java -ea -Xmx8000000000 -Xss4m -jar ./plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata ./data -tc ../../../trunk/examples/toolchains/AutomizerBplInline.xml -s ../../../trunk/examples/settings/ai/array-bench/reach_32bit_array_oct.epf -i ../../../trunk/examples/programs/toy/tooDifficultLoopInvariant/PointerIncrement-simplified02.bpl -------------------------------------------------------------------------------- This is Ultimate 0.1.24-1377b90 [2019-01-07 14:44:14,308 INFO L170 SettingsManager]: Resetting all preferences to default values... [2019-01-07 14:44:14,310 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2019-01-07 14:44:14,322 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2019-01-07 14:44:14,323 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2019-01-07 14:44:14,324 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2019-01-07 14:44:14,325 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2019-01-07 14:44:14,327 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2019-01-07 14:44:14,329 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2019-01-07 14:44:14,330 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2019-01-07 14:44:14,331 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2019-01-07 14:44:14,331 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2019-01-07 14:44:14,332 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2019-01-07 14:44:14,333 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2019-01-07 14:44:14,335 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2019-01-07 14:44:14,335 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2019-01-07 14:44:14,336 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2019-01-07 14:44:14,338 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2019-01-07 14:44:14,340 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2019-01-07 14:44:14,342 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2019-01-07 14:44:14,343 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2019-01-07 14:44:14,345 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2019-01-07 14:44:14,347 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2019-01-07 14:44:14,348 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2019-01-07 14:44:14,348 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2019-01-07 14:44:14,349 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2019-01-07 14:44:14,350 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2019-01-07 14:44:14,351 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2019-01-07 14:44:14,352 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2019-01-07 14:44:14,353 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2019-01-07 14:44:14,353 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2019-01-07 14:44:14,354 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2019-01-07 14:44:14,354 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2019-01-07 14:44:14,355 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2019-01-07 14:44:14,356 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2019-01-07 14:44:14,357 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2019-01-07 14:44:14,357 INFO L98 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/ai/array-bench/reach_32bit_array_oct.epf [2019-01-07 14:44:14,370 INFO L110 SettingsManager]: Loading preferences was successful [2019-01-07 14:44:14,370 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2019-01-07 14:44:14,373 INFO L131 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2019-01-07 14:44:14,374 INFO L133 SettingsManager]: * Show backtranslation warnings=false [2019-01-07 14:44:14,374 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2019-01-07 14:44:14,374 INFO L133 SettingsManager]: * User list type=DISABLED [2019-01-07 14:44:14,374 INFO L133 SettingsManager]: * Inline calls to unimplemented procedures=true [2019-01-07 14:44:14,375 INFO L131 SettingsManager]: Preferences of Abstract Interpretation differ from their defaults: [2019-01-07 14:44:14,375 INFO L133 SettingsManager]: * Abstract domain for RCFG-of-the-future=PoormanAbstractDomain [2019-01-07 14:44:14,375 INFO L133 SettingsManager]: * Underlying domain=OctagonDomain [2019-01-07 14:44:14,375 INFO L133 SettingsManager]: * Abstract domain=ArrayDomain [2019-01-07 14:44:14,375 INFO L133 SettingsManager]: * Check feasibility of abstract posts with an SMT solver=true [2019-01-07 14:44:14,376 INFO L133 SettingsManager]: * Interval Domain=false [2019-01-07 14:44:14,376 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2019-01-07 14:44:14,377 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2019-01-07 14:44:14,377 INFO L133 SettingsManager]: * Use SBE=true [2019-01-07 14:44:14,378 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2019-01-07 14:44:14,378 INFO L133 SettingsManager]: * sizeof long=4 [2019-01-07 14:44:14,378 INFO L133 SettingsManager]: * Overapproximate operations on floating types=true [2019-01-07 14:44:14,378 INFO L133 SettingsManager]: * sizeof POINTER=4 [2019-01-07 14:44:14,378 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2019-01-07 14:44:14,380 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2019-01-07 14:44:14,381 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2019-01-07 14:44:14,381 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2019-01-07 14:44:14,381 INFO L133 SettingsManager]: * sizeof long double=12 [2019-01-07 14:44:14,381 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2019-01-07 14:44:14,383 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2019-01-07 14:44:14,383 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2019-01-07 14:44:14,383 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2019-01-07 14:44:14,383 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2019-01-07 14:44:14,384 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2019-01-07 14:44:14,384 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2019-01-07 14:44:14,384 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2019-01-07 14:44:14,384 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2019-01-07 14:44:14,385 INFO L133 SettingsManager]: * Trace refinement strategy=TAIPAN [2019-01-07 14:44:14,385 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2019-01-07 14:44:14,385 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2019-01-07 14:44:14,385 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2019-01-07 14:44:14,385 INFO L133 SettingsManager]: * Abstract interpretation Mode=USE_PREDICATES [2019-01-07 14:44:14,428 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2019-01-07 14:44:14,443 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2019-01-07 14:44:14,447 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2019-01-07 14:44:14,449 INFO L271 PluginConnector]: Initializing Boogie PL CUP Parser... [2019-01-07 14:44:14,449 INFO L276 PluginConnector]: Boogie PL CUP Parser initialized [2019-01-07 14:44:14,450 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/programs/toy/tooDifficultLoopInvariant/PointerIncrement-simplified02.bpl [2019-01-07 14:44:14,451 INFO L111 BoogieParser]: Parsing: '/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/programs/toy/tooDifficultLoopInvariant/PointerIncrement-simplified02.bpl' [2019-01-07 14:44:14,497 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2019-01-07 14:44:14,499 INFO L131 ToolchainWalker]: Walking toolchain with 4 elements. [2019-01-07 14:44:14,500 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2019-01-07 14:44:14,500 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2019-01-07 14:44:14,500 INFO L276 PluginConnector]: Boogie Procedure Inliner initialized [2019-01-07 14:44:14,518 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 07.01 02:44:14" (1/1) ... [2019-01-07 14:44:14,532 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 07.01 02:44:14" (1/1) ... [2019-01-07 14:44:14,539 WARN L165 Inliner]: Program contained no entry procedure! [2019-01-07 14:44:14,540 WARN L168 Inliner]: Missing entry procedures: [ULTIMATE.start] [2019-01-07 14:44:14,540 WARN L175 Inliner]: Fallback enabled. All procedures will be processed. [2019-01-07 14:44:14,558 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2019-01-07 14:44:14,559 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2019-01-07 14:44:14,559 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2019-01-07 14:44:14,559 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2019-01-07 14:44:14,572 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 07.01 02:44:14" (1/1) ... [2019-01-07 14:44:14,572 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 07.01 02:44:14" (1/1) ... [2019-01-07 14:44:14,574 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 07.01 02:44:14" (1/1) ... [2019-01-07 14:44:14,574 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 07.01 02:44:14" (1/1) ... [2019-01-07 14:44:14,579 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 07.01 02:44:14" (1/1) ... [2019-01-07 14:44:14,584 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 07.01 02:44:14" (1/1) ... [2019-01-07 14:44:14,585 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 07.01 02:44:14" (1/1) ... [2019-01-07 14:44:14,587 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2019-01-07 14:44:14,587 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2019-01-07 14:44:14,588 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2019-01-07 14:44:14,588 INFO L276 PluginConnector]: RCFGBuilder initialized [2019-01-07 14:44:14,589 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 07.01 02:44:14" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2019-01-07 14:44:14,666 INFO L130 BoogieDeclarations]: Found specification of procedure main [2019-01-07 14:44:14,667 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2019-01-07 14:44:14,667 INFO L130 BoogieDeclarations]: Found specification of procedure ~malloc [2019-01-07 14:44:15,099 INFO L278 CfgBuilder]: Using library mode [2019-01-07 14:44:15,100 INFO L286 CfgBuilder]: Removed 3 assue(true) statements. [2019-01-07 14:44:15,101 INFO L202 PluginConnector]: Adding new model PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 07.01 02:44:15 BoogieIcfgContainer [2019-01-07 14:44:15,101 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2019-01-07 14:44:15,102 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2019-01-07 14:44:15,102 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2019-01-07 14:44:15,106 INFO L276 PluginConnector]: TraceAbstraction initialized [2019-01-07 14:44:15,106 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.boogie.parser AST 07.01 02:44:14" (1/2) ... [2019-01-07 14:44:15,107 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@460adc7f and model type PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 07.01 02:44:15, skipping insertion in model container [2019-01-07 14:44:15,108 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "PointerIncrement-simplified02.bpl de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 07.01 02:44:15" (2/2) ... [2019-01-07 14:44:15,110 INFO L112 eAbstractionObserver]: Analyzing ICFG PointerIncrement-simplified02.bpl [2019-01-07 14:44:15,122 INFO L156 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2019-01-07 14:44:15,137 INFO L168 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2019-01-07 14:44:15,157 INFO L257 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2019-01-07 14:44:15,205 INFO L382 AbstractCegarLoop]: Interprodecural is true [2019-01-07 14:44:15,206 INFO L383 AbstractCegarLoop]: Hoare is true [2019-01-07 14:44:15,206 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2019-01-07 14:44:15,206 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2019-01-07 14:44:15,206 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2019-01-07 14:44:15,208 INFO L387 AbstractCegarLoop]: Difference is false [2019-01-07 14:44:15,208 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2019-01-07 14:44:15,208 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2019-01-07 14:44:15,230 INFO L276 IsEmpty]: Start isEmpty. Operand 8 states. [2019-01-07 14:44:15,240 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 5 [2019-01-07 14:44:15,243 INFO L394 BasicCegarLoop]: Found error trace [2019-01-07 14:44:15,244 INFO L402 BasicCegarLoop]: trace histogram [1, 1, 1, 1] [2019-01-07 14:44:15,250 INFO L423 AbstractCegarLoop]: === Iteration 1 === [mainErr0ASSERT_VIOLATIONASSERT]=== [2019-01-07 14:44:15,258 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-01-07 14:44:15,258 INFO L82 PathProgramCache]: Analyzing trace with hash 927590, now seen corresponding path program 1 times [2019-01-07 14:44:15,262 INFO L69 tionRefinementEngine]: Using refinement strategy TaipanRefinementStrategy [2019-01-07 14:44:15,323 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-01-07 14:44:15,323 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-01-07 14:44:15,324 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-01-07 14:44:15,324 INFO L289 anRefinementStrategy]: Using traceCheck mode SMTINTERPOL with AssertCodeBlockOrder NOT_INCREMENTALLY (IT: Craig_TreeInterpolation) [2019-01-07 14:44:15,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-01-07 14:44:15,671 INFO L273 TraceCheckUtils]: 0: Hoare triple {11#true} ~malloc_old_#length, ~malloc_old_#valid := #length, #valid;~malloc_~size := 400;havoc ~malloc_#res.base, ~malloc_#res.offset;havoc #valid, #length;assume ~malloc_old_#valid[~malloc_#res.base] == false;assume #valid == ~malloc_old_#valid[~malloc_#res.base := true];assume ~malloc_#res.offset == 0;assume ~malloc_#res.base != 0;assume #length == ~malloc_old_#length[~malloc_#res.base := ~malloc_~size];p.base, p.offset := ~malloc_#res.base, ~malloc_#res.offset;q.base, q.offset := p.base, p.offset; {13#(<= (+ main_q.offset 400) (select |#length| main_q.base))} is VALID [2019-01-07 14:44:15,691 INFO L273 TraceCheckUtils]: 1: Hoare triple {13#(<= (+ main_q.offset 400) (select |#length| main_q.base))} #t~short2 := q.offset < p.offset + 400; {13#(<= (+ main_q.offset 400) (select |#length| main_q.base))} is VALID [2019-01-07 14:44:15,709 INFO L273 TraceCheckUtils]: 2: Hoare triple {13#(<= (+ main_q.offset 400) (select |#length| main_q.base))} assume #t~short2; {13#(<= (+ main_q.offset 400) (select |#length| main_q.base))} is VALID [2019-01-07 14:44:15,726 INFO L273 TraceCheckUtils]: 3: Hoare triple {13#(<= (+ main_q.offset 400) (select |#length| main_q.base))} assume !(4 + q.offset <= #length[q.base]); {12#false} is VALID [2019-01-07 14:44:15,729 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2019-01-07 14:44:15,731 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2019-01-07 14:44:15,732 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [1] imperfect sequences [] total 1 [2019-01-07 14:44:15,732 INFO L257 anRefinementStrategy]: Using the first perfect interpolant sequence [2019-01-07 14:44:15,738 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 4 [2019-01-07 14:44:15,740 INFO L84 Accepts]: Finished accepts. word is accepted. [2019-01-07 14:44:15,746 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2019-01-07 14:44:15,809 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 4 edges. 4 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2019-01-07 14:44:15,810 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2019-01-07 14:44:15,817 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2019-01-07 14:44:15,818 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2019-01-07 14:44:15,821 INFO L87 Difference]: Start difference. First operand 8 states. Second operand 3 states. [2019-01-07 14:44:16,062 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-01-07 14:44:16,062 INFO L93 Difference]: Finished difference Result 17 states and 18 transitions. [2019-01-07 14:44:16,063 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2019-01-07 14:44:16,063 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 4 [2019-01-07 14:44:16,063 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-01-07 14:44:16,064 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2019-01-07 14:44:16,070 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 18 transitions. [2019-01-07 14:44:16,070 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2019-01-07 14:44:16,072 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 18 transitions. [2019-01-07 14:44:16,072 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 18 transitions. [2019-01-07 14:44:16,203 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 18 edges. 18 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2019-01-07 14:44:16,213 INFO L225 Difference]: With dead ends: 17 [2019-01-07 14:44:16,214 INFO L226 Difference]: Without dead ends: 10 [2019-01-07 14:44:16,218 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 1 GetRequests, 0 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2019-01-07 14:44:16,237 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 10 states. [2019-01-07 14:44:16,261 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 10 to 9. [2019-01-07 14:44:16,261 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2019-01-07 14:44:16,262 INFO L82 GeneralOperation]: Start isEquivalent. First operand 10 states. Second operand 9 states. [2019-01-07 14:44:16,263 INFO L74 IsIncluded]: Start isIncluded. First operand 10 states. Second operand 9 states. [2019-01-07 14:44:16,263 INFO L87 Difference]: Start difference. First operand 10 states. Second operand 9 states. [2019-01-07 14:44:16,266 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-01-07 14:44:16,266 INFO L93 Difference]: Finished difference Result 10 states and 10 transitions. [2019-01-07 14:44:16,266 INFO L276 IsEmpty]: Start isEmpty. Operand 10 states and 10 transitions. [2019-01-07 14:44:16,267 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2019-01-07 14:44:16,267 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2019-01-07 14:44:16,267 INFO L74 IsIncluded]: Start isIncluded. First operand 9 states. Second operand 10 states. [2019-01-07 14:44:16,267 INFO L87 Difference]: Start difference. First operand 9 states. Second operand 10 states. [2019-01-07 14:44:16,269 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-01-07 14:44:16,269 INFO L93 Difference]: Finished difference Result 10 states and 10 transitions. [2019-01-07 14:44:16,270 INFO L276 IsEmpty]: Start isEmpty. Operand 10 states and 10 transitions. [2019-01-07 14:44:16,270 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2019-01-07 14:44:16,270 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2019-01-07 14:44:16,270 INFO L88 GeneralOperation]: Finished isEquivalent. [2019-01-07 14:44:16,271 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2019-01-07 14:44:16,271 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 9 states. [2019-01-07 14:44:16,272 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 9 transitions. [2019-01-07 14:44:16,274 INFO L78 Accepts]: Start accepts. Automaton has 9 states and 9 transitions. Word has length 4 [2019-01-07 14:44:16,274 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-01-07 14:44:16,275 INFO L480 AbstractCegarLoop]: Abstraction has 9 states and 9 transitions. [2019-01-07 14:44:16,275 INFO L481 AbstractCegarLoop]: Interpolant automaton has 3 states. [2019-01-07 14:44:16,275 INFO L276 IsEmpty]: Start isEmpty. Operand 9 states and 9 transitions. [2019-01-07 14:44:16,275 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 9 [2019-01-07 14:44:16,276 INFO L394 BasicCegarLoop]: Found error trace [2019-01-07 14:44:16,276 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1] [2019-01-07 14:44:16,276 INFO L423 AbstractCegarLoop]: === Iteration 2 === [mainErr0ASSERT_VIOLATIONASSERT]=== [2019-01-07 14:44:16,277 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-01-07 14:44:16,277 INFO L82 PathProgramCache]: Analyzing trace with hash 1951667359, now seen corresponding path program 1 times [2019-01-07 14:44:16,277 INFO L69 tionRefinementEngine]: Using refinement strategy TaipanRefinementStrategy [2019-01-07 14:44:16,278 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-01-07 14:44:16,278 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-01-07 14:44:16,279 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-01-07 14:44:16,279 INFO L289 anRefinementStrategy]: Using traceCheck mode SMTINTERPOL with AssertCodeBlockOrder NOT_INCREMENTALLY (IT: Craig_TreeInterpolation) [2019-01-07 14:44:16,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-01-07 14:44:16,547 INFO L273 TraceCheckUtils]: 0: Hoare triple {66#true} ~malloc_old_#length, ~malloc_old_#valid := #length, #valid;~malloc_~size := 400;havoc ~malloc_#res.base, ~malloc_#res.offset;havoc #valid, #length;assume ~malloc_old_#valid[~malloc_#res.base] == false;assume #valid == ~malloc_old_#valid[~malloc_#res.base := true];assume ~malloc_#res.offset == 0;assume ~malloc_#res.base != 0;assume #length == ~malloc_old_#length[~malloc_#res.base := ~malloc_~size];p.base, p.offset := ~malloc_#res.base, ~malloc_#res.offset;q.base, q.offset := p.base, p.offset; {68#(<= (+ main_q.offset 400) (select |#length| main_q.base))} is VALID [2019-01-07 14:44:16,561 INFO L273 TraceCheckUtils]: 1: Hoare triple {68#(<= (+ main_q.offset 400) (select |#length| main_q.base))} #t~short2 := q.offset < p.offset + 400; {68#(<= (+ main_q.offset 400) (select |#length| main_q.base))} is VALID [2019-01-07 14:44:16,574 INFO L273 TraceCheckUtils]: 2: Hoare triple {68#(<= (+ main_q.offset 400) (select |#length| main_q.base))} assume #t~short2; {68#(<= (+ main_q.offset 400) (select |#length| main_q.base))} is VALID [2019-01-07 14:44:16,587 INFO L273 TraceCheckUtils]: 3: Hoare triple {68#(<= (+ main_q.offset 400) (select |#length| main_q.base))} assume 4 + q.offset <= #length[q.base]; {68#(<= (+ main_q.offset 400) (select |#length| main_q.base))} is VALID [2019-01-07 14:44:16,601 INFO L273 TraceCheckUtils]: 4: Hoare triple {68#(<= (+ main_q.offset 400) (select |#length| main_q.base))} q.base, q.offset := q.base, q.offset + 4; {69#(<= (+ main_q.offset 396) (select |#length| main_q.base))} is VALID [2019-01-07 14:44:16,608 INFO L273 TraceCheckUtils]: 5: Hoare triple {69#(<= (+ main_q.offset 396) (select |#length| main_q.base))} #t~short2 := q.offset < p.offset + 400; {69#(<= (+ main_q.offset 396) (select |#length| main_q.base))} is VALID [2019-01-07 14:44:16,617 INFO L273 TraceCheckUtils]: 6: Hoare triple {69#(<= (+ main_q.offset 396) (select |#length| main_q.base))} assume #t~short2; {69#(<= (+ main_q.offset 396) (select |#length| main_q.base))} is VALID [2019-01-07 14:44:16,618 INFO L273 TraceCheckUtils]: 7: Hoare triple {69#(<= (+ main_q.offset 396) (select |#length| main_q.base))} assume !(4 + q.offset <= #length[q.base]); {67#false} is VALID [2019-01-07 14:44:16,619 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2019-01-07 14:44:16,620 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2019-01-07 14:44:16,620 INFO L193 anRefinementStrategy]: Switched to InterpolantGenerator mode ABSTRACT_INTERPRETATION [2019-01-07 14:44:16,621 INFO L205 CegarAbsIntRunner]: Running AI on error trace of length 9 with the following transitions: [2019-01-07 14:44:16,623 INFO L207 CegarAbsIntRunner]: [0], [4], [7], [8], [9], [13] [2019-01-07 14:44:16,676 INFO L148 AbstractInterpreter]: Using domain ArrayDomain [2019-01-07 14:44:16,676 INFO L101 FixpointEngine]: Starting fixpoint engine with domain ArrayDomain (maxUnwinding=3, maxParallelStates=2) [2019-01-07 14:44:19,600 WARN L212 ngHoareTripleChecker]: Soundness check inconclusive for the following hoare triple [2019-01-07 14:44:19,601 WARN L217 ngHoareTripleChecker]: Expected: VALID Actual: UNKNOWN [2019-01-07 14:44:19,602 WARN L219 ngHoareTripleChecker]: Solver was "Z3" in version "4.8.3" [2019-01-07 14:44:19,603 WARN L223 ngHoareTripleChecker]: -- [2019-01-07 14:44:19,604 WARN L224 ngHoareTripleChecker]: Pre: {2147483647#(forall ((v_idx_3 Int) (v_idx_4 Int) (v_idx_5 Int) (v_idx_6 Int) (v_idx_1 Int) (v_idx_2 Int)) (exists ((v_v_2_1 Bool) (v_v_1_1 Bool) (v_v_5_1 Bool) (v_v_0_1 Int) (v_v_3_1 Int) (v_v_4_1 Int)) (and (= v_v_0_1 (select |c_main_~malloc_old_#length| v_idx_1)) (= (select |c_#length| v_idx_4) v_v_3_1) (= (select |c_#valid| v_idx_2) v_v_1_1) (= v_v_4_1 (select |c_old(#length)| v_idx_5)) (= v_v_5_1 (select |c_main_~malloc_old_#valid| v_idx_6)) (= (select |c_old(#valid)| v_idx_3) v_v_2_1))))} [2019-01-07 14:44:19,604 WARN L228 ngHoareTripleChecker]: Action: ~malloc_old_#length, ~malloc_old_#valid := #length, #valid;~malloc_~size := 400;havoc ~malloc_#res.base, ~malloc_#res.offset;havoc #valid, #length;assume ~malloc_old_#valid[~malloc_#res.base] == false;assume #valid == ~malloc_old_#valid[~malloc_#res.base := true];assume ~malloc_#res.offset == 0;assume ~malloc_#res.base != 0;assume #length == ~malloc_old_#length[~malloc_#res.base := ~malloc_~size];p.base, p.offset := ~malloc_#res.base, ~malloc_#res.offset;q.base, q.offset := p.base, p.offset; [2019-01-07 14:44:19,605 WARN L184 hOps$ForEachOp$OfRef]: ActionStr: (and (not (select |c_main_~malloc_old_#valid_primed| |c_main_~malloc_#res.base_primed|)) (= c_main_p.offset_primed |c_main_~malloc_#res.offset_primed|) (= (store |c_main_~malloc_old_#length_primed| |c_main_~malloc_#res.base_primed| c_main_~malloc_~size_primed) |c_#length_primed|) (= |c_main_~malloc_old_#valid_primed| |c_#valid|) (= c_main_p.base_primed |c_main_~malloc_#res.base_primed|) (= |c_main_~malloc_old_#length_primed| |c_#length|) (= c_main_~malloc_~size_primed 400) (= c_main_q.offset_primed c_main_p.offset_primed) (= c_main_q.base_primed c_main_p.base_primed) (= (store |c_main_~malloc_old_#valid_primed| |c_main_~malloc_#res.base_primed| true) |c_#valid_primed|) (= 0 |c_main_~malloc_#res.offset_primed|) (not (= |c_main_~malloc_#res.base_primed| 0))) [2019-01-07 14:44:19,606 WARN L230 ngHoareTripleChecker]: Post: {2147483646#(forall ((v_idx_7 Int) (v_idx_14 Int) (v_idx_8 Int) (v_idx_15 Int) (v_idx_9 Int) (v_idx_12 Int) (v_idx_13 Int) (v_idx_10 Int) (v_idx_11 Int) (v_idx_16 Int)) (exists ((v_v_2_1 Bool) (v_b_4_1 Int) (v_v_22_1 Int) (v_b_5_1 Int) (v_v_20_1 Int) (v_v_21_1 Int) (v_b_8_1 Int) (v_b_9_1 Int) (v_v_8_1 Bool) (v_v_16_1 Bool) (v_v_15_1 Bool) (v_v_14_1 Bool) (v_v_3_1 Int) (v_v_4_1 Int)) (and (<= (- c_main_q.offset (- |c_main_~malloc_#res.offset|)) 0) (= (+ |c_main_~malloc_#res.base| 1) v_b_9_1) (or (< v_idx_10 v_b_4_1) (= (select |c_#valid| v_idx_10) v_v_15_1) (<= v_b_5_1 v_idx_10)) (= (+ v_b_5_1 (- 1)) v_b_4_1) (<= (- (- v_b_8_1) (- |c_main_~malloc_#res.base|)) 0) (<= (- (- |c_main_~malloc_#res.offset|) c_main_~malloc_~size) (- 400)) (<= (- |c_main_~malloc_#res.offset| (- c_main_~malloc_~size)) 400) (<= (- (- c_main_p.offset) (- v_v_21_1)) 400) (= (+ |c_main_~malloc_#res.base| 1) (+ v_b_8_1 1)) (<= (- c_main_~malloc_~size v_v_21_1) 0) (<= (- c_main_p.offset (- v_v_21_1)) 400) (<= (- (- v_b_4_1) (- |c_main_~malloc_#res.base|)) 0) (<= (- (- c_main_~malloc_~size) v_v_21_1) (- 800)) v_v_15_1 (= (+ v_b_5_1 (- 1)) |c_main_~malloc_#res.base|) (<= (- (- c_main_p.offset) c_main_p.offset) 0) (<= (- c_main_p.offset c_main_q.offset) 0) (<= (- (- |c_main_~malloc_#res.offset|) (- v_v_21_1)) 400) (<= (- v_b_4_1 v_b_9_1) (- 1)) (= (select |c_old(#length)| v_idx_12) v_v_4_1) (<= (- (- c_main_p.offset) (- c_main_q.offset)) 0) (<= (- c_main_q.offset v_v_21_1) (- 400)) (<= (- c_main_q.offset (- v_v_21_1)) 400) (<= (- (- v_b_4_1) (- v_b_5_1)) 1) (<= (- (- v_b_5_1) (- |c_main_~malloc_#res.base|)) (- 1)) (<= (- (- v_b_9_1) (- |c_main_~malloc_#res.base|)) (- 1)) (= (+ |c_main_~malloc_#res.base| 1) (+ v_b_4_1 1)) (or (< v_idx_11 v_b_5_1) (= (select |c_#valid| v_idx_11) v_v_16_1)) (<= (- v_b_4_1 v_b_5_1) (- 1)) (<= (- v_b_8_1 v_b_9_1) (- 1)) (<= (- (- |c_main_~malloc_#res.offset|) (- c_main_~malloc_~size)) 400) (<= (- v_b_9_1 |c_main_~malloc_#res.base|) 1) (or (< v_idx_15 v_b_9_1) (= v_v_22_1 (select |c_#length| v_idx_15))) (= (select |c_main_~malloc_old_#length| v_idx_7) v_v_3_1) (or (< v_idx_14 v_b_8_1) (= (select |c_#length| v_idx_14) v_v_21_1) (<= v_b_9_1 v_idx_14)) (<= (- |c_main_~malloc_#res.offset| (- v_v_21_1)) 400) (<= (- (- c_main_~malloc_~size) (- v_v_21_1)) 0) (<= (- c_main_p.offset c_main_~malloc_~size) (- 400)) (<= (- v_v_21_1 (- v_v_21_1)) 800) (<= (- (- c_main_p.offset) c_main_q.offset) 0) (<= (- c_main_p.offset (- |c_main_~malloc_#res.offset|)) 0) (<= (- (- c_main_p.offset) c_main_~malloc_~size) (- 400)) (<= (- c_main_q.offset (- c_main_~malloc_~size)) 400) (<= (- |c_main_~malloc_#res.offset| c_main_~malloc_~size) (- 400)) (= (+ v_b_5_1 (- 1)) v_b_8_1) (<= (- v_b_8_1 |c_main_~malloc_#res.base|) 0) (<= (- c_main_q.offset (- c_main_q.offset)) 0) (<= (- (- v_v_21_1) v_v_21_1) (- 800)) (<= (- (- c_main_q.offset) (- v_v_21_1)) 400) (<= (- (- c_main_q.offset) (- |c_main_~malloc_#res.offset|)) 0) (<= (- (- c_main_q.offset) (- c_main_~malloc_~size)) 400) (<= (- |c_main_~malloc_#res.offset| v_v_21_1) (- 400)) (<= (- (- |c_main_~malloc_#res.offset|) |c_main_~malloc_#res.offset|) 0) (= (+ v_b_5_1 (- 1)) (+ v_b_9_1 (- 1))) (<= (- (- v_b_5_1) (- v_b_9_1)) 0) (<= (- (- v_b_4_1) (- v_b_9_1)) 1) (= (+ |c_main_~malloc_#res.base| 1) v_b_5_1) (<= (- v_b_5_1 v_b_8_1) 1) (<= (- c_main_p.offset (- c_main_~malloc_~size)) 400) (<= (- c_main_~malloc_~size (- c_main_~malloc_~size)) 800) (<= (- c_main_p.offset (- c_main_p.offset)) 0) (<= (- (- c_main_~malloc_~size) c_main_~malloc_~size) (- 800)) (<= (- (- c_main_p.offset) (- c_main_~malloc_~size)) 400) (<= (- c_main_p.offset |c_main_~malloc_#res.offset|) 0) (<= (- (- v_b_4_1) (- v_b_8_1)) 0) (<= (- (- c_main_q.offset) |c_main_~malloc_#res.offset|) 0) (<= (- (- c_main_p.offset) v_v_21_1) (- 400)) (= v_v_8_1 (select |c_main_~malloc_old_#valid| v_idx_16)) (<= (- |c_main_~malloc_#res.offset| (- |c_main_~malloc_#res.offset|)) 0) (<= (- c_main_~malloc_~size (- v_v_21_1)) 800) (<= (- (- v_b_5_1) (- v_b_8_1)) (- 1)) (<= (- (- c_main_p.offset) |c_main_~malloc_#res.offset|) 0) (or (<= v_b_8_1 v_idx_13) (= (select |c_#length| v_idx_13) v_v_20_1)) (<= (- (- c_main_q.offset) c_main_q.offset) 0) (<= (- c_main_q.offset c_main_~malloc_~size) (- 400)) (or (<= v_b_4_1 v_idx_9) (= (select |c_#valid| v_idx_9) v_v_14_1)) (<= (- (- v_b_8_1) (- v_b_9_1)) 1) (<= (- v_b_4_1 |c_main_~malloc_#res.base|) 0) (<= (- c_main_p.offset (- c_main_q.offset)) 0) (<= (- (- c_main_q.offset) v_v_21_1) (- 400)) (<= (- v_b_4_1 v_b_8_1) 0) (<= (- (- |c_main_~malloc_#res.offset|) v_v_21_1) (- 400)) (<= (- c_main_q.offset |c_main_~malloc_#res.offset|) 0) (<= (- (- c_main_p.offset) (- |c_main_~malloc_#res.offset|)) 0) (<= (- (- c_main_q.offset) c_main_~malloc_~size) (- 400)) (<= (- v_b_5_1 v_b_9_1) 0) (<= (- v_b_5_1 |c_main_~malloc_#res.base|) 1) (= (select |c_old(#valid)| v_idx_8) v_v_2_1) (<= (- c_main_p.offset v_v_21_1) (- 400)))))} [2019-01-07 14:44:19,606 WARN L263 ngHoareTripleChecker]: unsat core / model generation is disabled, enable it to get more details [2019-01-07 14:44:19,695 WARN L268 ngHoareTripleChecker]: -- [2019-01-07 14:44:19,695 WARN L269 ngHoareTripleChecker]: Simplified triple [2019-01-07 14:44:21,881 WARN L270 ngHoareTripleChecker]: Pre: {2147483647#true} [2019-01-07 14:44:21,881 WARN L274 ngHoareTripleChecker]: Action: ~malloc_old_#length, ~malloc_old_#valid := #length, #valid;~malloc_~size := 400;havoc ~malloc_#res.base, ~malloc_#res.offset;havoc #valid, #length;assume ~malloc_old_#valid[~malloc_#res.base] == false;assume #valid == ~malloc_old_#valid[~malloc_#res.base := true];assume ~malloc_#res.offset == 0;assume ~malloc_#res.base != 0;assume #length == ~malloc_old_#length[~malloc_#res.base := ~malloc_~size];p.base, p.offset := ~malloc_#res.base, ~malloc_#res.offset;q.base, q.offset := p.base, p.offset; [2019-01-07 14:44:21,883 WARN L184 hOps$ForEachOp$OfRef]: ActionStr: (and (not (select |c_main_~malloc_old_#valid_primed| |c_main_~malloc_#res.base_primed|)) (= c_main_p.offset_primed |c_main_~malloc_#res.offset_primed|) (= (store |c_main_~malloc_old_#length_primed| |c_main_~malloc_#res.base_primed| c_main_~malloc_~size_primed) |c_#length_primed|) (= |c_main_~malloc_old_#valid_primed| |c_#valid|) (= c_main_p.base_primed |c_main_~malloc_#res.base_primed|) (= |c_main_~malloc_old_#length_primed| |c_#length|) (= c_main_~malloc_~size_primed 400) (= c_main_q.offset_primed c_main_p.offset_primed) (= c_main_q.base_primed c_main_p.base_primed) (= (store |c_main_~malloc_old_#valid_primed| |c_main_~malloc_#res.base_primed| true) |c_#valid_primed|) (= 0 |c_main_~malloc_#res.offset_primed|) (not (= |c_main_~malloc_#res.base_primed| 0)))