivalent. First operand 97 states. Second operand 87 states. [2020-07-17 22:32:46,856 INFO L74 IsIncluded]: Start isIncluded. First operand 97 states. Second operand 87 states. [2020-07-17 22:32:46,856 INFO L87 Difference]: Start difference. First operand 97 states. Second operand 87 states. [2020-07-17 22:32:46,858 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:46,859 INFO L93 Difference]: Finished difference Result 97 states and 125 transitions. [2020-07-17 22:32:46,859 INFO L276 IsEmpty]: Start isEmpty. Operand 97 states and 125 transitions. [2020-07-17 22:32:46,859 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:46,859 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:46,860 INFO L74 IsIncluded]: Start isIncluded. First operand 87 states. Second operand 97 states. [2020-07-17 22:32:46,860 INFO L87 Difference]: Start difference. First operand 87 states. Second operand 97 states. [2020-07-17 22:32:46,862 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:46,863 INFO L93 Difference]: Finished difference Result 97 states and 125 transitions. [2020-07-17 22:32:46,863 INFO L276 IsEmpty]: Start isEmpty. Operand 97 states and 125 transitions. [2020-07-17 22:32:46,863 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:46,863 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:46,864 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:46,864 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:46,864 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 87 states. [2020-07-17 22:32:46,866 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 87 states to 87 states and 114 transitions. [2020-07-17 22:32:46,867 INFO L78 Accepts]: Start accepts. Automaton has 87 states and 114 transitions. Word has length 39 [2020-07-17 22:32:46,867 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:46,867 INFO L479 AbstractCegarLoop]: Abstraction has 87 states and 114 transitions. [2020-07-17 22:32:46,867 INFO L480 AbstractCegarLoop]: Interpolant automaton has 19 states. [2020-07-17 22:32:46,867 INFO L276 IsEmpty]: Start isEmpty. Operand 87 states and 114 transitions. [2020-07-17 22:32:46,868 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2020-07-17 22:32:46,868 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:46,868 INFO L422 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:47,083 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11,7 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:47,084 INFO L427 AbstractCegarLoop]: === Iteration 13 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:47,084 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:47,084 INFO L82 PathProgramCache]: Analyzing trace with hash -15546846, now seen corresponding path program 1 times [2020-07-17 22:32:47,085 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:47,085 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1304955387] [2020-07-17 22:32:47,085 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:47,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:47,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:47,347 INFO L280 TraceCheckUtils]: 0: Hoare triple {5123#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5108#true} is VALID [2020-07-17 22:32:47,347 INFO L280 TraceCheckUtils]: 1: Hoare triple {5108#true} assume true; {5108#true} is VALID [2020-07-17 22:32:47,347 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {5108#true} {5108#true} #225#return; {5108#true} is VALID [2020-07-17 22:32:47,348 INFO L263 TraceCheckUtils]: 0: Hoare triple {5108#true} call ULTIMATE.init(); {5123#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:47,348 INFO L280 TraceCheckUtils]: 1: Hoare triple {5123#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5108#true} is VALID [2020-07-17 22:32:47,348 INFO L280 TraceCheckUtils]: 2: Hoare triple {5108#true} assume true; {5108#true} is VALID [2020-07-17 22:32:47,349 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {5108#true} {5108#true} #225#return; {5108#true} is VALID [2020-07-17 22:32:47,349 INFO L263 TraceCheckUtils]: 4: Hoare triple {5108#true} call #t~ret41 := main(); {5108#true} is VALID [2020-07-17 22:32:47,349 INFO L280 TraceCheckUtils]: 5: Hoare triple {5108#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {5108#true} is VALID [2020-07-17 22:32:47,349 INFO L280 TraceCheckUtils]: 6: Hoare triple {5108#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {5108#true} is VALID [2020-07-17 22:32:47,349 INFO L280 TraceCheckUtils]: 7: Hoare triple {5108#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {5108#true} is VALID [2020-07-17 22:32:47,350 INFO L280 TraceCheckUtils]: 8: Hoare triple {5108#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {5108#true} is VALID [2020-07-17 22:32:47,350 INFO L280 TraceCheckUtils]: 9: Hoare triple {5108#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {5108#true} is VALID [2020-07-17 22:32:47,350 INFO L280 TraceCheckUtils]: 10: Hoare triple {5108#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {5108#true} is VALID [2020-07-17 22:32:47,350 INFO L280 TraceCheckUtils]: 11: Hoare triple {5108#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {5108#true} is VALID [2020-07-17 22:32:47,350 INFO L280 TraceCheckUtils]: 12: Hoare triple {5108#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {5108#true} is VALID [2020-07-17 22:32:47,350 INFO L280 TraceCheckUtils]: 13: Hoare triple {5108#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {5108#true} is VALID [2020-07-17 22:32:47,351 INFO L280 TraceCheckUtils]: 14: Hoare triple {5108#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {5108#true} is VALID [2020-07-17 22:32:47,351 INFO L280 TraceCheckUtils]: 15: Hoare triple {5108#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {5108#true} is VALID [2020-07-17 22:32:47,352 INFO L280 TraceCheckUtils]: 16: Hoare triple {5108#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {5113#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:47,353 INFO L280 TraceCheckUtils]: 17: Hoare triple {5113#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {5113#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:47,354 INFO L280 TraceCheckUtils]: 18: Hoare triple {5113#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5114#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:47,354 INFO L280 TraceCheckUtils]: 19: Hoare triple {5114#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5114#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:47,356 INFO L280 TraceCheckUtils]: 20: Hoare triple {5114#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet30);havoc #t~nondet30;call write~int(1, ~p~0.base, ~p~0.offset, 4);call #t~malloc31.base, #t~malloc31.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc31.base, #t~malloc31.offset; {5115#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:47,357 INFO L280 TraceCheckUtils]: 21: Hoare triple {5115#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5115#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:47,358 INFO L280 TraceCheckUtils]: 22: Hoare triple {5115#(and (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem32.base, #t~mem32.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem32.base, #t~mem32.offset;havoc #t~mem32.base, #t~mem32.offset; {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:47,359 INFO L280 TraceCheckUtils]: 23: Hoare triple {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:47,360 INFO L280 TraceCheckUtils]: 24: Hoare triple {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume !(0 != #t~nondet30);havoc #t~nondet30; {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:47,360 INFO L280 TraceCheckUtils]: 25: Hoare triple {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:47,362 INFO L280 TraceCheckUtils]: 26: Hoare triple {5116#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 0 main_~a~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5117#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~t~0.offset))} is VALID [2020-07-17 22:32:47,363 INFO L280 TraceCheckUtils]: 27: Hoare triple {5117#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~t~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5117#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~t~0.offset))} is VALID [2020-07-17 22:32:47,364 INFO L280 TraceCheckUtils]: 28: Hoare triple {5117#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~t~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:47,365 INFO L280 TraceCheckUtils]: 29: Hoare triple {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:47,365 INFO L280 TraceCheckUtils]: 30: Hoare triple {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} assume !(0 != #t~nondet33);havoc #t~nondet33; {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:47,367 INFO L280 TraceCheckUtils]: 31: Hoare triple {5118#(and (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= main_~a~0.offset main_~p~0.offset))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-17 22:32:47,367 INFO L280 TraceCheckUtils]: 32: Hoare triple {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-17 22:32:47,368 INFO L280 TraceCheckUtils]: 33: Hoare triple {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} assume !(2 == #t~mem36);havoc #t~mem36; {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-17 22:32:47,369 INFO L280 TraceCheckUtils]: 34: Hoare triple {5119#(or (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {5120#(or (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= |main_#t~mem38| 1))} is VALID [2020-07-17 22:32:47,369 INFO L280 TraceCheckUtils]: 35: Hoare triple {5120#(or (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= |main_#t~mem38| 1))} assume !(1 == #t~mem38);havoc #t~mem38; {5121#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:47,370 INFO L280 TraceCheckUtils]: 36: Hoare triple {5121#(= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {5122#(= |main_#t~mem40| 3)} is VALID [2020-07-17 22:32:47,370 INFO L280 TraceCheckUtils]: 37: Hoare triple {5122#(= |main_#t~mem40| 3)} assume 3 != #t~mem40;havoc #t~mem40; {5109#false} is VALID [2020-07-17 22:32:47,371 INFO L280 TraceCheckUtils]: 38: Hoare triple {5109#false} assume !false; {5109#false} is VALID [2020-07-17 22:32:47,374 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:47,374 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1304955387] [2020-07-17 22:32:47,374 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1894104173] [2020-07-17 22:32:47,374 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 8 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 8 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:47,490 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:47,492 INFO L264 TraceCheckSpWp]: Trace formula consists of 184 conjuncts, 38 conjunts are in the unsatisfiable core [2020-07-17 22:32:47,513 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:47,515 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-17 22:32:47,546 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-17 22:32:47,546 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:47,549 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:47,549 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:47,549 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2020-07-17 22:32:47,551 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:47,551 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_34|]. (= (store |v_#valid_34| main_~a~0.base 1) |#valid|) [2020-07-17 22:32:47,551 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 1 (select |#valid| main_~a~0.base)) [2020-07-17 22:32:47,634 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:47,634 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 39 [2020-07-17 22:32:47,636 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:47,664 INFO L624 ElimStorePlain]: treesize reduction 14, result has 69.6 percent of original size [2020-07-17 22:32:47,670 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-17 22:32:47,670 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:47,682 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:47,682 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:47,683 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:34, output treesize:28 [2020-07-17 22:32:47,687 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:47,687 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_50|, |v_#valid_35|]. (and (= main_~a~0.base main_~p~0.base) (= (store |v_#memory_int_50| main_~p~0.base (store (select |v_#memory_int_50| main_~p~0.base) main_~p~0.offset 1)) |#memory_int|) (= 0 (select |v_#valid_35| main_~t~0.base)) (= |#valid| (store |v_#valid_35| main_~t~0.base 1)) (= 1 (select |v_#valid_35| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-17 22:32:47,687 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset)) [2020-07-17 22:32:47,757 INFO L350 Elim1Store]: treesize reduction 27, result has 20.6 percent of original size [2020-07-17 22:32:47,757 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 27 treesize of output 11 [2020-07-17 22:32:47,758 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:47,766 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:47,766 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:47,767 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:41, output treesize:22 [2020-07-17 22:32:47,840 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:47,840 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 16 treesize of output 26 [2020-07-17 22:32:47,843 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:47,853 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:47,861 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 18 [2020-07-17 22:32:47,862 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:47,871 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:47,872 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:47,872 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 2 variables, input treesize:38, output treesize:27 [2020-07-17 22:32:47,875 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:47,876 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_52|, |v_#valid_36|]. (and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select |v_#valid_36| main_~a~0.base)) (= 1 (select |v_#valid_36| main_~p~0.base)) (= |#memory_int| (store |v_#memory_int_52| main_~p~0.base (store (select |v_#memory_int_52| main_~p~0.base) main_~p~0.offset 2))) (= 0 (select |v_#valid_36| main_~t~0.base)) (= 1 (select (select |v_#memory_int_52| main_~a~0.base) main_~a~0.offset))) [2020-07-17 22:32:47,876 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base))) [2020-07-17 22:32:47,941 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[2, 1] term [2020-07-17 22:32:47,942 INFO L501 QuantifierPusher]: Distributing 1 conjuncts over 3 disjuncts [2020-07-17 22:32:48,000 INFO L350 Elim1Store]: treesize reduction 27, result has 20.6 percent of original size [2020-07-17 22:32:48,000 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 34 treesize of output 21 [2020-07-17 22:32:48,002 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:48,011 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:48,021 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2020-07-17 22:32:48,021 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:46, output treesize:27 [2020-07-17 22:32:48,152 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 3 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 26 treesize of output 28 [2020-07-17 22:32:48,155 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:48,166 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:48,183 INFO L544 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 1 dim-2 vars, End of recursive call: 4 dim-0 vars, and 1 xjuncts. [2020-07-17 22:32:48,183 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 5 variables, input treesize:38, output treesize:34 [2020-07-17 22:32:48,189 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:48,189 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_54|, v_main_~p~0.base_35, v_main_~p~0.offset_35, v_main_~p~0.base_34, v_main_~p~0.offset_34]. (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 2 (select (select |v_#memory_int_54| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (= (store |v_#memory_int_54| v_main_~p~0.base_35 (store (select |v_#memory_int_54| v_main_~p~0.base_35) v_main_~p~0.offset_35 3)) |#memory_int|) (= 1 (select (select |v_#memory_int_54| main_~p~0.base) main_~p~0.offset)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34))) [2020-07-17 22:32:48,189 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_35, v_main_~p~0.offset_35, v_main_~p~0.base_34, v_main_~p~0.offset_34]. (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34))) [2020-07-17 22:32:48,420 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 3 select indices, 3 select index equivalence classes, 3 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 0 case distinctions, treesize of input 29 treesize of output 13 [2020-07-17 22:32:48,422 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:48,430 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:48,434 INFO L544 ElimStorePlain]: Start of recursive call 1: 6 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:48,434 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 7 variables, input treesize:41, output treesize:3 [2020-07-17 22:32:48,438 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:48,438 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset, v_main_~p~0.base_34, v_main_~p~0.base_35, v_main_~p~0.offset_35, v_main_~p~0.offset_34]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= |main_#t~mem38| .cse0) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (= 1 .cse0) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) [2020-07-17 22:32:48,439 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem38| 1) [2020-07-17 22:32:48,463 INFO L263 TraceCheckUtils]: 0: Hoare triple {5108#true} call ULTIMATE.init(); {5108#true} is VALID [2020-07-17 22:32:48,463 INFO L280 TraceCheckUtils]: 1: Hoare triple {5108#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5108#true} is VALID [2020-07-17 22:32:48,463 INFO L280 TraceCheckUtils]: 2: Hoare triple {5108#true} assume true; {5108#true} is VALID [2020-07-17 22:32:48,464 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {5108#true} {5108#true} #225#return; {5108#true} is VALID [2020-07-17 22:32:48,464 INFO L263 TraceCheckUtils]: 4: Hoare triple {5108#true} call #t~ret41 := main(); {5108#true} is VALID [2020-07-17 22:32:48,464 INFO L280 TraceCheckUtils]: 5: Hoare triple {5108#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {5108#true} is VALID [2020-07-17 22:32:48,464 INFO L280 TraceCheckUtils]: 6: Hoare triple {5108#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {5108#true} is VALID [2020-07-17 22:32:48,465 INFO L280 TraceCheckUtils]: 7: Hoare triple {5108#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {5108#true} is VALID [2020-07-17 22:32:48,465 INFO L280 TraceCheckUtils]: 8: Hoare triple {5108#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {5108#true} is VALID [2020-07-17 22:32:48,465 INFO L280 TraceCheckUtils]: 9: Hoare triple {5108#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {5108#true} is VALID [2020-07-17 22:32:48,465 INFO L280 TraceCheckUtils]: 10: Hoare triple {5108#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {5108#true} is VALID [2020-07-17 22:32:48,465 INFO L280 TraceCheckUtils]: 11: Hoare triple {5108#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {5108#true} is VALID [2020-07-17 22:32:48,466 INFO L280 TraceCheckUtils]: 12: Hoare triple {5108#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {5108#true} is VALID [2020-07-17 22:32:48,466 INFO L280 TraceCheckUtils]: 13: Hoare triple {5108#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {5108#true} is VALID [2020-07-17 22:32:48,466 INFO L280 TraceCheckUtils]: 14: Hoare triple {5108#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {5108#true} is VALID [2020-07-17 22:32:48,466 INFO L280 TraceCheckUtils]: 15: Hoare triple {5108#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {5108#true} is VALID [2020-07-17 22:32:48,467 INFO L280 TraceCheckUtils]: 16: Hoare triple {5108#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {5175#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:48,468 INFO L280 TraceCheckUtils]: 17: Hoare triple {5175#(= 1 (select |#valid| main_~a~0.base))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {5175#(= 1 (select |#valid| main_~a~0.base))} is VALID [2020-07-17 22:32:48,469 INFO L280 TraceCheckUtils]: 18: Hoare triple {5175#(= 1 (select |#valid| main_~a~0.base))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5182#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:48,469 INFO L280 TraceCheckUtils]: 19: Hoare triple {5182#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5182#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:48,471 INFO L280 TraceCheckUtils]: 20: Hoare triple {5182#(and (= main_~a~0.base main_~p~0.base) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !!(0 != #t~nondet30);havoc #t~nondet30;call write~int(1, ~p~0.base, ~p~0.offset, 4);call #t~malloc31.base, #t~malloc31.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc31.base, #t~malloc31.offset; {5189#(and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:48,472 INFO L280 TraceCheckUtils]: 21: Hoare triple {5189#(and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5189#(and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} is VALID [2020-07-17 22:32:48,473 INFO L280 TraceCheckUtils]: 22: Hoare triple {5189#(and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= main_~a~0.base main_~p~0.base) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= main_~a~0.offset main_~p~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem32.base, #t~mem32.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem32.base, #t~mem32.offset;havoc #t~mem32.base, #t~mem32.offset; {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:48,474 INFO L280 TraceCheckUtils]: 23: Hoare triple {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:48,475 INFO L280 TraceCheckUtils]: 24: Hoare triple {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:48,477 INFO L280 TraceCheckUtils]: 25: Hoare triple {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:48,478 INFO L280 TraceCheckUtils]: 26: Hoare triple {5196#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 1 (select |#valid| main_~a~0.base)) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5209#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:48,479 INFO L280 TraceCheckUtils]: 27: Hoare triple {5209#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5209#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:48,481 INFO L280 TraceCheckUtils]: 28: Hoare triple {5209#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} is VALID [2020-07-17 22:32:48,482 INFO L280 TraceCheckUtils]: 29: Hoare triple {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} is VALID [2020-07-17 22:32:48,483 INFO L280 TraceCheckUtils]: 30: Hoare triple {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} assume !(0 != #t~nondet33);havoc #t~nondet33; {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} is VALID [2020-07-17 22:32:48,490 INFO L280 TraceCheckUtils]: 31: Hoare triple {5216#(and (not (= main_~a~0.base main_~p~0.base)) (= 1 (select (select |#memory_int| main_~a~0.base) main_~a~0.offset)) (exists ((v_main_~p~0.base_34 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_34 main_~a~0.base)))))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-17 22:32:48,491 INFO L280 TraceCheckUtils]: 32: Hoare triple {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-17 22:32:48,492 INFO L280 TraceCheckUtils]: 33: Hoare triple {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} assume !(2 == #t~mem36);havoc #t~mem36; {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-17 22:32:48,493 INFO L280 TraceCheckUtils]: 34: Hoare triple {5226#(and (exists ((v_main_~p~0.base_35 Int) (v_main_~p~0.base_34 Int) (v_main_~p~0.offset_35 Int) (v_main_~p~0.offset_34 Int)) (and (not (= v_main_~p~0.base_34 main_~p~0.base)) (not (= v_main_~p~0.base_35 main_~p~0.base)) (= 3 (select (select |#memory_int| v_main_~p~0.base_35) v_main_~p~0.offset_35)) (= 2 (select (select |#memory_int| v_main_~p~0.base_34) v_main_~p~0.offset_34)) (not (= v_main_~p~0.base_35 v_main_~p~0.base_34)))) (= 1 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {5236#(= |main_#t~mem38| 1)} is VALID [2020-07-17 22:32:48,493 INFO L280 TraceCheckUtils]: 35: Hoare triple {5236#(= |main_#t~mem38| 1)} assume !(1 == #t~mem38);havoc #t~mem38; {5109#false} is VALID [2020-07-17 22:32:48,493 INFO L280 TraceCheckUtils]: 36: Hoare triple {5109#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {5109#false} is VALID [2020-07-17 22:32:48,493 INFO L280 TraceCheckUtils]: 37: Hoare triple {5109#false} assume 3 != #t~mem40;havoc #t~mem40; {5109#false} is VALID [2020-07-17 22:32:48,494 INFO L280 TraceCheckUtils]: 38: Hoare triple {5109#false} assume !false; {5109#false} is VALID [2020-07-17 22:32:48,499 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 4 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:48,499 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-17 22:32:48,500 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 10] total 21 [2020-07-17 22:32:48,500 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1903122183] [2020-07-17 22:32:48,501 INFO L78 Accepts]: Start accepts. Automaton has 21 states. Word has length 39 [2020-07-17 22:32:48,501 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:48,501 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 21 states. [2020-07-17 22:32:48,583 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 63 edges. 63 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:48,584 INFO L459 AbstractCegarLoop]: Interpolant automaton has 21 states [2020-07-17 22:32:48,584 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:48,584 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 21 interpolants. [2020-07-17 22:32:48,585 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=55, Invalid=365, Unknown=0, NotChecked=0, Total=420 [2020-07-17 22:32:48,585 INFO L87 Difference]: Start difference. First operand 87 states and 114 transitions. Second operand 21 states. [2020-07-17 22:32:51,915 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:51,915 INFO L93 Difference]: Finished difference Result 125 states and 159 transitions. [2020-07-17 22:32:51,915 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 19 states. [2020-07-17 22:32:51,915 INFO L78 Accepts]: Start accepts. Automaton has 21 states. Word has length 39 [2020-07-17 22:32:51,916 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:51,916 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 21 states. [2020-07-17 22:32:51,918 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 19 states to 19 states and 123 transitions. [2020-07-17 22:32:51,918 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 21 states. [2020-07-17 22:32:51,919 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 19 states to 19 states and 123 transitions. [2020-07-17 22:32:51,920 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 19 states and 123 transitions. [2020-07-17 22:32:52,097 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 123 edges. 123 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:52,100 INFO L225 Difference]: With dead ends: 125 [2020-07-17 22:32:52,100 INFO L226 Difference]: Without dead ends: 119 [2020-07-17 22:32:52,101 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 66 GetRequests, 33 SyntacticMatches, 0 SemanticMatches, 33 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 191 ImplicationChecksByTransitivity, 0.9s TimeCoverageRelationStatistics Valid=195, Invalid=995, Unknown=0, NotChecked=0, Total=1190 [2020-07-17 22:32:52,102 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 119 states. [2020-07-17 22:32:52,135 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 119 to 95. [2020-07-17 22:32:52,135 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:52,135 INFO L82 GeneralOperation]: Start isEquivalent. First operand 119 states. Second operand 95 states. [2020-07-17 22:32:52,135 INFO L74 IsIncluded]: Start isIncluded. First operand 119 states. Second operand 95 states. [2020-07-17 22:32:52,135 INFO L87 Difference]: Start difference. First operand 119 states. Second operand 95 states. [2020-07-17 22:32:52,138 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:52,138 INFO L93 Difference]: Finished difference Result 119 states and 152 transitions. [2020-07-17 22:32:52,138 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 152 transitions. [2020-07-17 22:32:52,139 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:52,139 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:52,139 INFO L74 IsIncluded]: Start isIncluded. First operand 95 states. Second operand 119 states. [2020-07-17 22:32:52,139 INFO L87 Difference]: Start difference. First operand 95 states. Second operand 119 states. [2020-07-17 22:32:52,142 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:52,142 INFO L93 Difference]: Finished difference Result 119 states and 152 transitions. [2020-07-17 22:32:52,142 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 152 transitions. [2020-07-17 22:32:52,143 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:52,143 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:52,143 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:52,143 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:52,143 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 95 states. [2020-07-17 22:32:52,145 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 95 states to 95 states and 124 transitions. [2020-07-17 22:32:52,146 INFO L78 Accepts]: Start accepts. Automaton has 95 states and 124 transitions. Word has length 39 [2020-07-17 22:32:52,146 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:52,146 INFO L479 AbstractCegarLoop]: Abstraction has 95 states and 124 transitions. [2020-07-17 22:32:52,146 INFO L480 AbstractCegarLoop]: Interpolant automaton has 21 states. [2020-07-17 22:32:52,146 INFO L276 IsEmpty]: Start isEmpty. Operand 95 states and 124 transitions. [2020-07-17 22:32:52,147 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2020-07-17 22:32:52,147 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:52,147 INFO L422 BasicCegarLoop]: trace histogram [3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:52,362 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12,8 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:52,363 INFO L427 AbstractCegarLoop]: === Iteration 14 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:52,363 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:52,363 INFO L82 PathProgramCache]: Analyzing trace with hash -1233000963, now seen corresponding path program 3 times [2020-07-17 22:32:52,364 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:52,364 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1628708388] [2020-07-17 22:32:52,364 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:52,407 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:52,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:52,911 INFO L280 TraceCheckUtils]: 0: Hoare triple {5786#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5771#true} is VALID [2020-07-17 22:32:52,912 INFO L280 TraceCheckUtils]: 1: Hoare triple {5771#true} assume true; {5771#true} is VALID [2020-07-17 22:32:52,912 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {5771#true} {5771#true} #225#return; {5771#true} is VALID [2020-07-17 22:32:52,913 INFO L263 TraceCheckUtils]: 0: Hoare triple {5771#true} call ULTIMATE.init(); {5786#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-17 22:32:52,913 INFO L280 TraceCheckUtils]: 1: Hoare triple {5786#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5771#true} is VALID [2020-07-17 22:32:52,913 INFO L280 TraceCheckUtils]: 2: Hoare triple {5771#true} assume true; {5771#true} is VALID [2020-07-17 22:32:52,913 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {5771#true} {5771#true} #225#return; {5771#true} is VALID [2020-07-17 22:32:52,913 INFO L263 TraceCheckUtils]: 4: Hoare triple {5771#true} call #t~ret41 := main(); {5771#true} is VALID [2020-07-17 22:32:52,914 INFO L280 TraceCheckUtils]: 5: Hoare triple {5771#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {5771#true} is VALID [2020-07-17 22:32:52,914 INFO L280 TraceCheckUtils]: 6: Hoare triple {5771#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {5771#true} is VALID [2020-07-17 22:32:52,914 INFO L280 TraceCheckUtils]: 7: Hoare triple {5771#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {5771#true} is VALID [2020-07-17 22:32:52,914 INFO L280 TraceCheckUtils]: 8: Hoare triple {5771#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {5771#true} is VALID [2020-07-17 22:32:52,914 INFO L280 TraceCheckUtils]: 9: Hoare triple {5771#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {5771#true} is VALID [2020-07-17 22:32:52,914 INFO L280 TraceCheckUtils]: 10: Hoare triple {5771#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {5771#true} is VALID [2020-07-17 22:32:52,915 INFO L280 TraceCheckUtils]: 11: Hoare triple {5771#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {5771#true} is VALID [2020-07-17 22:32:52,915 INFO L280 TraceCheckUtils]: 12: Hoare triple {5771#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {5771#true} is VALID [2020-07-17 22:32:52,915 INFO L280 TraceCheckUtils]: 13: Hoare triple {5771#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {5771#true} is VALID [2020-07-17 22:32:52,915 INFO L280 TraceCheckUtils]: 14: Hoare triple {5771#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {5771#true} is VALID [2020-07-17 22:32:52,915 INFO L280 TraceCheckUtils]: 15: Hoare triple {5771#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {5771#true} is VALID [2020-07-17 22:32:52,917 INFO L280 TraceCheckUtils]: 16: Hoare triple {5771#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:52,917 INFO L280 TraceCheckUtils]: 17: Hoare triple {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:52,918 INFO L280 TraceCheckUtils]: 18: Hoare triple {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:52,920 INFO L280 TraceCheckUtils]: 19: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:52,921 INFO L280 TraceCheckUtils]: 20: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:52,922 INFO L280 TraceCheckUtils]: 21: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:52,924 INFO L280 TraceCheckUtils]: 22: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5778#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:52,925 INFO L280 TraceCheckUtils]: 23: Hoare triple {5778#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5778#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:52,928 INFO L280 TraceCheckUtils]: 24: Hoare triple {5778#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5779#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:52,929 INFO L280 TraceCheckUtils]: 25: Hoare triple {5779#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5779#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:52,932 INFO L280 TraceCheckUtils]: 26: Hoare triple {5779#(and (not (= main_~a~0.base main_~p~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5780#(and (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.base)) main_~a~0.base) 4) main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~a~0.offset main_~t~0.offset) (= 0 main_~a~0.offset) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.offset)) main_~a~0.base) 4)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:52,933 INFO L280 TraceCheckUtils]: 27: Hoare triple {5780#(and (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.base)) main_~a~0.base) 4) main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~a~0.offset main_~t~0.offset) (= 0 main_~a~0.offset) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.offset)) main_~a~0.base) 4)) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5780#(and (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.base)) main_~a~0.base) 4) main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~a~0.offset main_~t~0.offset) (= 0 main_~a~0.offset) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.offset)) main_~a~0.base) 4)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:52,935 INFO L280 TraceCheckUtils]: 28: Hoare triple {5780#(and (= (select (select (store |#memory_$Pointer$.base| main_~p~0.base (store (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.base)) main_~a~0.base) 4) main_~p~0.base) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~a~0.offset main_~t~0.offset) (= 0 main_~a~0.offset) (= main_~p~0.offset (select (select (store |#memory_$Pointer$.offset| main_~p~0.base (store (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4) main_~t~0.offset)) main_~a~0.base) 4)) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} is VALID [2020-07-17 22:32:52,936 INFO L280 TraceCheckUtils]: 29: Hoare triple {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} is VALID [2020-07-17 22:32:52,937 INFO L280 TraceCheckUtils]: 30: Hoare triple {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} assume !(0 != #t~nondet33);havoc #t~nondet33; {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} is VALID [2020-07-17 22:32:52,939 INFO L280 TraceCheckUtils]: 31: Hoare triple {5781#(or (and (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select (store |#memory_int| main_~p~0.base (store (select |#memory_int| main_~p~0.base) main_~p~0.offset 3)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (= 0 main_~a~0.offset)) (and (= main_~a~0.base main_~p~0.base) (= main_~a~0.offset main_~p~0.offset)))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5782#(or (and (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4))))) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} is VALID [2020-07-17 22:32:52,940 INFO L280 TraceCheckUtils]: 32: Hoare triple {5782#(or (and (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4))))) (= 3 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5783#(or (and (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4))))) (= |main_#t~mem36| 3))} is VALID [2020-07-17 22:32:52,941 INFO L280 TraceCheckUtils]: 33: Hoare triple {5783#(or (and (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) (+ main_~p~0.offset 4))) (select (select |#memory_$Pointer$.offset| main_~p~0.base) (+ main_~p~0.offset 4))))) (= |main_#t~mem36| 3))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {5784#(= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} is VALID [2020-07-17 22:32:52,942 INFO L280 TraceCheckUtils]: 34: Hoare triple {5784#(= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5785#(= |main_#t~mem36| 2)} is VALID [2020-07-17 22:32:52,943 INFO L280 TraceCheckUtils]: 35: Hoare triple {5785#(= |main_#t~mem36| 2)} assume !(2 == #t~mem36);havoc #t~mem36; {5772#false} is VALID [2020-07-17 22:32:52,943 INFO L280 TraceCheckUtils]: 36: Hoare triple {5772#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {5772#false} is VALID [2020-07-17 22:32:52,943 INFO L280 TraceCheckUtils]: 37: Hoare triple {5772#false} assume !(1 == #t~mem38);havoc #t~mem38; {5772#false} is VALID [2020-07-17 22:32:52,943 INFO L280 TraceCheckUtils]: 38: Hoare triple {5772#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {5772#false} is VALID [2020-07-17 22:32:52,943 INFO L280 TraceCheckUtils]: 39: Hoare triple {5772#false} assume 3 != #t~mem40;havoc #t~mem40; {5772#false} is VALID [2020-07-17 22:32:52,944 INFO L280 TraceCheckUtils]: 40: Hoare triple {5772#false} assume !false; {5772#false} is VALID [2020-07-17 22:32:52,949 INFO L134 CoverageAnalysis]: Checked inductivity of 11 backedges. 0 proven. 10 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:52,950 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1628708388] [2020-07-17 22:32:52,950 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2090495369] [2020-07-17 22:32:52,950 INFO L92 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 9 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 9 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-17 22:32:53,093 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 3 check-sat command(s) [2020-07-17 22:32:53,094 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2020-07-17 22:32:53,096 INFO L264 TraceCheckSpWp]: Trace formula consists of 192 conjuncts, 61 conjunts are in the unsatisfiable core [2020-07-17 22:32:53,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-17 22:32:53,112 INFO L287 TraceCheckSpWp]: Computing forward predicates... [2020-07-17 22:32:53,139 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-17 22:32:53,140 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,144 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:53,144 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,144 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2020-07-17 22:32:53,146 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:53,147 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_37|]. (and (= 0 main_~a~0.offset) (= (store |v_#valid_37| main_~a~0.base 1) |#valid|)) [2020-07-17 22:32:53,147 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset)) [2020-07-17 22:32:53,194 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:53,195 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 39 [2020-07-17 22:32:53,196 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,231 INFO L624 ElimStorePlain]: treesize reduction 14, result has 63.2 percent of original size [2020-07-17 22:32:53,231 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,231 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:26, output treesize:24 [2020-07-17 22:32:53,234 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:53,235 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_38|]. (and (= |#valid| (store |v_#valid_38| main_~t~0.base 1)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |v_#valid_38| main_~p~0.base)) (= 0 (select |v_#valid_38| main_~t~0.base))) [2020-07-17 22:32:53,235 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base))) [2020-07-17 22:32:53,305 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-17 22:32:53,306 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,323 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:53,332 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-17 22:32:53,333 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,349 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:53,351 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,352 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 4 variables, input treesize:54, output treesize:40 [2020-07-17 22:32:53,356 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:53,356 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_55|, main_~t~0.base, |v_#memory_$Pointer$.offset_48|, main_~t~0.offset]. (and (= 1 (select |#valid| main_~t~0.base)) (not (= main_~t~0.base main_~a~0.base)) (= (store |v_#memory_$Pointer$.base_55| main_~a~0.base (store (select |v_#memory_$Pointer$.base_55| main_~a~0.base) 4 main_~t~0.base)) |#memory_$Pointer$.base|) (= (store |v_#memory_$Pointer$.offset_48| main_~a~0.base (store (select |v_#memory_$Pointer$.offset_48| main_~a~0.base) 4 main_~t~0.offset)) |#memory_$Pointer$.offset|) (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset)) [2020-07-17 22:32:53,356 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (and (not (= main_~a~0.base .cse0)) (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset) (= main_~p~0.base .cse0) (= 1 (select |#valid| .cse0)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))) [2020-07-17 22:32:53,445 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:53,446 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 20 treesize of output 30 [2020-07-17 22:32:53,447 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,476 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:53,477 INFO L440 ElimStorePlain]: Different costs {0=[|v_#memory_int_55|], 2=[|v_#memory_$Pointer$.base_56|, |v_#memory_$Pointer$.offset_49|]} [2020-07-17 22:32:53,484 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 7 [2020-07-17 22:32:53,485 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,513 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:53,542 INFO L350 Elim1Store]: treesize reduction 21, result has 41.7 percent of original size [2020-07-17 22:32:53,542 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 39 treesize of output 27 [2020-07-17 22:32:53,545 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,588 INFO L624 ElimStorePlain]: treesize reduction 8, result has 87.3 percent of original size [2020-07-17 22:32:53,598 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 23 treesize of output 11 [2020-07-17 22:32:53,599 INFO L544 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,615 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:53,616 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,616 INFO L244 ElimStorePlain]: Needed 5 recursive calls to eliminate 4 variables, input treesize:89, output treesize:40 [2020-07-17 22:32:53,671 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:53,671 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.offset_49|, |v_#valid_39|, |v_#memory_$Pointer$.base_56|, |v_#memory_int_55|]. (let ((.cse0 (select (select |v_#memory_$Pointer$.base_56| main_~a~0.base) 4))) (and (= 0 (select |v_#valid_39| main_~t~0.base)) (= (store |v_#memory_$Pointer$.offset_49| main_~p~0.base (store (select |v_#memory_$Pointer$.offset_49| main_~p~0.base) main_~p~0.offset (select (select |#memory_$Pointer$.offset| main_~p~0.base) main_~p~0.offset))) |#memory_$Pointer$.offset|) (= 1 (select |v_#valid_39| main_~a~0.base)) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_56| main_~p~0.base (store (select |v_#memory_$Pointer$.base_56| main_~p~0.base) main_~p~0.offset (select (select |#memory_$Pointer$.base| main_~p~0.base) main_~p~0.offset)))) (= |#memory_int| (store |v_#memory_int_55| main_~p~0.base (store (select |v_#memory_int_55| main_~p~0.base) main_~p~0.offset 2))) (= main_~p~0.base .cse0) (= 0 main_~a~0.offset) (= 1 (select |v_#valid_39| .cse0)) (not (= main_~a~0.base .cse0)) (= main_~p~0.offset (select (select |v_#memory_$Pointer$.offset_49| main_~a~0.base) 4)) (= 0 main_~t~0.offset))) [2020-07-17 22:32:53,671 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 0 main_~a~0.offset) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= 0 main_~t~0.offset)) [2020-07-17 22:32:53,793 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:53,793 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 155 treesize of output 149 [2020-07-17 22:32:53,799 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[10, 3, 2, 1] term [2020-07-17 22:32:53,799 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 10 disjuncts [2020-07-17 22:32:53,802 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,868 INFO L624 ElimStorePlain]: treesize reduction 26, result has 85.6 percent of original size [2020-07-17 22:32:53,878 INFO L190 IndexEqualityManager]: detected not equals via solver [2020-07-17 22:32:53,880 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 55 treesize of output 19 [2020-07-17 22:32:53,882 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,908 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:53,916 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 92 treesize of output 74 [2020-07-17 22:32:53,921 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,952 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:53,958 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:53,959 INFO L244 ElimStorePlain]: Needed 4 recursive calls to eliminate 4 variables, input treesize:162, output treesize:118 [2020-07-17 22:32:53,966 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:53,966 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_$Pointer$.base_57|, |v_#memory_$Pointer$.offset_50|, main_~t~0.base, |v_#memory_int_56|]. (let ((.cse0 (select (select |v_#memory_$Pointer$.base_57| main_~a~0.base) 4)) (.cse3 (select (select |v_#memory_$Pointer$.offset_50| main_~a~0.base) 4))) (let ((.cse1 (+ .cse3 4)) (.cse2 (select |v_#memory_int_56| .cse0))) (and (not (= main_~t~0.base main_~a~0.base)) (= (select (select |#memory_$Pointer$.offset| .cse0) .cse1) main_~p~0.offset) (= |#memory_$Pointer$.base| (store |v_#memory_$Pointer$.base_57| .cse0 (store (select |v_#memory_$Pointer$.base_57| .cse0) .cse1 main_~t~0.base))) (not (= main_~a~0.base .cse0)) (not (= main_~t~0.base .cse0)) (= |#memory_int| (store |v_#memory_int_56| .cse0 (store .cse2 .cse1 (select (select |#memory_int| .cse0) .cse1)))) (= 0 main_~a~0.offset) (= |#memory_$Pointer$.offset| (store |v_#memory_$Pointer$.offset_50| .cse0 (store (select |v_#memory_$Pointer$.offset_50| .cse0) .cse1 0))) (= main_~p~0.base (select (select |#memory_$Pointer$.base| .cse0) .cse1)) (= 2 (select .cse2 .cse3))))) [2020-07-17 22:32:53,966 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse3 (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (let ((.cse2 (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (.cse4 (+ .cse3 4))) (let ((.cse1 (select (select |#memory_$Pointer$.base| .cse2) .cse4)) (.cse0 (select (select |#memory_$Pointer$.offset| .cse2) .cse4))) (and (= 0 .cse0) (= .cse1 main_~p~0.base) (not (= main_~a~0.base .cse2)) (= 2 (select (select |#memory_int| .cse2) .cse3)) (not (= .cse1 .cse2)) (= 0 main_~a~0.offset) (not (= .cse1 main_~a~0.base)) (= main_~p~0.offset .cse0))))) [2020-07-17 22:32:54,060 INFO L440 ElimStorePlain]: Different costs {2=[|v_#memory_int_57|], 6=[|v_#memory_$Pointer$.base_58|, |v_#memory_$Pointer$.offset_51|]} [2020-07-17 22:32:54,070 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 3 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 69 treesize of output 54 [2020-07-17 22:32:54,072 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:54,100 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:54,151 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:54,152 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 5 new quantified variables, introduced 3 case distinctions, treesize of input 286 treesize of output 261 [2020-07-17 22:32:54,174 INFO L320 QuantifierPusher]: Applying distributivity to a CONJUNCTION[9, 3, 2, 1] term [2020-07-17 22:32:54,174 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 9 disjuncts [2020-07-17 22:32:54,182 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 11 disjuncts [2020-07-17 22:32:54,193 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:54,250 INFO L624 ElimStorePlain]: treesize reduction 212, result has 49.0 percent of original size [2020-07-17 22:32:54,294 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:54,295 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 5 new quantified variables, introduced 2 case distinctions, treesize of input 193 treesize of output 212 [2020-07-17 22:32:54,316 INFO L544 ElimStorePlain]: Start of recursive call 4: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:54,352 INFO L624 ElimStorePlain]: treesize reduction 100, result has 51.2 percent of original size [2020-07-17 22:32:54,353 INFO L544 ElimStorePlain]: Start of recursive call 1: 3 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:54,353 INFO L244 ElimStorePlain]: Needed 4 recursive calls to eliminate 3 variables, input treesize:307, output treesize:105 [2020-07-17 22:32:54,527 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:54,527 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 3 new quantified variables, introduced 1 case distinctions, treesize of input 109 treesize of output 68 [2020-07-17 22:32:54,534 INFO L501 QuantifierPusher]: Distributing 3 conjuncts over 4 disjuncts [2020-07-17 22:32:54,543 INFO L501 QuantifierPusher]: Distributing 3 conjuncts over 4 disjuncts [2020-07-17 22:32:54,547 INFO L544 ElimStorePlain]: Start of recursive call 2: 1 dim-0 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2020-07-17 22:32:54,587 INFO L624 ElimStorePlain]: treesize reduction 22, result has 71.1 percent of original size [2020-07-17 22:32:54,592 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 3 new quantified variables, introduced 0 case distinctions, treesize of input 32 treesize of output 19 [2020-07-17 22:32:54,595 INFO L544 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:54,606 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:54,611 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 2 dim-2 vars, End of recursive call: 2 dim-0 vars, and 1 xjuncts. [2020-07-17 22:32:54,611 INFO L244 ElimStorePlain]: Needed 3 recursive calls to eliminate 3 variables, input treesize:123, output treesize:30 [2020-07-17 22:32:54,615 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:54,615 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_$Pointer$.base|, v_main_~p~0.base_39, |#memory_$Pointer$.offset|]. (let ((.cse0 (select (select |#memory_$Pointer$.offset| v_main_~p~0.base_39) 4))) (let ((.cse2 (select (select |#memory_$Pointer$.base| v_main_~p~0.base_39) 4)) (.cse3 (+ .cse0 4))) (let ((.cse1 (select (select |#memory_$Pointer$.base| .cse2) .cse3))) (and (<= (select (select |#memory_int| v_main_~p~0.base_39) 0) 2) (= main_~p~0.offset .cse0) (not (= v_main_~p~0.base_39 .cse1)) (= main_~p~0.base .cse2) (= 2 (select (select |#memory_int| .cse2) .cse0)) (not (= .cse1 .cse2)) (= 0 (select (select |#memory_$Pointer$.offset| .cse2) .cse3)) (= (select (select |#memory_int| .cse1) 0) 3) (not (= v_main_~p~0.base_39 .cse2)))))) [2020-07-17 22:32:54,616 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [v_main_~p~0.base_39, v_arrayElimCell_78]. (and (not (= v_main_~p~0.base_39 main_~p~0.base)) (<= (select (select |#memory_int| v_main_~p~0.base_39) 0) 2) (not (= main_~p~0.base v_arrayElimCell_78)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= 3 (select (select |#memory_int| v_arrayElimCell_78) 0))) [2020-07-17 22:32:54,718 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:54,719 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 3 select indices, 3 select index equivalence classes, 2 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 1 case distinctions, treesize of input 29 treesize of output 21 [2020-07-17 22:32:54,722 INFO L501 QuantifierPusher]: Distributing 2 conjuncts over 2 disjuncts [2020-07-17 22:32:54,724 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-17 22:32:54,730 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-17 22:32:54,734 INFO L544 ElimStorePlain]: Start of recursive call 1: 4 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-17 22:32:54,735 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 5 variables, input treesize:37, output treesize:3 [2020-07-17 22:32:54,738 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-17 22:32:54,738 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~p~0.base, main_~p~0.offset, v_main_~p~0.base_39, v_arrayElimCell_78]. (let ((.cse0 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset))) (and (<= (select (select |#memory_int| v_main_~p~0.base_39) 0) 2) (not (= v_main_~p~0.base_39 main_~p~0.base)) (= |main_#t~mem36| .cse0) (= 2 .cse0) (not (= main_~p~0.base v_arrayElimCell_78)) (= 3 (select (select |#memory_int| v_arrayElimCell_78) 0)))) [2020-07-17 22:32:54,739 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= |main_#t~mem36| 2) [2020-07-17 22:32:54,742 INFO L263 TraceCheckUtils]: 0: Hoare triple {5771#true} call ULTIMATE.init(); {5771#true} is VALID [2020-07-17 22:32:54,742 INFO L280 TraceCheckUtils]: 1: Hoare triple {5771#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {5771#true} is VALID [2020-07-17 22:32:54,742 INFO L280 TraceCheckUtils]: 2: Hoare triple {5771#true} assume true; {5771#true} is VALID [2020-07-17 22:32:54,742 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {5771#true} {5771#true} #225#return; {5771#true} is VALID [2020-07-17 22:32:54,743 INFO L263 TraceCheckUtils]: 4: Hoare triple {5771#true} call #t~ret41 := main(); {5771#true} is VALID [2020-07-17 22:32:54,743 INFO L280 TraceCheckUtils]: 5: Hoare triple {5771#true} call #t~malloc2.base, #t~malloc2.offset := #Ultimate.allocOnHeap(8);~root~0.base, ~root~0.offset := #t~malloc2.base, #t~malloc2.offset;havoc ~n~0.base, ~n~0.offset;call write~$Pointer$(0, 0, ~root~0.base, ~root~0.offset, 4);call write~$Pointer$(0, 0, ~root~0.base, 4 + ~root~0.offset, 4); {5771#true} is VALID [2020-07-17 22:32:54,743 INFO L280 TraceCheckUtils]: 6: Hoare triple {5771#true} assume -2147483648 <= #t~nondet3 && #t~nondet3 <= 2147483647; {5771#true} is VALID [2020-07-17 22:32:54,743 INFO L280 TraceCheckUtils]: 7: Hoare triple {5771#true} assume !(0 != #t~nondet3);havoc #t~nondet3; {5771#true} is VALID [2020-07-17 22:32:54,744 INFO L280 TraceCheckUtils]: 8: Hoare triple {5771#true} ~n~0.base, ~n~0.offset := 0, 0;havoc ~pred~0.base, ~pred~0.offset; {5771#true} is VALID [2020-07-17 22:32:54,744 INFO L280 TraceCheckUtils]: 9: Hoare triple {5771#true} assume !!(~root~0.base != 0 || ~root~0.offset != 0);~pred~0.base, ~pred~0.offset := 0, 0;~n~0.base, ~n~0.offset := ~root~0.base, ~root~0.offset; {5771#true} is VALID [2020-07-17 22:32:54,744 INFO L280 TraceCheckUtils]: 10: Hoare triple {5771#true} call #t~mem22.base, #t~mem22.offset := read~$Pointer$(~n~0.base, ~n~0.offset, 4);#t~short24 := #t~mem22.base != 0 || #t~mem22.offset != 0; {5771#true} is VALID [2020-07-17 22:32:54,744 INFO L280 TraceCheckUtils]: 11: Hoare triple {5771#true} assume !#t~short24;call #t~mem23.base, #t~mem23.offset := read~$Pointer$(~n~0.base, 4 + ~n~0.offset, 4);#t~short24 := #t~mem23.base != 0 || #t~mem23.offset != 0; {5771#true} is VALID [2020-07-17 22:32:54,744 INFO L280 TraceCheckUtils]: 12: Hoare triple {5771#true} assume !#t~short24;havoc #t~mem23.base, #t~mem23.offset;havoc #t~short24;havoc #t~mem22.base, #t~mem22.offset; {5771#true} is VALID [2020-07-17 22:32:54,745 INFO L280 TraceCheckUtils]: 13: Hoare triple {5771#true} assume !(~pred~0.base != 0 || ~pred~0.offset != 0);~root~0.base, ~root~0.offset := 0, 0; {5771#true} is VALID [2020-07-17 22:32:54,745 INFO L280 TraceCheckUtils]: 14: Hoare triple {5771#true} call ULTIMATE.dealloc(~n~0.base, ~n~0.offset); {5771#true} is VALID [2020-07-17 22:32:54,745 INFO L280 TraceCheckUtils]: 15: Hoare triple {5771#true} assume !(~root~0.base != 0 || ~root~0.offset != 0); {5771#true} is VALID [2020-07-17 22:32:54,746 INFO L280 TraceCheckUtils]: 16: Hoare triple {5771#true} call #t~malloc29.base, #t~malloc29.offset := #Ultimate.allocOnHeap(8);~a~0.base, ~a~0.offset := #t~malloc29.base, #t~malloc29.offset; {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:54,746 INFO L280 TraceCheckUtils]: 17: Hoare triple {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} assume !(~a~0.base == 0 && ~a~0.offset == 0); {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} is VALID [2020-07-17 22:32:54,747 INFO L280 TraceCheckUtils]: 18: Hoare triple {5776#(and (= 1 (select |#valid| main_~a~0.base)) (= 0 main_~a~0.offset))} havoc ~t~0.base, ~t~0.offset;~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:54,748 INFO L280 TraceCheckUtils]: 19: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet30 && #t~nondet30 <= 2147483647; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:54,748 INFO L280 TraceCheckUtils]: 20: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !(0 != #t~nondet30);havoc #t~nondet30; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:54,749 INFO L280 TraceCheckUtils]: 21: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} is VALID [2020-07-17 22:32:54,750 INFO L280 TraceCheckUtils]: 22: Hoare triple {5777#(and (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5856#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:54,751 INFO L280 TraceCheckUtils]: 23: Hoare triple {5856#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5856#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)))} is VALID [2020-07-17 22:32:54,752 INFO L280 TraceCheckUtils]: 24: Hoare triple {5856#(and (= 1 (select |#valid| main_~t~0.base)) (= main_~a~0.base main_~p~0.base) (= 0 main_~p~0.offset) (= 0 main_~a~0.offset) (= 1 (select |#valid| main_~p~0.base)) (not (= main_~t~0.base main_~p~0.base)))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5863#(and (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 1 (select |#valid| main_~a~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:54,753 INFO L280 TraceCheckUtils]: 25: Hoare triple {5863#(and (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 1 (select |#valid| main_~a~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5863#(and (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 1 (select |#valid| main_~a~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} is VALID [2020-07-17 22:32:54,754 INFO L280 TraceCheckUtils]: 26: Hoare triple {5863#(and (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 1 (select |#valid| main_~a~0.base)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= 1 (select |#valid| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset))} assume !!(0 != #t~nondet33);havoc #t~nondet33;call write~int(2, ~p~0.base, ~p~0.offset, 4);call #t~malloc34.base, #t~malloc34.offset := #Ultimate.allocOnHeap(8);~t~0.base, ~t~0.offset := #t~malloc34.base, #t~malloc34.offset; {5870#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= 0 main_~t~0.offset))} is VALID [2020-07-17 22:32:54,759 INFO L280 TraceCheckUtils]: 27: Hoare triple {5870#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= 0 main_~t~0.offset))} assume !(~t~0.base == 0 && ~t~0.offset == 0); {5870#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= 0 main_~t~0.offset))} is VALID [2020-07-17 22:32:54,761 INFO L280 TraceCheckUtils]: 28: Hoare triple {5870#(and (not (= main_~t~0.base main_~a~0.base)) (not (= main_~a~0.base main_~p~0.base)) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (= main_~p~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (= 0 main_~a~0.offset) (= (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) main_~p~0.offset) (not (= main_~t~0.base main_~p~0.base)) (= 0 main_~t~0.offset))} call write~$Pointer$(~t~0.base, ~t~0.offset, ~p~0.base, 4 + ~p~0.offset, 4);call #t~mem35.base, #t~mem35.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem35.base, #t~mem35.offset;havoc #t~mem35.base, #t~mem35.offset; {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} is VALID [2020-07-17 22:32:54,762 INFO L280 TraceCheckUtils]: 29: Hoare triple {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} assume -2147483648 <= #t~nondet33 && #t~nondet33 <= 2147483647; {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} is VALID [2020-07-17 22:32:54,762 INFO L280 TraceCheckUtils]: 30: Hoare triple {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} assume !(0 != #t~nondet33);havoc #t~nondet33; {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} is VALID [2020-07-17 22:32:54,765 INFO L280 TraceCheckUtils]: 31: Hoare triple {5877#(and (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~p~0.base) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))) (not (= main_~a~0.base (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4))) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~a~0.base) 4))) (= 0 main_~a~0.offset) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4)) main_~a~0.base)) (= main_~p~0.offset (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~a~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~a~0.base) 4) 4))))} call write~int(3, ~p~0.base, ~p~0.offset, 4);~p~0.base, ~p~0.offset := ~a~0.base, ~a~0.offset; {5887#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) 0)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) main_~p~0.base)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~p~0.base) 4))))} is VALID [2020-07-17 22:32:54,766 INFO L280 TraceCheckUtils]: 32: Hoare triple {5887#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) 0)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) main_~p~0.base)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~p~0.base) 4))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5891#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (<= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem36|) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) 0)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) main_~p~0.base)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~p~0.base) 4))))} is VALID [2020-07-17 22:32:54,768 INFO L280 TraceCheckUtils]: 33: Hoare triple {5891#(and (not (= (select (select |#memory_$Pointer$.base| main_~p~0.base) 4) main_~p~0.base)) (= 0 (select (select |#memory_$Pointer$.offset| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) (= 0 main_~p~0.offset) (= 2 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4))) (<= (select (select |#memory_int| main_~p~0.base) main_~p~0.offset) |main_#t~mem36|) (= 3 (select (select |#memory_int| (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4))) 0)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) main_~p~0.base)) (not (= (select (select |#memory_$Pointer$.base| (select (select |#memory_$Pointer$.base| main_~p~0.base) 4)) (+ (select (select |#memory_$Pointer$.offset| main_~p~0.base) 4) 4)) (select (select |#memory_$Pointer$.base| main_~p~0.base) 4))))} assume !!(2 == #t~mem36);havoc #t~mem36;call #t~mem37.base, #t~mem37.offset := read~$Pointer$(~p~0.base, 4 + ~p~0.offset, 4);~p~0.base, ~p~0.offset := #t~mem37.base, #t~mem37.offset;havoc #t~mem37.base, #t~mem37.offset; {5895#(and (exists ((v_arrayElimCell_78 Int)) (and (not (= main_~p~0.base v_arrayElimCell_78)) (= 3 (select (select |#memory_int| v_arrayElimCell_78) 0)))) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_39 Int)) (and (not (= v_main_~p~0.base_39 main_~p~0.base)) (<= (select (select |#memory_int| v_main_~p~0.base_39) 0) 2))))} is VALID [2020-07-17 22:32:54,769 INFO L280 TraceCheckUtils]: 34: Hoare triple {5895#(and (exists ((v_arrayElimCell_78 Int)) (and (not (= main_~p~0.base v_arrayElimCell_78)) (= 3 (select (select |#memory_int| v_arrayElimCell_78) 0)))) (= 2 (select (select |#memory_int| main_~p~0.base) main_~p~0.offset)) (exists ((v_main_~p~0.base_39 Int)) (and (not (= v_main_~p~0.base_39 main_~p~0.base)) (<= (select (select |#memory_int| v_main_~p~0.base_39) 0) 2))))} call #t~mem36 := read~int(~p~0.base, ~p~0.offset, 4); {5785#(= |main_#t~mem36| 2)} is VALID [2020-07-17 22:32:54,769 INFO L280 TraceCheckUtils]: 35: Hoare triple {5785#(= |main_#t~mem36| 2)} assume !(2 == #t~mem36);havoc #t~mem36; {5772#false} is VALID [2020-07-17 22:32:54,769 INFO L280 TraceCheckUtils]: 36: Hoare triple {5772#false} call #t~mem38 := read~int(~p~0.base, ~p~0.offset, 4); {5772#false} is VALID [2020-07-17 22:32:54,770 INFO L280 TraceCheckUtils]: 37: Hoare triple {5772#false} assume !(1 == #t~mem38);havoc #t~mem38; {5772#false} is VALID [2020-07-17 22:32:54,770 INFO L280 TraceCheckUtils]: 38: Hoare triple {5772#false} call #t~mem40 := read~int(~p~0.base, ~p~0.offset, 4); {5772#false} is VALID [2020-07-17 22:32:54,770 INFO L280 TraceCheckUtils]: 39: Hoare triple {5772#false} assume 3 != #t~mem40;havoc #t~mem40; {5772#false} is VALID [2020-07-17 22:32:54,770 INFO L280 TraceCheckUtils]: 40: Hoare triple {5772#false} assume !false; {5772#false} is VALID [2020-07-17 22:32:54,775 INFO L134 CoverageAnalysis]: Checked inductivity of 11 backedges. 0 proven. 10 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-17 22:32:54,776 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-17 22:32:54,776 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 12] total 20 [2020-07-17 22:32:54,776 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [949656399] [2020-07-17 22:32:54,777 INFO L78 Accepts]: Start accepts. Automaton has 20 states. Word has length 41 [2020-07-17 22:32:54,777 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-17 22:32:54,777 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 20 states. [2020-07-17 22:32:54,869 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 56 edges. 56 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:54,870 INFO L459 AbstractCegarLoop]: Interpolant automaton has 20 states [2020-07-17 22:32:54,870 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-17 22:32:54,870 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 20 interpolants. [2020-07-17 22:32:54,871 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=56, Invalid=324, Unknown=0, NotChecked=0, Total=380 [2020-07-17 22:32:54,871 INFO L87 Difference]: Start difference. First operand 95 states and 124 transitions. Second operand 20 states. [2020-07-17 22:32:58,481 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:58,482 INFO L93 Difference]: Finished difference Result 122 states and 154 transitions. [2020-07-17 22:32:58,482 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2020-07-17 22:32:58,482 INFO L78 Accepts]: Start accepts. Automaton has 20 states. Word has length 41 [2020-07-17 22:32:58,483 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-17 22:32:58,483 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 20 states. [2020-07-17 22:32:58,485 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 16 states to 16 states and 117 transitions. [2020-07-17 22:32:58,485 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 20 states. [2020-07-17 22:32:58,486 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 16 states to 16 states and 117 transitions. [2020-07-17 22:32:58,486 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 16 states and 117 transitions. [2020-07-17 22:32:58,672 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 117 edges. 117 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-17 22:32:58,674 INFO L225 Difference]: With dead ends: 122 [2020-07-17 22:32:58,675 INFO L226 Difference]: Without dead ends: 116 [2020-07-17 22:32:58,676 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 64 GetRequests, 36 SyntacticMatches, 1 SemanticMatches, 27 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 134 ImplicationChecksByTransitivity, 1.0s TimeCoverageRelationStatistics Valid=123, Invalid=689, Unknown=0, NotChecked=0, Total=812 [2020-07-17 22:32:58,676 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 116 states. [2020-07-17 22:32:58,743 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 116 to 100. [2020-07-17 22:32:58,743 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-17 22:32:58,744 INFO L82 GeneralOperation]: Start isEquivalent. First operand 116 states. Second operand 100 states. [2020-07-17 22:32:58,744 INFO L74 IsIncluded]: Start isIncluded. First operand 116 states. Second operand 100 states. [2020-07-17 22:32:58,744 INFO L87 Difference]: Start difference. First operand 116 states. Second operand 100 states. [2020-07-17 22:32:58,747 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:58,747 INFO L93 Difference]: Finished difference Result 116 states and 147 transitions. [2020-07-17 22:32:58,748 INFO L276 IsEmpty]: Start isEmpty. Operand 116 states and 147 transitions. [2020-07-17 22:32:58,748 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:58,748 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:58,748 INFO L74 IsIncluded]: Start isIncluded. First operand 100 states. Second operand 116 states. [2020-07-17 22:32:58,749 INFO L87 Difference]: Start difference. First operand 100 states. Second operand 116 states. [2020-07-17 22:32:58,751 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-17 22:32:58,752 INFO L93 Difference]: Finished difference Result 116 states and 147 transitions. [2020-07-17 22:32:58,752 INFO L276 IsEmpty]: Start isEmpty. Operand 116 states and 147 transitions. [2020-07-17 22:32:58,752 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-17 22:32:58,753 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-17 22:32:58,753 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-17 22:32:58,753 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-17 22:32:58,753 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 100 states. [2020-07-17 22:32:58,756 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 100 states to 100 states and 130 transitions. [2020-07-17 22:32:58,757 INFO L78 Accepts]: Start accepts. Automaton has 100 states and 130 transitions. Word has length 41 [2020-07-17 22:32:58,757 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-17 22:32:58,757 INFO L479 AbstractCegarLoop]: Abstraction has 100 states and 130 transitions. [2020-07-17 22:32:58,757 INFO L480 AbstractCegarLoop]: Interpolant automaton has 20 states. [2020-07-17 22:32:58,757 INFO L276 IsEmpty]: Start isEmpty. Operand 100 states and 130 transitions. [2020-07-17 22:32:58,758 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2020-07-17 22:32:58,758 INFO L414 BasicCegarLoop]: Found error trace [2020-07-17 22:32:58,758 INFO L422 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-17 22:32:58,972 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable13 [2020-07-17 22:32:58,973 INFO L427 AbstractCegarLoop]: === Iteration 15 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2020-07-17 22:32:58,973 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-17 22:32:58,974 INFO L82 PathProgramCache]: Analyzing trace with hash -2006936899, now seen corresponding path program 1 times [2020-07-17 22:32:58,974 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-17 22:32:58,974 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [907545576] [2020-07-17 22:32:58,974 INFO L94 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-17 22:32:58,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2020-07-17 22:32:59,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2020-07-17 22:32:59,106 INFO L174 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2020-07-17 22:32:59,106 INFO L520 BasicCegarLoop]: Counterexample might be feasible [2020-07-17 22:32:59,107 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable14 [2020-07-17 22:32:59,199 WARN L170 areAnnotationChecker]: ULTIMATE.initENTRY has no Hoare annotation [2020-07-17 22:32:59,199 WARN L170 areAnnotationChecker]: myexitENTRY has no Hoare annotation [2020-07-17 22:32:59,199 WARN L170 areAnnotationChecker]: __bswap_32ENTRY has no Hoare annotation [2020-07-17 22:32:59,200 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2020-07-17 22:32:59,200 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2020-07-17 22:32:59,200 WARN L170 areAnnotationChecker]: __bswap_64ENTRY has no Hoare annotation [2020-07-17 22:32:59,200 WARN L170 areAnnotationChecker]: mainENTRY has no Hoare annotation [2020-07-17 22:32:59,200 WARN L170 areAnnotationChecker]: ULTIMATE.initFINAL has no Hoare annotation [2020-07-17 22:32:59,200 WARN L170 areAnnotationChecker]: L530 has no Hoare annotation [2020-07-17 22:32:59,200 WARN L170 areAnnotationChecker]: __bswap_32FINAL has no Hoare annotation [2020-07-17 22:32:59,201 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2020-07-17 22:32:59,201 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2020-07-17 22:32:59,201 WARN L170 areAnnotationChecker]: __bswap_64FINAL has no Hoare annotation [2020-07-17 22:32:59,201 WARN L170 areAnnotationChecker]: L557-4 has no Hoare annotation [2020-07-17 22:32:59,201 WARN L170 areAnnotationChecker]: L557-4 has no Hoare annotation [2020-07-17 22:32:59,201 WARN L170 areAnnotationChecker]: ULTIMATE.initEXIT has no Hoare annotation [2020-07-17 22:32:59,201 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2020-07-17 22:32:59,201 WARN L170 areAnnotationChecker]: L544-3 has no Hoare annotation [2020-07-17 22:32:59,202 WARN L170 areAnnotationChecker]: L544-1 has no Hoare annotation [2020-07-17 22:32:59,202 WARN L170 areAnnotationChecker]: L544-1 has no Hoare annotation [2020-07-17 22:32:59,202 WARN L170 areAnnotationChecker]: L565-2 has no Hoare annotation [2020-07-17 22:32:59,202 WARN L170 areAnnotationChecker]: L565-2 has no Hoare annotation [2020-07-17 22:32:59,202 WARN L170 areAnnotationChecker]: L565-2 has no Hoare annotation [2020-07-17 22:32:59,202 WARN L170 areAnnotationChecker]: L547-2 has no Hoare annotation [2020-07-17 22:32:59,202 WARN L170 areAnnotationChecker]: L547-2 has no Hoare annotation [2020-07-17 22:32:59,202 WARN L170 areAnnotationChecker]: L565-3 has no Hoare annotation [2020-07-17 22:32:59,203 WARN L170 areAnnotationChecker]: L570-2 has no Hoare annotation [2020-07-17 22:32:59,203 WARN L170 areAnnotationChecker]: L570-2 has no Hoare annotation [2020-07-17 22:32:59,203 WARN L170 areAnnotationChecker]: L546-5 has no Hoare annotation [2020-07-17 22:32:59,203 WARN L170 areAnnotationChecker]: L546-1 has no Hoare annotation [2020-07-17 22:32:59,203 WARN L170 areAnnotationChecker]: L546-1 has no Hoare annotation [2020-07-17 22:32:59,203 WARN L170 areAnnotationChecker]: L585 has no Hoare annotation [2020-07-17 22:32:59,203 WARN L170 areAnnotationChecker]: L585 has no Hoare annotation [2020-07-17 22:32:59,203 WARN L170 areAnnotationChecker]: L568-5 has no Hoare annotation [2020-07-17 22:32:59,204 WARN L170 areAnnotationChecker]: L568-5 has no Hoare annotation [2020-07-17 22:32:59,204 WARN L170 areAnnotationChecker]: L568-1 has no Hoare annotation [2020-07-17 22:32:59,204 WARN L170 areAnnotationChecker]: L568-1 has no Hoare annotation [2020-07-17 22:32:59,204 WARN L170 areAnnotationChecker]: L552 has no Hoare annotation [2020-07-17 22:32:59,204 WARN L170 areAnnotationChecker]: L552 has no Hoare annotation [2020-07-17 22:32:59,204 WARN L170 areAnnotationChecker]: L546-3 has no Hoare annotation [2020-07-17 22:32:59,204 WARN L170 areAnnotationChecker]: L546-3 has no Hoare annotation [2020-07-17 22:32:59,204 WARN L170 areAnnotationChecker]: L585-1 has no Hoare annotation [2020-07-17 22:32:59,204 WARN L170 areAnnotationChecker]: L585-1 has no Hoare annotation [2020-07-17 22:32:59,205 WARN L170 areAnnotationChecker]: L585-3 has no Hoare annotation [2020-07-17 22:32:59,205 WARN L170 areAnnotationChecker]: L576 has no Hoare annotation [2020-07-17 22:32:59,205 WARN L170 areAnnotationChecker]: L576 has no Hoare annotation [2020-07-17 22:32:59,205 WARN L170 areAnnotationChecker]: L575 has no Hoare annotation [2020-07-17 22:32:59,205 WARN L170 areAnnotationChecker]: L568-3 has no Hoare annotation [2020-07-17 22:32:59,205 WARN L170 areAnnotationChecker]: L568-3 has no Hoare annotation [2020-07-17 22:32:59,205 WARN L170 areAnnotationChecker]: L552-2 has no Hoare annotation [2020-07-17 22:32:59,205 WARN L170 areAnnotationChecker]: L552-2 has no Hoare annotation [2020-07-17 22:32:59,205 WARN L170 areAnnotationChecker]: L547 has no Hoare annotation [2020-07-17 22:32:59,206 WARN L170 areAnnotationChecker]: L547 has no Hoare annotation [2020-07-17 22:32:59,206 WARN L170 areAnnotationChecker]: L588-3 has no Hoare annotation [2020-07-17 22:32:59,206 WARN L170 areAnnotationChecker]: L588-3 has no Hoare annotation [2020-07-17 22:32:59,206 WARN L170 areAnnotationChecker]: L570 has no Hoare annotation [2020-07-17 22:32:59,206 WARN L170 areAnnotationChecker]: L570 has no Hoare annotation [2020-07-17 22:32:59,206 WARN L170 areAnnotationChecker]: L552-4 has no Hoare annotation [2020-07-17 22:32:59,206 WARN L170 areAnnotationChecker]: L595-2 has no Hoare annotation [2020-07-17 22:32:59,206 WARN L170 areAnnotationChecker]: L595-2 has no Hoare annotation [2020-07-17 22:32:59,207 WARN L170 areAnnotationChecker]: L588-1 has no Hoare annotation [2020-07-17 22:32:59,207 WARN L170 areAnnotationChecker]: L588-1 has no Hoare annotation [2020-07-17 22:32:59,207 WARN L170 areAnnotationChecker]: L557 has no Hoare annotation [2020-07-17 22:32:59,207 WARN L170 areAnnotationChecker]: L557 has no Hoare annotation [2020-07-17 22:32:59,207 WARN L170 areAnnotationChecker]: L595-3 has no Hoare annotation [2020-07-17 22:32:59,207 WARN L170 areAnnotationChecker]: L595 has no Hoare annotation [2020-07-17 22:32:59,207 WARN L170 areAnnotationChecker]: L595 has no Hoare annotation [2020-07-17 22:32:59,207 WARN L170 areAnnotationChecker]: L591 has no Hoare annotation [2020-07-17 22:32:59,207 WARN L170 areAnnotationChecker]: L591 has no Hoare annotation [2020-07-17 22:32:59,207 WARN L170 areAnnotationChecker]: L557-2 has no Hoare annotation [2020-07-17 22:32:59,207 WARN L170 areAnnotationChecker]: L557-2 has no Hoare annotation [2020-07-17 22:32:59,208 WARN L170 areAnnotationChecker]: L604-3 has no Hoare annotation [2020-07-17 22:32:59,208 WARN L170 areAnnotationChecker]: L604-3 has no Hoare annotation [2020-07-17 22:32:59,208 WARN L170 areAnnotationChecker]: L598 has no Hoare annotation [2020-07-17 22:32:59,208 WARN L170 areAnnotationChecker]: L598 has no Hoare annotation [2020-07-17 22:32:59,208 WARN L170 areAnnotationChecker]: L591-1 has no Hoare annotation [2020-07-17 22:32:59,208 WARN L170 areAnnotationChecker]: L591-1 has no Hoare annotation [2020-07-17 22:32:59,208 WARN L170 areAnnotationChecker]: L591-3 has no Hoare annotation [2020-07-17 22:32:59,208 WARN L170 areAnnotationChecker]: L606-2 has no Hoare annotation [2020-07-17 22:32:59,208 WARN L170 areAnnotationChecker]: L606-2 has no Hoare annotation [2020-07-17 22:32:59,208 WARN L170 areAnnotationChecker]: L604-1 has no Hoare annotation [2020-07-17 22:32:59,209 WARN L170 areAnnotationChecker]: L604-1 has no Hoare annotation [2020-07-17 22:32:59,209 WARN L170 areAnnotationChecker]: L598-1 has no Hoare annotation [2020-07-17 22:32:59,209 WARN L170 areAnnotationChecker]: L598-1 has no Hoare annotation [2020-07-17 22:32:59,209 WARN L170 areAnnotationChecker]: L598-3 has no Hoare annotation [2020-07-17 22:32:59,209 WARN L170 areAnnotationChecker]: L606-3 has no Hoare annotation [2020-07-17 22:32:59,209 WARN L170 areAnnotationChecker]: L606 has no Hoare annotation [2020-07-17 22:32:59,209 WARN L170 areAnnotationChecker]: L606 has no Hoare annotation [2020-07-17 22:32:59,209 WARN L170 areAnnotationChecker]: L608 has no Hoare annotation [2020-07-17 22:32:59,209 WARN L170 areAnnotationChecker]: L608 has no Hoare annotation [2020-07-17 22:32:59,210 WARN L170 areAnnotationChecker]: L609 has no Hoare annotation [2020-07-17 22:32:59,210 WARN L170 areAnnotationChecker]: L609 has no Hoare annotation [2020-07-17 22:32:59,210 WARN L170 areAnnotationChecker]: L608-2 has no Hoare annotation [2020-07-17 22:32:59,210 WARN L170 areAnnotationChecker]: mainFINAL has no Hoare annotation [2020-07-17 22:32:59,210 WARN L170 areAnnotationChecker]: mainEXIT has no Hoare annotation [2020-07-17 22:32:59,210 INFO L163 areAnnotationChecker]: CFG has 0 edges. 0 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2020-07-17 22:32:59,216 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 17.07 10:32:59 BoogieIcfgContainer [2020-07-17 22:32:59,216 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2020-07-17 22:32:59,218 INFO L168 Benchmark]: Toolchain (without parser) took 39673.62 ms. Allocated memory was 141.6 MB in the beginning and 469.8 MB in the end (delta: 328.2 MB). Free memory was 105.1 MB in the beginning and 405.3 MB in the end (delta: -300.3 MB). Peak memory consumption was 27.9 MB. Max. memory is 7.1 GB. [2020-07-17 22:32:59,219 INFO L168 Benchmark]: CDTParser took 0.23 ms. Allocated memory is still 141.6 MB. Free memory was 124.7 MB in the beginning and 124.5 MB in the end (delta: 209.7 kB). Peak memory consumption was 209.7 kB. Max. memory is 7.1 GB. [2020-07-17 22:32:59,220 INFO L168 Benchmark]: CACSL2BoogieTranslator took 648.88 ms. Allocated memory was 141.6 MB in the beginning and 203.9 MB in the end (delta: 62.4 MB). Free memory was 104.6 MB in the beginning and 168.9 MB in the end (delta: -64.3 MB). Peak memory consumption was 26.7 MB. Max. memory is 7.1 GB. [2020-07-17 22:32:59,221 INFO L168 Benchmark]: Boogie Preprocessor took 122.90 ms. Allocated memory is still 203.9 MB. Free memory was 168.9 MB in the beginning and 164.3 MB in the end (delta: 4.7 MB). Peak memory consumption was 4.7 MB. Max. memory is 7.1 GB. [2020-07-17 22:32:59,221 INFO L168 Benchmark]: RCFGBuilder took 903.12 ms. Allocated memory was 203.9 MB in the beginning and 232.3 MB in the end (delta: 28.3 MB). Free memory was 164.3 MB in the beginning and 193.7 MB in the end (delta: -29.4 MB). Peak memory consumption was 73.1 MB. Max. memory is 7.1 GB. [2020-07-17 22:32:59,222 INFO L168 Benchmark]: TraceAbstraction took 37991.48 ms. Allocated memory was 232.3 MB in the beginning and 469.8 MB in the end (delta: 237.5 MB). Free memory was 193.7 MB in the beginning and 405.3 MB in the end (delta: -211.7 MB). Peak memory consumption was 25.9 MB. Max. memory is 7.1 GB. [2020-07-17 22:32:59,224 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.23 ms. Allocated memory is still 141.6 MB. Free memory was 124.7 MB in the beginning and 124.5 MB in the end (delta: 209.7 kB). Peak memory consumption was 209.7 kB. Max. memory is 7.1 GB. * CACSL2BoogieTranslator took 648.88 ms. Allocated memory was 141.6 MB in the beginning and 203.9 MB in the end (delta: 62.4 MB). Free memory was 104.6 MB in the beginning and 168.9 MB in the end (delta: -64.3 MB). Peak memory consumption was 26.7 MB. Max. memory is 7.1 GB. * Boogie Preprocessor took 122.90 ms. Allocated memory is still 203.9 MB. Free memory was 168.9 MB in the beginning and 164.3 MB in the end (delta: 4.7 MB). Peak memory consumption was 4.7 MB. Max. memory is 7.1 GB. * RCFGBuilder took 903.12 ms. Allocated memory was 203.9 MB in the beginning and 232.3 MB in the end (delta: 28.3 MB). Free memory was 164.3 MB in the beginning and 193.7 MB in the end (delta: -29.4 MB). Peak memory consumption was 73.1 MB. Max. memory is 7.1 GB. * TraceAbstraction took 37991.48 ms. Allocated memory was 232.3 MB in the beginning and 469.8 MB in the end (delta: 237.5 MB). Free memory was 193.7 MB in the beginning and 405.3 MB in the end (delta: -211.7 MB). Peak memory consumption was 25.9 MB. Max. memory is 7.1 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - CounterExampleResult [Line: 609]: a call of __VERIFIER_error() is reachable a call of __VERIFIER_error() is reachable We found a FailurePath: [L541] struct TreeNode* root = malloc(sizeof(*root)), *n; [L542] root->left = ((void *)0) [L543] root->right = ((void *)0) VAL [malloc(sizeof(*root))={-1:0}, root={-1:0}] [L544] COND FALSE !(__VERIFIER_nondet_int()) [L563] n = ((void *)0) [L564] struct TreeNode* pred; VAL [malloc(sizeof(*root))={-1:0}, n={0:0}, root={-1:0}] [L565] COND TRUE \read(*root) [L566] pred = ((void *)0) [L567] n = root VAL [malloc(sizeof(*root))={-1:0}, n={-1:0}, pred={0:0}, root={-1:0}] [L568] EXPR n->left [L568] n->left || n->right [L568] EXPR n->right [L568] n->left || n->right VAL [malloc(sizeof(*root))={-1:0}, n={-1:0}, n->left={0:0}, n->left || n->right=0, n->right={0:0}, pred={0:0}, root={-1:0}] [L568] COND FALSE !(n->left || n->right) [L575] COND FALSE !(\read(*pred)) [L581] root = ((void *)0) VAL [malloc(sizeof(*root))={-1:0}, n={-1:0}, pred={0:0}, root={0:0}] [L565] COND FALSE !(\read(*root)) VAL [malloc(sizeof(*root))={-1:0}, n={-1:0}, pred={0:0}, root={0:0}] [L584] List a = (List) malloc(sizeof(struct node)); VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, n={-1:0}, pred={0:0}, root={0:0}] [L585] COND FALSE !(a == 0) VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, n={-1:0}, pred={0:0}, root={0:0}] [L586] List t; [L587] List p = a; VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, n={-1:0}, p={-2:0}, pred={0:0}, root={0:0}] [L588] COND TRUE __VERIFIER_nondet_int() [L589] p->h = 1 [L590] t = (List) malloc(sizeof(struct node)) VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-2:0}, pred={0:0}, root={0:0}, t={-3:0}] [L591] COND FALSE !(t == 0) VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-2:0}, pred={0:0}, root={0:0}, t={-3:0}] [L592] p->n = t [L593] EXPR p->n [L593] p = p->n [L588] COND FALSE !(__VERIFIER_nondet_int()) [L595] COND TRUE __VERIFIER_nondet_int() [L596] p->h = 2 [L597] t = (List) malloc(sizeof(struct node)) VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-3:0}, pred={0:0}, root={0:0}, t={-4:0}] [L598] COND FALSE !(t == 0) VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-3:0}, pred={0:0}, root={0:0}, t={-4:0}] [L599] p->n = t [L600] EXPR p->n [L600] p = p->n [L595] COND FALSE !(__VERIFIER_nondet_int()) [L602] p->h = 3 [L603] p = a VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-2:0}, pred={0:0}, root={0:0}, t={-4:0}] [L604] EXPR p->h VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-2:0}, p->h=1, pred={0:0}, root={0:0}, t={-4:0}] [L604] COND FALSE !(p->h == 2) [L606] EXPR p->h VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-2:0}, p->h=1, pred={0:0}, root={0:0}, t={-4:0}] [L606] COND TRUE p->h == 1 [L607] EXPR p->n [L607] p = p->n [L606] EXPR p->h VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-3:0}, p->h=2, pred={0:0}, root={0:0}, t={-4:0}] [L606] COND FALSE !(p->h == 1) [L608] EXPR p->h VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-3:0}, p->h=2, pred={0:0}, root={0:0}, t={-4:0}] [L608] COND TRUE p->h != 3 [L609] __VERIFIER_error() VAL [a={-2:0}, malloc(sizeof(*root))={-1:0}, malloc(sizeof(struct node))={-2:0}, malloc(sizeof(struct node))={-4:0}, malloc(sizeof(struct node))={-3:0}, n={-1:0}, p={-3:0}, pred={0:0}, root={0:0}, t={-4:0}] - StatisticsResult: Ultimate Automizer benchmark data CFG has 6 procedures, 64 locations, 1 error locations. Started 1 CEGAR loops. VerificationResult: UNSAFE, OverallTime: 37.8s, OverallIterations: 15, TraceHistogramMax: 3, AutomataDifference: 24.1s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 803 SDtfs, 685 SDslu, 4197 SDs, 0 SdLazy, 3644 SolverSat, 291 SolverUnsat, 0 SolverUnknown, 0 SolverNotchecked, 6.3s Time, PredicateUnifierStatistics: 0 DeclaredPredicates, 498 GetRequests, 300 SyntacticMatches, 6 SemanticMatches, 192 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 629 ImplicationChecksByTransitivity, 4.6s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=100occurred in iteration=14, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.6s AutomataMinimizationTime, 14 MinimizatonAttempts, 151 StatesRemovedByMinimization, 11 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.6s SatisfiabilityAnalysisTime, 8.7s InterpolantComputationTime, 822 NumberOfCodeBlocks, 822 NumberOfCodeBlocksAsserted, 27 NumberOfCheckSat, 759 ConstructedInterpolants, 15 QuantifiedInterpolants, 208514 SizeOfPredicates, 122 NumberOfNonLiveVariables, 1390 ConjunctsInSsa, 300 ConjunctsInUnsatCore, 22 InterpolantComputations, 6 PerfectInterpolantSequences, 36/112 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available RESULT: Ultimate proved your program to be incorrect! Received shutdown request...