java -ea -Xmx8000000000 -Xss4m -jar ./plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata ./data -tc ../../../trunk/examples/toolchains/AutomizerBplInline.xml -s ../../../trunk/examples/settings/ai/array-bench/reach_32bit_array_oct.epf -i ../../../trunk/examples/programs/toy/tooDifficultLoopInvariant/PointerIncrement-simplified01.bpl -------------------------------------------------------------------------------- This is Ultimate 0.1.24-4b9831f [2018-12-23 14:32:24,183 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-12-23 14:32:24,188 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-12-23 14:32:24,207 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-12-23 14:32:24,207 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-12-23 14:32:24,209 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-12-23 14:32:24,210 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-12-23 14:32:24,215 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-12-23 14:32:24,217 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-12-23 14:32:24,218 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-12-23 14:32:24,227 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-12-23 14:32:24,228 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-12-23 14:32:24,229 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2018-12-23 14:32:24,230 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-12-23 14:32:24,235 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2018-12-23 14:32:24,235 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-12-23 14:32:24,237 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-12-23 14:32:24,243 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-12-23 14:32:24,247 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-12-23 14:32:24,249 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-12-23 14:32:24,253 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-12-23 14:32:24,254 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-12-23 14:32:24,257 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-12-23 14:32:24,258 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-12-23 14:32:24,259 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2018-12-23 14:32:24,261 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-12-23 14:32:24,262 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-12-23 14:32:24,263 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2018-12-23 14:32:24,264 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-12-23 14:32:24,265 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-12-23 14:32:24,265 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-12-23 14:32:24,268 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-12-23 14:32:24,268 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2018-12-23 14:32:24,268 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2018-12-23 14:32:24,271 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-12-23 14:32:24,272 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-12-23 14:32:24,272 INFO L98 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/ai/array-bench/reach_32bit_array_oct.epf [2018-12-23 14:32:24,288 INFO L110 SettingsManager]: Loading preferences was successful [2018-12-23 14:32:24,288 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-12-23 14:32:24,289 INFO L131 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2018-12-23 14:32:24,289 INFO L133 SettingsManager]: * Show backtranslation warnings=false [2018-12-23 14:32:24,289 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-12-23 14:32:24,289 INFO L133 SettingsManager]: * User list type=DISABLED [2018-12-23 14:32:24,290 INFO L133 SettingsManager]: * Inline calls to unimplemented procedures=true [2018-12-23 14:32:24,290 INFO L131 SettingsManager]: Preferences of Abstract Interpretation differ from their defaults: [2018-12-23 14:32:24,290 INFO L133 SettingsManager]: * Abstract domain for RCFG-of-the-future=PoormanAbstractDomain [2018-12-23 14:32:24,290 INFO L133 SettingsManager]: * Underlying domain=OctagonDomain [2018-12-23 14:32:24,290 INFO L133 SettingsManager]: * Abstract domain=ArrayDomain [2018-12-23 14:32:24,291 INFO L133 SettingsManager]: * Check feasibility of abstract posts with an SMT solver=true [2018-12-23 14:32:24,291 INFO L133 SettingsManager]: * Interval Domain=false [2018-12-23 14:32:24,291 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2018-12-23 14:32:24,295 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2018-12-23 14:32:24,295 INFO L133 SettingsManager]: * Use SBE=true [2018-12-23 14:32:24,295 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-12-23 14:32:24,295 INFO L133 SettingsManager]: * sizeof long=4 [2018-12-23 14:32:24,296 INFO L133 SettingsManager]: * Overapproximate operations on floating types=true [2018-12-23 14:32:24,296 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-12-23 14:32:24,296 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-12-23 14:32:24,296 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2018-12-23 14:32:24,296 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-12-23 14:32:24,297 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2018-12-23 14:32:24,297 INFO L133 SettingsManager]: * sizeof long double=12 [2018-12-23 14:32:24,297 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2018-12-23 14:32:24,297 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2018-12-23 14:32:24,297 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-12-23 14:32:24,298 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-12-23 14:32:24,300 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-12-23 14:32:24,300 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-12-23 14:32:24,300 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-12-23 14:32:24,300 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-12-23 14:32:24,300 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-12-23 14:32:24,301 INFO L133 SettingsManager]: * Trace refinement strategy=TAIPAN [2018-12-23 14:32:24,301 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-12-23 14:32:24,301 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2018-12-23 14:32:24,301 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2018-12-23 14:32:24,302 INFO L133 SettingsManager]: * Abstract interpretation Mode=USE_PREDICATES [2018-12-23 14:32:24,341 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-12-23 14:32:24,356 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2018-12-23 14:32:24,363 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2018-12-23 14:32:24,365 INFO L271 PluginConnector]: Initializing Boogie PL CUP Parser... [2018-12-23 14:32:24,366 INFO L276 PluginConnector]: Boogie PL CUP Parser initialized [2018-12-23 14:32:24,368 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/programs/toy/tooDifficultLoopInvariant/PointerIncrement-simplified01.bpl [2018-12-23 14:32:24,368 INFO L111 BoogieParser]: Parsing: '/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/programs/toy/tooDifficultLoopInvariant/PointerIncrement-simplified01.bpl' [2018-12-23 14:32:24,440 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-12-23 14:32:24,442 INFO L131 ToolchainWalker]: Walking toolchain with 4 elements. [2018-12-23 14:32:24,443 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2018-12-23 14:32:24,443 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2018-12-23 14:32:24,443 INFO L276 PluginConnector]: Boogie Procedure Inliner initialized [2018-12-23 14:32:24,462 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 23.12 02:32:24" (1/1) ... [2018-12-23 14:32:24,483 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 23.12 02:32:24" (1/1) ... [2018-12-23 14:32:24,492 WARN L165 Inliner]: Program contained no entry procedure! [2018-12-23 14:32:24,493 WARN L168 Inliner]: Missing entry procedures: [ULTIMATE.start] [2018-12-23 14:32:24,493 WARN L175 Inliner]: Fallback enabled. All procedures will be processed. [2018-12-23 14:32:24,522 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2018-12-23 14:32:24,523 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-12-23 14:32:24,523 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-12-23 14:32:24,523 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-12-23 14:32:24,536 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 23.12 02:32:24" (1/1) ... [2018-12-23 14:32:24,537 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 23.12 02:32:24" (1/1) ... [2018-12-23 14:32:24,539 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 23.12 02:32:24" (1/1) ... [2018-12-23 14:32:24,540 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 23.12 02:32:24" (1/1) ... [2018-12-23 14:32:24,552 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 23.12 02:32:24" (1/1) ... [2018-12-23 14:32:24,559 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 23.12 02:32:24" (1/1) ... [2018-12-23 14:32:24,561 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 23.12 02:32:24" (1/1) ... [2018-12-23 14:32:24,563 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-12-23 14:32:24,564 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-12-23 14:32:24,568 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-12-23 14:32:24,568 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-12-23 14:32:24,570 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 23.12 02:32:24" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-12-23 14:32:24,649 INFO L130 BoogieDeclarations]: Found specification of procedure read~int [2018-12-23 14:32:24,649 INFO L130 BoogieDeclarations]: Found specification of procedure main [2018-12-23 14:32:24,649 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2018-12-23 14:32:24,650 INFO L130 BoogieDeclarations]: Found specification of procedure ~malloc [2018-12-23 14:32:25,133 INFO L272 CfgBuilder]: Using library mode [2018-12-23 14:32:25,134 INFO L280 CfgBuilder]: Removed 5 assue(true) statements. [2018-12-23 14:32:25,135 INFO L202 PluginConnector]: Adding new model PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.12 02:32:25 BoogieIcfgContainer [2018-12-23 14:32:25,135 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-12-23 14:32:25,136 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2018-12-23 14:32:25,137 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2018-12-23 14:32:25,140 INFO L276 PluginConnector]: TraceAbstraction initialized [2018-12-23 14:32:25,140 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 23.12 02:32:24" (1/2) ... [2018-12-23 14:32:25,142 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@47e666bc and model type PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.12 02:32:25, skipping insertion in model container [2018-12-23 14:32:25,142 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "PointerIncrement-simplified01.bpl de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.12 02:32:25" (2/2) ... [2018-12-23 14:32:25,144 INFO L112 eAbstractionObserver]: Analyzing ICFG PointerIncrement-simplified01.bpl [2018-12-23 14:32:25,155 INFO L156 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2018-12-23 14:32:25,168 INFO L168 ceAbstractionStarter]: Appying trace abstraction to program that has 2 error locations. [2018-12-23 14:32:25,188 INFO L257 AbstractCegarLoop]: Starting to check reachability of 2 error locations. [2018-12-23 14:32:25,233 INFO L382 AbstractCegarLoop]: Interprodecural is true [2018-12-23 14:32:25,233 INFO L383 AbstractCegarLoop]: Hoare is true [2018-12-23 14:32:25,233 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2018-12-23 14:32:25,233 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2018-12-23 14:32:25,234 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2018-12-23 14:32:25,234 INFO L387 AbstractCegarLoop]: Difference is false [2018-12-23 14:32:25,234 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2018-12-23 14:32:25,234 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2018-12-23 14:32:25,255 INFO L276 IsEmpty]: Start isEmpty. Operand 11 states. [2018-12-23 14:32:25,269 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 5 [2018-12-23 14:32:25,269 INFO L394 BasicCegarLoop]: Found error trace [2018-12-23 14:32:25,270 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1] [2018-12-23 14:32:25,274 INFO L423 AbstractCegarLoop]: === Iteration 1 === [mainErr0ASSERT_VIOLATIONPRE_CONDITIONandASSERT, mainErr1ASSERT_VIOLATIONPRE_CONDITIONandASSERT]=== [2018-12-23 14:32:25,280 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2018-12-23 14:32:25,280 INFO L82 PathProgramCache]: Analyzing trace with hash 927590, now seen corresponding path program 1 times [2018-12-23 14:32:25,282 INFO L69 tionRefinementEngine]: Using refinement strategy TaipanRefinementStrategy [2018-12-23 14:32:25,331 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-23 14:32:25,332 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-23 14:32:25,332 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-23 14:32:25,332 INFO L289 anRefinementStrategy]: Using traceCheck mode SMTINTERPOL with AssertCodeBlockOrder NOT_INCREMENTALLY (IT: Craig_TreeInterpolation) [2018-12-23 14:32:25,382 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-23 14:32:25,549 INFO L273 TraceCheckUtils]: 0: Hoare triple {14#true} ~malloc_old_#length, ~malloc_old_#valid := #length, #valid;~malloc_~size := 400;havoc ~malloc_#res.base, ~malloc_#res.offset;havoc #valid, #length;assume ~malloc_old_#valid[~malloc_#res.base] == false;assume #valid == ~malloc_old_#valid[~malloc_#res.base := true];assume ~malloc_#res.offset == 0;assume ~malloc_#res.base != 0;assume #length == ~malloc_old_#length[~malloc_#res.base := ~malloc_~size];#t~malloc0.base, #t~malloc0.offset := ~malloc_#res.base, ~malloc_#res.offset;~p~1.base, ~p~1.offset := #t~malloc0.base, #t~malloc0.offset;~q~1.base, ~q~1.offset := ~p~1.base, ~p~1.offset; {16#(select |#valid| main_~q~1.base)} is VALID [2018-12-23 14:32:25,553 INFO L273 TraceCheckUtils]: 1: Hoare triple {16#(select |#valid| main_~q~1.base)} #t~short2 := ~q~1.offset < ~p~1.offset + 400; {16#(select |#valid| main_~q~1.base)} is VALID [2018-12-23 14:32:25,557 INFO L273 TraceCheckUtils]: 2: Hoare triple {16#(select |#valid| main_~q~1.base)} assume #t~short2;read~int_#ptr.base, read~int_#ptr.offset, read~int_#sizeOfReadType := ~q~1.base, ~q~1.offset, 4; {17#(select |#valid| |main_read~int_#ptr.base|)} is VALID [2018-12-23 14:32:25,560 INFO L273 TraceCheckUtils]: 3: Hoare triple {17#(select |#valid| |main_read~int_#ptr.base|)} assume !#valid[read~int_#ptr.base]; {15#false} is VALID [2018-12-23 14:32:25,562 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-12-23 14:32:25,563 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-23 14:32:25,564 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2018-12-23 14:32:25,564 INFO L257 anRefinementStrategy]: Using the first perfect interpolant sequence [2018-12-23 14:32:25,569 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 4 [2018-12-23 14:32:25,570 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-12-23 14:32:25,574 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2018-12-23 14:32:25,607 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 4 edges. 4 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-12-23 14:32:25,607 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2018-12-23 14:32:25,615 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2018-12-23 14:32:25,615 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2018-12-23 14:32:25,618 INFO L87 Difference]: Start difference. First operand 11 states. Second operand 4 states. [2018-12-23 14:32:25,868 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-23 14:32:25,868 INFO L93 Difference]: Finished difference Result 20 states and 23 transitions. [2018-12-23 14:32:25,868 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2018-12-23 14:32:25,869 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 4 [2018-12-23 14:32:25,869 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-23 14:32:25,870 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-12-23 14:32:25,876 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 23 transitions. [2018-12-23 14:32:25,877 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2018-12-23 14:32:25,880 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 23 transitions. [2018-12-23 14:32:25,880 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 23 transitions. [2018-12-23 14:32:26,116 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 23 edges. 23 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-12-23 14:32:26,130 INFO L225 Difference]: With dead ends: 20 [2018-12-23 14:32:26,130 INFO L226 Difference]: Without dead ends: 10 [2018-12-23 14:32:26,134 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 0 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2018-12-23 14:32:26,151 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 10 states. [2018-12-23 14:32:26,175 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 10 to 7. [2018-12-23 14:32:26,176 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-12-23 14:32:26,176 INFO L82 GeneralOperation]: Start isEquivalent. First operand 10 states. Second operand 7 states. [2018-12-23 14:32:26,177 INFO L74 IsIncluded]: Start isIncluded. First operand 10 states. Second operand 7 states. [2018-12-23 14:32:26,177 INFO L87 Difference]: Start difference. First operand 10 states. Second operand 7 states. [2018-12-23 14:32:26,179 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-23 14:32:26,180 INFO L93 Difference]: Finished difference Result 10 states and 12 transitions. [2018-12-23 14:32:26,180 INFO L276 IsEmpty]: Start isEmpty. Operand 10 states and 12 transitions. [2018-12-23 14:32:26,180 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-12-23 14:32:26,181 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-12-23 14:32:26,181 INFO L74 IsIncluded]: Start isIncluded. First operand 7 states. Second operand 10 states. [2018-12-23 14:32:26,181 INFO L87 Difference]: Start difference. First operand 7 states. Second operand 10 states. [2018-12-23 14:32:26,183 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-23 14:32:26,183 INFO L93 Difference]: Finished difference Result 10 states and 12 transitions. [2018-12-23 14:32:26,183 INFO L276 IsEmpty]: Start isEmpty. Operand 10 states and 12 transitions. [2018-12-23 14:32:26,184 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-12-23 14:32:26,184 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-12-23 14:32:26,184 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-12-23 14:32:26,184 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-12-23 14:32:26,185 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2018-12-23 14:32:26,186 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 8 transitions. [2018-12-23 14:32:26,187 INFO L78 Accepts]: Start accepts. Automaton has 7 states and 8 transitions. Word has length 4 [2018-12-23 14:32:26,188 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-23 14:32:26,188 INFO L480 AbstractCegarLoop]: Abstraction has 7 states and 8 transitions. [2018-12-23 14:32:26,188 INFO L481 AbstractCegarLoop]: Interpolant automaton has 4 states. [2018-12-23 14:32:26,188 INFO L276 IsEmpty]: Start isEmpty. Operand 7 states and 8 transitions. [2018-12-23 14:32:26,188 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 6 [2018-12-23 14:32:26,189 INFO L394 BasicCegarLoop]: Found error trace [2018-12-23 14:32:26,189 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1] [2018-12-23 14:32:26,189 INFO L423 AbstractCegarLoop]: === Iteration 2 === [mainErr0ASSERT_VIOLATIONPRE_CONDITIONandASSERT, mainErr1ASSERT_VIOLATIONPRE_CONDITIONandASSERT]=== [2018-12-23 14:32:26,190 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2018-12-23 14:32:26,190 INFO L82 PathProgramCache]: Analyzing trace with hash 28755331, now seen corresponding path program 1 times [2018-12-23 14:32:26,190 INFO L69 tionRefinementEngine]: Using refinement strategy TaipanRefinementStrategy [2018-12-23 14:32:26,191 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-23 14:32:26,191 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-23 14:32:26,191 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-23 14:32:26,192 INFO L289 anRefinementStrategy]: Using traceCheck mode SMTINTERPOL with AssertCodeBlockOrder NOT_INCREMENTALLY (IT: Craig_TreeInterpolation) [2018-12-23 14:32:26,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-23 14:32:26,394 INFO L273 TraceCheckUtils]: 0: Hoare triple {72#true} ~malloc_old_#length, ~malloc_old_#valid := #length, #valid;~malloc_~size := 400;havoc ~malloc_#res.base, ~malloc_#res.offset;havoc #valid, #length;assume ~malloc_old_#valid[~malloc_#res.base] == false;assume #valid == ~malloc_old_#valid[~malloc_#res.base := true];assume ~malloc_#res.offset == 0;assume ~malloc_#res.base != 0;assume #length == ~malloc_old_#length[~malloc_#res.base := ~malloc_~size];#t~malloc0.base, #t~malloc0.offset := ~malloc_#res.base, ~malloc_#res.offset;~p~1.base, ~p~1.offset := #t~malloc0.base, #t~malloc0.offset;~q~1.base, ~q~1.offset := ~p~1.base, ~p~1.offset; {74#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} is VALID [2018-12-23 14:32:26,403 INFO L273 TraceCheckUtils]: 1: Hoare triple {74#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} #t~short2 := ~q~1.offset < ~p~1.offset + 400; {75#(<= (+ main_~q~1.offset 400) (select |#length| main_~q~1.base))} is VALID [2018-12-23 14:32:26,406 INFO L273 TraceCheckUtils]: 2: Hoare triple {75#(<= (+ main_~q~1.offset 400) (select |#length| main_~q~1.base))} assume #t~short2;read~int_#ptr.base, read~int_#ptr.offset, read~int_#sizeOfReadType := ~q~1.base, ~q~1.offset, 4; {76#(<= (+ |main_read~int_#ptr.offset| |main_read~int_#sizeOfReadType| 396) (select |#length| |main_read~int_#ptr.base|))} is VALID [2018-12-23 14:32:26,423 INFO L273 TraceCheckUtils]: 3: Hoare triple {76#(<= (+ |main_read~int_#ptr.offset| |main_read~int_#sizeOfReadType| 396) (select |#length| |main_read~int_#ptr.base|))} assume #valid[read~int_#ptr.base]; {76#(<= (+ |main_read~int_#ptr.offset| |main_read~int_#sizeOfReadType| 396) (select |#length| |main_read~int_#ptr.base|))} is VALID [2018-12-23 14:32:26,437 INFO L273 TraceCheckUtils]: 4: Hoare triple {76#(<= (+ |main_read~int_#ptr.offset| |main_read~int_#sizeOfReadType| 396) (select |#length| |main_read~int_#ptr.base|))} assume !(read~int_#sizeOfReadType + read~int_#ptr.offset <= #length[read~int_#ptr.base]); {73#false} is VALID [2018-12-23 14:32:26,438 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-12-23 14:32:26,438 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-23 14:32:26,439 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2018-12-23 14:32:26,439 INFO L257 anRefinementStrategy]: Using the first perfect interpolant sequence [2018-12-23 14:32:26,444 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 5 [2018-12-23 14:32:26,444 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-12-23 14:32:26,444 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2018-12-23 14:32:26,521 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 5 edges. 5 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-12-23 14:32:26,522 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2018-12-23 14:32:26,522 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2018-12-23 14:32:26,522 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2018-12-23 14:32:26,523 INFO L87 Difference]: Start difference. First operand 7 states and 8 transitions. Second operand 5 states. [2018-12-23 14:32:26,868 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-23 14:32:26,869 INFO L93 Difference]: Finished difference Result 17 states and 20 transitions. [2018-12-23 14:32:26,869 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2018-12-23 14:32:26,870 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 5 [2018-12-23 14:32:26,870 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-23 14:32:26,870 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2018-12-23 14:32:26,873 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 20 transitions. [2018-12-23 14:32:26,873 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2018-12-23 14:32:26,875 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 20 transitions. [2018-12-23 14:32:26,875 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 20 transitions. [2018-12-23 14:32:27,004 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-12-23 14:32:27,007 INFO L225 Difference]: With dead ends: 17 [2018-12-23 14:32:27,008 INFO L226 Difference]: Without dead ends: 16 [2018-12-23 14:32:27,009 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 0 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=13, Invalid=17, Unknown=0, NotChecked=0, Total=30 [2018-12-23 14:32:27,010 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 16 states. [2018-12-23 14:32:27,018 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 16 to 11. [2018-12-23 14:32:27,018 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-12-23 14:32:27,019 INFO L82 GeneralOperation]: Start isEquivalent. First operand 16 states. Second operand 11 states. [2018-12-23 14:32:27,019 INFO L74 IsIncluded]: Start isIncluded. First operand 16 states. Second operand 11 states. [2018-12-23 14:32:27,019 INFO L87 Difference]: Start difference. First operand 16 states. Second operand 11 states. [2018-12-23 14:32:27,021 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-23 14:32:27,022 INFO L93 Difference]: Finished difference Result 16 states and 19 transitions. [2018-12-23 14:32:27,023 INFO L276 IsEmpty]: Start isEmpty. Operand 16 states and 19 transitions. [2018-12-23 14:32:27,024 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-12-23 14:32:27,024 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-12-23 14:32:27,024 INFO L74 IsIncluded]: Start isIncluded. First operand 11 states. Second operand 16 states. [2018-12-23 14:32:27,024 INFO L87 Difference]: Start difference. First operand 11 states. Second operand 16 states. [2018-12-23 14:32:27,026 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-23 14:32:27,026 INFO L93 Difference]: Finished difference Result 16 states and 19 transitions. [2018-12-23 14:32:27,027 INFO L276 IsEmpty]: Start isEmpty. Operand 16 states and 19 transitions. [2018-12-23 14:32:27,027 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-12-23 14:32:27,027 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-12-23 14:32:27,027 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-12-23 14:32:27,028 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-12-23 14:32:27,028 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2018-12-23 14:32:27,029 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 13 transitions. [2018-12-23 14:32:27,029 INFO L78 Accepts]: Start accepts. Automaton has 11 states and 13 transitions. Word has length 5 [2018-12-23 14:32:27,030 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-23 14:32:27,030 INFO L480 AbstractCegarLoop]: Abstraction has 11 states and 13 transitions. [2018-12-23 14:32:27,030 INFO L481 AbstractCegarLoop]: Interpolant automaton has 5 states. [2018-12-23 14:32:27,030 INFO L276 IsEmpty]: Start isEmpty. Operand 11 states and 13 transitions. [2018-12-23 14:32:27,030 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 9 [2018-12-23 14:32:27,031 INFO L394 BasicCegarLoop]: Found error trace [2018-12-23 14:32:27,031 INFO L402 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1] [2018-12-23 14:32:27,031 INFO L423 AbstractCegarLoop]: === Iteration 3 === [mainErr0ASSERT_VIOLATIONPRE_CONDITIONandASSERT, mainErr1ASSERT_VIOLATIONPRE_CONDITIONandASSERT]=== [2018-12-23 14:32:27,031 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2018-12-23 14:32:27,032 INFO L82 PathProgramCache]: Analyzing trace with hash 2132412303, now seen corresponding path program 1 times [2018-12-23 14:32:27,032 INFO L69 tionRefinementEngine]: Using refinement strategy TaipanRefinementStrategy [2018-12-23 14:32:27,033 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-23 14:32:27,033 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-23 14:32:27,033 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-23 14:32:27,033 INFO L289 anRefinementStrategy]: Using traceCheck mode SMTINTERPOL with AssertCodeBlockOrder NOT_INCREMENTALLY (IT: Craig_TreeInterpolation) [2018-12-23 14:32:27,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-23 14:32:27,074 INFO L273 TraceCheckUtils]: 0: Hoare triple {146#true} ~malloc_old_#length, ~malloc_old_#valid := #length, #valid;~malloc_~size := 400;havoc ~malloc_#res.base, ~malloc_#res.offset;havoc #valid, #length;assume ~malloc_old_#valid[~malloc_#res.base] == false;assume #valid == ~malloc_old_#valid[~malloc_#res.base := true];assume ~malloc_#res.offset == 0;assume ~malloc_#res.base != 0;assume #length == ~malloc_old_#length[~malloc_#res.base := ~malloc_~size];#t~malloc0.base, #t~malloc0.offset := ~malloc_#res.base, ~malloc_#res.offset;~p~1.base, ~p~1.offset := #t~malloc0.base, #t~malloc0.offset;~q~1.base, ~q~1.offset := ~p~1.base, ~p~1.offset; {146#true} is VALID [2018-12-23 14:32:27,075 INFO L273 TraceCheckUtils]: 1: Hoare triple {146#true} #t~short2 := ~q~1.offset < ~p~1.offset + 400; {146#true} is VALID [2018-12-23 14:32:27,076 INFO L273 TraceCheckUtils]: 2: Hoare triple {146#true} assume !#t~short2; {148#(not |main_#t~short2|)} is VALID [2018-12-23 14:32:27,077 INFO L273 TraceCheckUtils]: 3: Hoare triple {148#(not |main_#t~short2|)} assume !!#t~short2;havoc #t~mem1;havoc #t~short2;#t~post3.base, #t~post3.offset := ~q~1.base, ~q~1.offset;~q~1.base, ~q~1.offset := #t~post3.base, #t~post3.offset + 4;havoc #t~post3.base, #t~post3.offset; {147#false} is VALID [2018-12-23 14:32:27,077 INFO L273 TraceCheckUtils]: 4: Hoare triple {147#false} #t~short2 := ~q~1.offset < ~p~1.offset + 400; {147#false} is VALID [2018-12-23 14:32:27,078 INFO L273 TraceCheckUtils]: 5: Hoare triple {147#false} assume #t~short2;read~int_#ptr.base, read~int_#ptr.offset, read~int_#sizeOfReadType := ~q~1.base, ~q~1.offset, 4; {147#false} is VALID [2018-12-23 14:32:27,078 INFO L273 TraceCheckUtils]: 6: Hoare triple {147#false} assume #valid[read~int_#ptr.base]; {147#false} is VALID [2018-12-23 14:32:27,079 INFO L273 TraceCheckUtils]: 7: Hoare triple {147#false} assume !(read~int_#sizeOfReadType + read~int_#ptr.offset <= #length[read~int_#ptr.base]); {147#false} is VALID [2018-12-23 14:32:27,080 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-12-23 14:32:27,080 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-12-23 14:32:27,080 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2018-12-23 14:32:27,081 INFO L257 anRefinementStrategy]: Using the first perfect interpolant sequence [2018-12-23 14:32:27,081 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 8 [2018-12-23 14:32:27,081 INFO L84 Accepts]: Finished accepts. word is accepted. [2018-12-23 14:32:27,082 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2018-12-23 14:32:27,172 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 8 edges. 8 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-12-23 14:32:27,172 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2018-12-23 14:32:27,173 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2018-12-23 14:32:27,173 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-12-23 14:32:27,173 INFO L87 Difference]: Start difference. First operand 11 states and 13 transitions. Second operand 3 states. [2018-12-23 14:32:27,416 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-23 14:32:27,416 INFO L93 Difference]: Finished difference Result 18 states and 21 transitions. [2018-12-23 14:32:27,416 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2018-12-23 14:32:27,417 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 8 [2018-12-23 14:32:27,417 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-12-23 14:32:27,417 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-12-23 14:32:27,419 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 16 transitions. [2018-12-23 14:32:27,419 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2018-12-23 14:32:27,420 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 16 transitions. [2018-12-23 14:32:27,420 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 16 transitions. [2018-12-23 14:32:27,475 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 16 edges. 16 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2018-12-23 14:32:27,476 INFO L225 Difference]: With dead ends: 18 [2018-12-23 14:32:27,476 INFO L226 Difference]: Without dead ends: 11 [2018-12-23 14:32:27,477 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2018-12-23 14:32:27,477 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 11 states. [2018-12-23 14:32:27,490 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 11 to 11. [2018-12-23 14:32:27,490 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2018-12-23 14:32:27,490 INFO L82 GeneralOperation]: Start isEquivalent. First operand 11 states. Second operand 11 states. [2018-12-23 14:32:27,490 INFO L74 IsIncluded]: Start isIncluded. First operand 11 states. Second operand 11 states. [2018-12-23 14:32:27,490 INFO L87 Difference]: Start difference. First operand 11 states. Second operand 11 states. [2018-12-23 14:32:27,491 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-23 14:32:27,492 INFO L93 Difference]: Finished difference Result 11 states and 11 transitions. [2018-12-23 14:32:27,492 INFO L276 IsEmpty]: Start isEmpty. Operand 11 states and 11 transitions. [2018-12-23 14:32:27,492 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-12-23 14:32:27,492 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-12-23 14:32:27,492 INFO L74 IsIncluded]: Start isIncluded. First operand 11 states. Second operand 11 states. [2018-12-23 14:32:27,493 INFO L87 Difference]: Start difference. First operand 11 states. Second operand 11 states. [2018-12-23 14:32:27,494 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-12-23 14:32:27,494 INFO L93 Difference]: Finished difference Result 11 states and 11 transitions. [2018-12-23 14:32:27,494 INFO L276 IsEmpty]: Start isEmpty. Operand 11 states and 11 transitions. [2018-12-23 14:32:27,495 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2018-12-23 14:32:27,495 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2018-12-23 14:32:27,495 INFO L88 GeneralOperation]: Finished isEquivalent. [2018-12-23 14:32:27,495 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2018-12-23 14:32:27,495 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2018-12-23 14:32:27,496 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 11 transitions. [2018-12-23 14:32:27,496 INFO L78 Accepts]: Start accepts. Automaton has 11 states and 11 transitions. Word has length 8 [2018-12-23 14:32:27,497 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-12-23 14:32:27,497 INFO L480 AbstractCegarLoop]: Abstraction has 11 states and 11 transitions. [2018-12-23 14:32:27,497 INFO L481 AbstractCegarLoop]: Interpolant automaton has 3 states. [2018-12-23 14:32:27,497 INFO L276 IsEmpty]: Start isEmpty. Operand 11 states and 11 transitions. [2018-12-23 14:32:27,497 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 11 [2018-12-23 14:32:27,498 INFO L394 BasicCegarLoop]: Found error trace [2018-12-23 14:32:27,498 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1] [2018-12-23 14:32:27,498 INFO L423 AbstractCegarLoop]: === Iteration 4 === [mainErr0ASSERT_VIOLATIONPRE_CONDITIONandASSERT, mainErr1ASSERT_VIOLATIONPRE_CONDITIONandASSERT]=== [2018-12-23 14:32:27,498 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2018-12-23 14:32:27,499 INFO L82 PathProgramCache]: Analyzing trace with hash -1391871885, now seen corresponding path program 1 times [2018-12-23 14:32:27,499 INFO L69 tionRefinementEngine]: Using refinement strategy TaipanRefinementStrategy [2018-12-23 14:32:27,500 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-23 14:32:27,500 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-12-23 14:32:27,500 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-12-23 14:32:27,500 INFO L289 anRefinementStrategy]: Using traceCheck mode SMTINTERPOL with AssertCodeBlockOrder NOT_INCREMENTALLY (IT: Craig_TreeInterpolation) [2018-12-23 14:32:27,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-12-23 14:32:27,681 INFO L273 TraceCheckUtils]: 0: Hoare triple {207#true} ~malloc_old_#length, ~malloc_old_#valid := #length, #valid;~malloc_~size := 400;havoc ~malloc_#res.base, ~malloc_#res.offset;havoc #valid, #length;assume ~malloc_old_#valid[~malloc_#res.base] == false;assume #valid == ~malloc_old_#valid[~malloc_#res.base := true];assume ~malloc_#res.offset == 0;assume ~malloc_#res.base != 0;assume #length == ~malloc_old_#length[~malloc_#res.base := ~malloc_~size];#t~malloc0.base, #t~malloc0.offset := ~malloc_#res.base, ~malloc_#res.offset;~p~1.base, ~p~1.offset := #t~malloc0.base, #t~malloc0.offset;~q~1.base, ~q~1.offset := ~p~1.base, ~p~1.offset; {209#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} is VALID [2018-12-23 14:32:27,682 INFO L273 TraceCheckUtils]: 1: Hoare triple {209#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} #t~short2 := ~q~1.offset < ~p~1.offset + 400; {209#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} is VALID [2018-12-23 14:32:27,683 INFO L273 TraceCheckUtils]: 2: Hoare triple {209#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} assume #t~short2;read~int_#ptr.base, read~int_#ptr.offset, read~int_#sizeOfReadType := ~q~1.base, ~q~1.offset, 4; {209#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} is VALID [2018-12-23 14:32:27,683 INFO L273 TraceCheckUtils]: 3: Hoare triple {209#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} assume #valid[read~int_#ptr.base]; {209#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} is VALID [2018-12-23 14:32:27,684 INFO L273 TraceCheckUtils]: 4: Hoare triple {209#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} assume read~int_#sizeOfReadType + read~int_#ptr.offset <= #length[read~int_#ptr.base];assume #valid[read~int_#ptr.base];assume read~int_#sizeOfReadType + read~int_#ptr.offset <= #length[read~int_#ptr.base];havoc read~int_#value;assume read~int_#value == #memory_int[read~int_#ptr.base,read~int_#ptr.offset];#t~mem1 := read~int_#value;#t~short2 := #t~mem1 >= 0; {209#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} is VALID [2018-12-23 14:32:27,687 INFO L273 TraceCheckUtils]: 5: Hoare triple {209#(and (= main_~p~1.offset main_~q~1.offset) (<= (+ main_~p~1.offset 400) (select |#length| main_~q~1.base)))} assume !!#t~short2;havoc #t~mem1;havoc #t~short2;#t~post3.base, #t~post3.offset := ~q~1.base, ~q~1.offset;~q~1.base, ~q~1.offset := #t~post3.base, #t~post3.offset + 4;havoc #t~post3.base, #t~post3.offset; {210#(<= (+ main_~q~1.offset 396) (select |#length| main_~q~1.base))} is VALID [2018-12-23 14:32:27,688 INFO L273 TraceCheckUtils]: 6: Hoare triple {210#(<= (+ main_~q~1.offset 396) (select |#length| main_~q~1.base))} #t~short2 := ~q~1.offset < ~p~1.offset + 400; {210#(<= (+ main_~q~1.offset 396) (select |#length| main_~q~1.base))} is VALID [2018-12-23 14:32:27,692 INFO L273 TraceCheckUtils]: 7: Hoare triple {210#(<= (+ main_~q~1.offset 396) (select |#length| main_~q~1.base))} assume #t~short2;read~int_#ptr.base, read~int_#ptr.offset, read~int_#sizeOfReadType := ~q~1.base, ~q~1.offset, 4; {211#(<= (+ |main_read~int_#ptr.offset| |main_read~int_#sizeOfReadType| 392) (select |#length| |main_read~int_#ptr.base|))} is VALID [2018-12-23 14:32:27,692 INFO L273 TraceCheckUtils]: 8: Hoare triple {211#(<= (+ |main_read~int_#ptr.offset| |main_read~int_#sizeOfReadType| 392) (select |#length| |main_read~int_#ptr.base|))} assume #valid[read~int_#ptr.base]; {211#(<= (+ |main_read~int_#ptr.offset| |main_read~int_#sizeOfReadType| 392) (select |#length| |main_read~int_#ptr.base|))} is VALID [2018-12-23 14:32:27,693 INFO L273 TraceCheckUtils]: 9: Hoare triple {211#(<= (+ |main_read~int_#ptr.offset| |main_read~int_#sizeOfReadType| 392) (select |#length| |main_read~int_#ptr.base|))} assume !(read~int_#sizeOfReadType + read~int_#ptr.offset <= #length[read~int_#ptr.base]); {208#false} is VALID [2018-12-23 14:32:27,695 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 0 proven. 4 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-12-23 14:32:27,696 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-12-23 14:32:27,696 INFO L193 anRefinementStrategy]: Switched to InterpolantGenerator mode ABSTRACT_INTERPRETATION [2018-12-23 14:32:27,697 INFO L205 CegarAbsIntRunner]: Running AI on error trace of length 11 with the following transitions: [2018-12-23 14:32:27,698 INFO L207 CegarAbsIntRunner]: [0], [4], [7], [9], [10], [11], [19] [2018-12-23 14:32:27,760 INFO L148 AbstractInterpreter]: Using domain ArrayDomain [2018-12-23 14:32:27,760 INFO L101 FixpointEngine]: Starting fixpoint engine with domain ArrayDomain (maxUnwinding=3, maxParallelStates=2) [2018-12-23 14:32:28,270 WARN L212 ngHoareTripleChecker]: Soundness check inconclusive for the following hoare triple [2018-12-23 14:32:28,272 WARN L217 ngHoareTripleChecker]: Expected: VALID Actual: UNKNOWN [2018-12-23 14:32:28,275 WARN L219 ngHoareTripleChecker]: Solver was "Z3" in version "4.8.3" [2018-12-23 14:32:28,276 WARN L223 ngHoareTripleChecker]: -- [2018-12-23 14:32:28,276 WARN L224 ngHoareTripleChecker]: Pre: {2147483647#(forall ((v_idx_7 Int) (v_idx_8 Int) (v_idx_9 Int) (v_idx_3 Int) (v_idx_10 Int) (v_idx_4 Int) (v_idx_5 Int) (v_idx_6 Int) (v_idx_1 Int) (v_idx_2 Int)) (exists ((v_v_3_1 Bool) (v_v_8_1 Int) (v_v_4_1 Bool) (v_v_0_1 Int) (v_v_7_1 (Array Int Int)) (v_v_1_1 Int) (v_v_5_1 (Array Int Int)) (v_v_2_1 Int) (v_v_9_1 Bool) (v_v_6_1 Int)) (and (= (select |c_#length| v_idx_6) v_v_1_1) (= (select |c_old(#valid)| v_idx_3) v_v_4_1) (= v_v_0_1 (select |c_main_~malloc_old_#length| v_idx_1)) (= v_v_5_1 (select |c_#memory_int| v_idx_4)) (= (select |c_old(#memory_int)| v_idx_5) v_v_7_1) (= v_v_2_1 (select |c_old(#length)| v_idx_7)) (= (select v_v_5_1 v_idx_8) v_v_6_1) (= (select |c_#valid| v_idx_2) v_v_3_1) (= v_v_9_1 (select |c_main_~malloc_old_#valid| v_idx_9)) (= v_v_8_1 (select v_v_7_1 v_idx_10)))))} [2018-12-23 14:32:28,276 WARN L228 ngHoareTripleChecker]: Action: ~malloc_old_#length, ~malloc_old_#valid := #length, #valid;~malloc_~size := 400;havoc ~malloc_#res.base, ~malloc_#res.offset;havoc #valid, #length;assume ~malloc_old_#valid[~malloc_#res.base] == false;assume #valid == ~malloc_old_#valid[~malloc_#res.base := true];assume ~malloc_#res.offset == 0;assume ~malloc_#res.base != 0;assume #length == ~malloc_old_#length[~malloc_#res.base := ~malloc_~size];#t~malloc0.base, #t~malloc0.offset := ~malloc_#res.base, ~malloc_#res.offset;~p~1.base, ~p~1.offset := #t~malloc0.base, #t~malloc0.offset;~q~1.base, ~q~1.offset := ~p~1.base, ~p~1.offset; [2018-12-23 14:32:28,280 WARN L184 hOps$ForEachOp$OfRef]: ActionStr: (and (not (select |c_main_~malloc_old_#valid_primed| |c_main_~malloc_#res.base_primed|)) (= |c_main_#t~malloc0.offset_primed| |c_main_~malloc_#res.offset_primed|) (= (store |c_main_~malloc_old_#length_primed| |c_main_~malloc_#res.base_primed| c_main_~malloc_~size_primed) |c_#length_primed|) (= |c_main_~malloc_old_#valid_primed| |c_#valid|) (= |c_main_~malloc_old_#length_primed| |c_#length|) (= (store |c_main_~malloc_old_#valid_primed| |c_main_~malloc_#res.base_primed| true) |c_#valid_primed|) (= c_main_~q~1.offset_primed c_main_~p~1.offset_primed) (= 0 |c_main_~malloc_#res.offset_primed|) (= |c_main_#t~malloc0.base_primed| |c_main_~malloc_#res.base_primed|) (= c_main_~p~1.base_primed |c_main_#t~malloc0.base_primed|) (= c_main_~q~1.base_primed c_main_~p~1.base_primed) (= c_main_~malloc_~size_primed 400) (= c_main_~p~1.offset_primed |c_main_#t~malloc0.offset_primed|) (not (= |c_main_~malloc_#res.base_primed| 0))) [2018-12-23 14:32:28,281 WARN L230 ngHoareTripleChecker]: Post: {2147483646#(forall ((v_idx_14 Int) (v_idx_15 Int) (v_idx_23 Int) (v_idx_12 Int) (v_idx_24 Int) (v_idx_13 Int) (v_idx_21 Int) (v_idx_22 Int) (v_idx_11 Int) (v_idx_20 Int) (v_idx_18 Int) (v_idx_19 Int) (v_idx_16 Int) (v_idx_17 Int)) (exists ((v_v_24_1 Int) (v_v_25_1 Int) (v_b_4_1 Int) (v_b_5_1 Int) (v_b_8_1 Int) (v_b_9_1 Int) (v_v_4_1 Bool) (v_v_26_1 Int) (v_v_8_1 Int) (v_v_19_1 Bool) (v_v_18_1 Bool) (v_v_7_1 (Array Int Int)) (v_v_12_1 Bool) (v_v_1_1 Int) (v_v_5_1 (Array Int Int)) (v_v_2_1 Int) (v_v_6_1 Int) (v_v_20_1 Bool)) (and (<= (- (- |c_main_#t~malloc0.offset|) (- v_v_25_1)) 400) (<= (- (- |c_main_#t~malloc0.offset|) c_main_~q~1.offset) 0) (<= (- |c_main_#t~malloc0.offset| (- c_main_~malloc_~size)) 400) (<= (- (- c_main_~malloc_~size) v_v_25_1) (- 800)) (<= (- (- c_main_~malloc_~size) (- c_main_~p~1.offset)) (- 400)) (<= (- (- |c_main_~malloc_#res.offset|) (- c_main_~q~1.offset)) 0) (or (= v_v_19_1 (select |c_#valid| v_idx_14)) (< v_idx_14 v_b_4_1) (<= v_b_5_1 v_idx_14)) (<= (- |c_main_#t~malloc0.offset| (- |c_main_~malloc_#res.offset|)) 0) (<= (- (- |c_main_~malloc_#res.offset|) c_main_~malloc_~size) (- 400)) v_v_19_1 (<= (- (- v_b_4_1) (- |c_main_~malloc_#res.base|)) 0) (<= (- (- c_main_~q~1.offset) (- v_v_25_1)) 400) (<= (- (- c_main_~malloc_~size) c_main_~p~1.offset) (- 400)) (<= (- (- |c_main_~malloc_#res.offset|) (- c_main_~p~1.offset)) 0) (<= (- (- v_b_5_1) (- |c_main_~malloc_#res.base|)) (- 1)) (<= (- (- v_b_9_1) (- |c_main_~malloc_#res.base|)) (- 1)) (<= (- (- |c_main_#t~malloc0.offset|) c_main_~p~1.offset) 0) (<= (- v_b_8_1 v_b_9_1) (- 1)) (<= (- (- |c_main_~malloc_#res.offset|) (- c_main_~malloc_~size)) 400) (<= (- v_b_9_1 |c_main_~malloc_#res.base|) 1) (<= (- |c_main_~malloc_#res.offset| (- v_v_25_1)) 400) (<= (- (- c_main_~p~1.offset) v_v_25_1) (- 400)) (<= (- v_b_8_1 |c_main_~malloc_#res.base|) 0) (<= (- c_main_~malloc_~size (- c_main_~p~1.offset)) 400) (<= (- |c_main_#t~malloc0.offset| |c_main_~malloc_#res.offset|) 0) (<= (- |c_main_#t~malloc0.offset| (- c_main_~p~1.offset)) 0) (<= (- |c_main_~malloc_#res.offset| (- c_main_~q~1.offset)) 0) (<= (- |c_main_#t~malloc0.offset| (- |c_main_#t~malloc0.offset|)) 0) (<= (- v_v_25_1 (- v_v_25_1)) 800) (or (< v_idx_21 v_b_9_1) (= (select |c_#length| v_idx_21) v_v_26_1)) (or (= v_v_24_1 (select |c_#length| v_idx_19)) (<= v_b_8_1 v_idx_19)) (<= (- c_main_~malloc_~size (- c_main_~malloc_~size)) 800) (<= (- |c_main_#t~malloc0.offset| (- v_v_25_1)) 400) (= v_v_7_1 (select |c_old(#memory_int)| v_idx_17)) (= v_v_5_1 (select |c_#memory_int| v_idx_16)) (<= (- (- |c_main_#t~malloc0.offset|) (- c_main_~p~1.offset)) 0) (<= (- |c_main_#t~malloc0.offset| c_main_~p~1.offset) 0) (<= (- (- v_v_25_1) v_v_25_1) (- 800)) (<= (- c_main_~p~1.offset v_v_25_1) (- 400)) (<= (- (- c_main_~p~1.offset) c_main_~p~1.offset) 0) (<= (- (- |c_main_#t~malloc0.offset|) c_main_~malloc_~size) (- 400)) (<= (- c_main_~malloc_~size v_v_25_1) 0) (or (< v_idx_15 v_b_5_1) (= (select |c_#valid| v_idx_15) v_v_20_1)) (<= (- v_b_5_1 v_b_9_1) 0) (<= (- |c_main_#t~malloc0.offset| c_main_~q~1.offset) 0) (<= (- c_main_~q~1.offset v_v_25_1) (- 400)) (= (select |c_old(#valid)| v_idx_12) v_v_4_1) (<= (- c_main_~malloc_~size (- v_v_25_1)) 800) (<= (- (- c_main_~malloc_~size) (- v_v_25_1)) 0) (or (<= v_b_4_1 v_idx_13) (= (select |c_#valid| v_idx_13) v_v_18_1)) (<= (- c_main_~malloc_~size c_main_~q~1.offset) 400) (<= (- (- v_b_8_1) (- |c_main_~malloc_#res.base|)) 0) (<= (- c_main_~malloc_~size (- c_main_~q~1.offset)) 400) (<= (- |c_main_#t~malloc0.offset| c_main_~malloc_~size) (- 400)) (<= (- c_main_~p~1.offset c_main_~q~1.offset) 0) (<= (- |c_main_~malloc_#res.offset| (- c_main_~malloc_~size)) 400) (<= (- (- |c_main_#t~malloc0.offset|) (- c_main_~q~1.offset)) 0) (or (= (select |c_#length| v_idx_20) v_v_25_1) (<= v_b_9_1 v_idx_20) (< v_idx_20 v_b_8_1)) (<= (- c_main_~p~1.offset (- c_main_~q~1.offset)) 0) (= (select |c_main_~malloc_old_#length| v_idx_11) v_v_1_1) (<= (- (- c_main_~p~1.offset) (- c_main_~q~1.offset)) 0) (<= (- (- c_main_~malloc_~size) c_main_~q~1.offset) (- 400)) (<= (- v_b_4_1 v_b_9_1) (- 1)) (<= (- (- c_main_~malloc_~size) (- c_main_~q~1.offset)) (- 400)) (<= (- (- v_b_4_1) (- v_b_5_1)) 1) (<= (- c_main_~q~1.offset (- v_v_25_1)) 400) (<= (- (- |c_main_#t~malloc0.offset|) v_v_25_1) (- 400)) (= (select |c_main_~malloc_old_#valid| v_idx_23) v_v_12_1) (<= (- v_b_4_1 v_b_5_1) (- 1)) (<= (- (- |c_main_#t~malloc0.offset|) |c_main_~malloc_#res.offset|) 0) (<= (- (- c_main_~q~1.offset) v_v_25_1) (- 400)) (<= (- |c_main_~malloc_#res.offset| v_v_25_1) (- 400)) (<= (- (- |c_main_~malloc_#res.offset|) (- v_v_25_1)) 400) (<= (- |c_main_~malloc_#res.offset| c_main_~malloc_~size) (- 400)) (<= (- |c_main_~malloc_#res.offset| c_main_~q~1.offset) 0) (<= (- |c_main_#t~malloc0.offset| (- c_main_~q~1.offset)) 0) (<= (- (- |c_main_#t~malloc0.offset|) (- |c_main_~malloc_#res.offset|)) 0) (= v_v_8_1 (select v_v_7_1 v_idx_24)) (<= (- (- |c_main_~malloc_#res.offset|) |c_main_~malloc_#res.offset|) 0) (<= (- |c_main_~malloc_#res.offset| c_main_~p~1.offset) 0) (<= (- (- c_main_~p~1.offset) (- v_v_25_1)) 400) (<= (- (- v_b_5_1) (- v_b_9_1)) 0) (<= (- (- c_main_~q~1.offset) c_main_~q~1.offset) 0) (<= (- (- v_b_4_1) (- v_b_9_1)) 1) (<= (- |c_main_~malloc_#res.offset| (- c_main_~p~1.offset)) 0) (<= (- v_b_5_1 v_b_8_1) 1) (= (select v_v_5_1 v_idx_22) v_v_6_1) (<= (- c_main_~malloc_~size c_main_~p~1.offset) 400) (<= (- (- c_main_~malloc_~size) c_main_~malloc_~size) (- 800)) (<= (- (- |c_main_#t~malloc0.offset|) |c_main_#t~malloc0.offset|) 0) (<= (- (- v_b_4_1) (- v_b_8_1)) 0) (<= (- (- |c_main_~malloc_#res.offset|) c_main_~q~1.offset) 0) (<= (- (- |c_main_~malloc_#res.offset|) v_v_25_1) (- 400)) (<= (- (- |c_main_~malloc_#res.offset|) c_main_~p~1.offset) 0) (<= (- c_main_~p~1.offset (- v_v_25_1)) 400) (<= (- |c_main_~malloc_#res.offset| (- |c_main_~malloc_#res.offset|)) 0) (<= (- |c_main_#t~malloc0.offset| v_v_25_1) (- 400)) (= (select |c_old(#length)| v_idx_18) v_v_2_1) (<= (- (- v_b_5_1) (- v_b_8_1)) (- 1)) (<= (- c_main_~q~1.offset (- c_main_~q~1.offset)) 0) (<= (- (- |c_main_#t~malloc0.offset|) (- c_main_~malloc_~size)) 400) (<= (- (- v_b_8_1) (- v_b_9_1)) 1) (<= (- v_b_4_1 |c_main_~malloc_#res.base|) 0) (<= (- c_main_~p~1.offset (- c_main_~p~1.offset)) 0) (<= (- (- c_main_~p~1.offset) c_main_~q~1.offset) 0) (<= (- v_b_4_1 v_b_8_1) 0) (<= (- v_b_5_1 |c_main_~malloc_#res.base|) 1))))} [2018-12-23 14:32:28,282 WARN L263 ngHoareTripleChecker]: unsat core / model generation is disabled, enable it to get more details [2018-12-23 14:32:28,283 WARN L268 ngHoareTripleChecker]: -- [2018-12-23 14:32:28,283 WARN L269 ngHoareTripleChecker]: Simplified triple [2018-12-23 14:32:28,432 FATAL L292 ToolchainWalker]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.AssertionError: java.lang.ClassCastException: de.uni_freiburg.informatik.ultimate.logic.ApplicationTerm cannot be cast to de.uni_freiburg.informatik.ultimate.logic.QuantifiedFormula at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseRefinementStrategy.extractInterpolants(BaseRefinementStrategy.java:391) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseRefinementStrategy.handleInfeasibleCase(BaseRefinementStrategy.java:296) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseRefinementStrategy.executeStrategy(BaseRefinementStrategy.java:206) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.TraceAbstractionRefinementEngine.(TraceAbstractionRefinementEngine.java:70) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.BasicCegarLoop.isCounterexampleFeasible(BasicCegarLoop.java:456) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.AbstractCegarLoop.iterateInternal(AbstractCegarLoop.java:434) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.AbstractCegarLoop.iterate(AbstractCegarLoop.java:376) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.iterate(TraceAbstractionStarter.java:334) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:174) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:126) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:316) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55) Caused by: java.lang.ClassCastException: de.uni_freiburg.informatik.ultimate.logic.ApplicationTerm cannot be cast to de.uni_freiburg.informatik.ultimate.logic.QuantifiedFormula at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.linearterms.QuantifierPusher.processDualQuantifier(QuantifierPusher.java:374) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.linearterms.QuantifierPusher.tryToPush(QuantifierPusher.java:118) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.linearterms.QuantifierPusher.convert(QuantifierPusher.java:107) at de.uni_freiburg.informatik.ultimate.logic.TermTransformer.cacheConvert(TermTransformer.java:131) at de.uni_freiburg.informatik.ultimate.logic.TermTransformer.access$0(TermTransformer.java:127) at de.uni_freiburg.informatik.ultimate.logic.TermTransformer$Convert.walk(TermTransformer.java:79) at de.uni_freiburg.informatik.ultimate.logic.NonRecursive.run(NonRecursive.java:122) at de.uni_freiburg.informatik.ultimate.logic.NonRecursive.run(NonRecursive.java:113) at de.uni_freiburg.informatik.ultimate.logic.TermTransformer.transform(TermTransformer.java:253) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.smt.PartialQuantifierElimination.tryToEliminate(PartialQuantifierElimination.java:88) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.hoaretriple.DebuggingHoareTripleChecker.toStringSimplified(DebuggingHoareTripleChecker.java:308) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.hoaretriple.DebuggingHoareTripleChecker.logUnsoundness(DebuggingHoareTripleChecker.java:270) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.hoaretriple.DebuggingHoareTripleChecker.checkValidity(DebuggingHoareTripleChecker.java:192) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.hoaretriple.DebuggingHoareTripleChecker.checkValidity(DebuggingHoareTripleChecker.java:179) at de.uni_freiburg.informatik.ultimate.modelcheckerutils.hoaretriple.DebuggingHoareTripleChecker.checkInternal(DebuggingHoareTripleChecker.java:139) at de.uni_freiburg.informatik.ultimate.plugins.analysis.abstractinterpretationv2.algorithm.rcfg.RcfgDebugHelper.isPostSound(RcfgDebugHelper.java:80) at de.uni_freiburg.informatik.ultimate.plugins.analysis.abstractinterpretationv2.algorithm.rcfg.RcfgDebugHelper.isPostSound(RcfgDebugHelper.java:62) at de.uni_freiburg.informatik.ultimate.plugins.analysis.abstractinterpretationv2.algorithm.rcfg.RcfgDebugHelper.isPostSound(RcfgDebugHelper.java:1) at de.uni_freiburg.informatik.ultimate.plugins.analysis.abstractinterpretationv2.algorithm.FixpointEngine.assertIsPostSound(FixpointEngine.java:268) at de.uni_freiburg.informatik.ultimate.plugins.analysis.abstractinterpretationv2.algorithm.FixpointEngine.calculateAbstractPost(FixpointEngine.java:254) at de.uni_freiburg.informatik.ultimate.plugins.analysis.abstractinterpretationv2.algorithm.FixpointEngine.calculateFixpoint(FixpointEngine.java:134) at de.uni_freiburg.informatik.ultimate.plugins.analysis.abstractinterpretationv2.algorithm.FixpointEngine.run(FixpointEngine.java:105) at de.uni_freiburg.informatik.ultimate.plugins.analysis.abstractinterpretationv2.tool.AbstractInterpreter.runWithoutTimeoutAndResults(AbstractInterpreter.java:149) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.CegarAbsIntRunner.generateFixpoints(CegarAbsIntRunner.java:222) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseTaipanRefinementStrategy.constructInterpolantGenerator(BaseTaipanRefinementStrategy.java:382) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseTaipanRefinementStrategy.getInterpolantGenerator(BaseTaipanRefinementStrategy.java:225) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseRefinementStrategy.extractInterpolants(BaseRefinementStrategy.java:380) ... 20 more [2018-12-23 14:32:28,438 INFO L168 Benchmark]: Toolchain (without parser) took 3997.69 ms. Allocated memory was 1.5 GB in the beginning and 2.2 GB in the end (delta: 686.3 MB). Free memory was 1.5 GB in the beginning and 2.2 GB in the end (delta: -694.0 MB). Peak memory consumption was 164.9 MB. Max. memory is 7.1 GB. [2018-12-23 14:32:28,441 INFO L168 Benchmark]: Boogie PL CUP Parser took 0.23 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-12-23 14:32:28,441 INFO L168 Benchmark]: Boogie Procedure Inliner took 79.89 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-12-23 14:32:28,442 INFO L168 Benchmark]: Boogie Preprocessor took 40.22 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. [2018-12-23 14:32:28,443 INFO L168 Benchmark]: RCFGBuilder took 571.39 ms. Allocated memory is still 1.5 GB. Free memory was 1.5 GB in the beginning and 1.4 GB in the end (delta: 21.1 MB). Peak memory consumption was 21.1 MB. Max. memory is 7.1 GB. [2018-12-23 14:32:28,444 INFO L168 Benchmark]: TraceAbstraction took 3298.89 ms. Allocated memory was 1.5 GB in the beginning and 2.2 GB in the end (delta: 686.3 MB). Free memory was 1.4 GB in the beginning and 2.2 GB in the end (delta: -715.1 MB). Peak memory consumption was 143.8 MB. Max. memory is 7.1 GB. [2018-12-23 14:32:28,448 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - GenericResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * Boogie PL CUP Parser took 0.23 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. * Boogie Procedure Inliner took 79.89 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. * Boogie Preprocessor took 40.22 ms. Allocated memory is still 1.5 GB. Free memory is still 1.5 GB. There was no memory consumed. Max. memory is 7.1 GB. * RCFGBuilder took 571.39 ms. Allocated memory is still 1.5 GB. Free memory was 1.5 GB in the beginning and 1.4 GB in the end (delta: 21.1 MB). Peak memory consumption was 21.1 MB. Max. memory is 7.1 GB. * TraceAbstraction took 3298.89 ms. Allocated memory was 1.5 GB in the beginning and 2.2 GB in the end (delta: 686.3 MB). Free memory was 1.4 GB in the beginning and 2.2 GB in the end (delta: -715.1 MB). Peak memory consumption was 143.8 MB. Max. memory is 7.1 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - ExceptionOrErrorResult: AssertionError: java.lang.ClassCastException: de.uni_freiburg.informatik.ultimate.logic.ApplicationTerm cannot be cast to de.uni_freiburg.informatik.ultimate.logic.QuantifiedFormula de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: AssertionError: java.lang.ClassCastException: de.uni_freiburg.informatik.ultimate.logic.ApplicationTerm cannot be cast to de.uni_freiburg.informatik.ultimate.logic.QuantifiedFormula: de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.tracehandling.BaseRefinementStrategy.extractInterpolants(BaseRefinementStrategy.java:391) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request...