java -Xmx8000000000 -Xss4m -jar ./plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata ./data -tc ../../../trunk/examples/toolchains/AutomizerC.xml -s ../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Default.epf --traceabstraction.trace.refinement.strategy SIFA_TAIPAN --sifa.abstract.domain CompoundDomain --rcfgbuilder.size.of.a.code.block LoopFreeBlock --sifa.call.summarizer TopInputCallSummarizer --sifa.fluid SizeLimitFluid --sifa.simplification.technique SIMPLIFY_QUICK -i ../../../trunk/examples/svcomp/array-tiling/mlceu.c -------------------------------------------------------------------------------- This is Ultimate 0.1.24-36ac518-m [2019-10-07 00:40:28,868 INFO L177 SettingsManager]: Resetting all preferences to default values... [2019-10-07 00:40:28,871 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2019-10-07 00:40:28,890 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2019-10-07 00:40:28,891 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2019-10-07 00:40:28,893 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2019-10-07 00:40:28,895 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2019-10-07 00:40:28,905 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2019-10-07 00:40:28,910 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2019-10-07 00:40:28,913 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2019-10-07 00:40:28,915 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2019-10-07 00:40:28,916 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2019-10-07 00:40:28,917 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2019-10-07 00:40:28,918 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2019-10-07 00:40:28,921 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2019-10-07 00:40:28,922 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2019-10-07 00:40:28,924 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2019-10-07 00:40:28,925 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2019-10-07 00:40:28,926 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2019-10-07 00:40:28,931 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2019-10-07 00:40:28,935 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2019-10-07 00:40:28,938 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2019-10-07 00:40:28,941 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2019-10-07 00:40:28,942 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2019-10-07 00:40:28,944 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2019-10-07 00:40:28,944 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2019-10-07 00:40:28,944 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2019-10-07 00:40:28,946 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2019-10-07 00:40:28,947 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2019-10-07 00:40:28,948 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2019-10-07 00:40:28,949 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2019-10-07 00:40:28,950 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2019-10-07 00:40:28,950 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2019-10-07 00:40:28,951 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2019-10-07 00:40:28,953 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2019-10-07 00:40:28,953 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2019-10-07 00:40:28,954 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2019-10-07 00:40:28,954 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2019-10-07 00:40:28,954 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2019-10-07 00:40:28,955 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2019-10-07 00:40:28,956 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2019-10-07 00:40:28,957 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/settings/default/automizer/svcomp-Reach-32bit-Automizer_Default.epf [2019-10-07 00:40:28,987 INFO L113 SettingsManager]: Loading preferences was successful [2019-10-07 00:40:28,988 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2019-10-07 00:40:28,992 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2019-10-07 00:40:28,993 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2019-10-07 00:40:28,993 INFO L138 SettingsManager]: * Use SBE=true [2019-10-07 00:40:28,993 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2019-10-07 00:40:28,994 INFO L138 SettingsManager]: * sizeof long=4 [2019-10-07 00:40:28,994 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2019-10-07 00:40:28,994 INFO L138 SettingsManager]: * sizeof POINTER=4 [2019-10-07 00:40:28,996 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2019-10-07 00:40:28,996 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2019-10-07 00:40:28,996 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2019-10-07 00:40:28,996 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2019-10-07 00:40:28,997 INFO L138 SettingsManager]: * sizeof long double=12 [2019-10-07 00:40:28,997 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2019-10-07 00:40:28,997 INFO L138 SettingsManager]: * Use constant arrays=true [2019-10-07 00:40:28,997 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2019-10-07 00:40:28,997 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2019-10-07 00:40:28,998 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2019-10-07 00:40:28,998 INFO L138 SettingsManager]: * To the following directory=./dump/ [2019-10-07 00:40:28,998 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2019-10-07 00:40:28,998 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2019-10-07 00:40:28,999 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2019-10-07 00:40:28,999 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2019-10-07 00:40:28,999 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2019-10-07 00:40:28,999 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2019-10-07 00:40:28,999 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2019-10-07 00:40:28,999 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2019-10-07 00:40:29,000 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: Trace refinement strategy -> SIFA_TAIPAN Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.sifa: Abstract Domain -> CompoundDomain Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder: Size of a code block -> LoopFreeBlock Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.sifa: Call Summarizer -> TopInputCallSummarizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.sifa: Fluid -> SizeLimitFluid Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.sifa: Simplification Technique -> SIMPLIFY_QUICK [2019-10-07 00:40:29,298 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2019-10-07 00:40:29,314 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2019-10-07 00:40:29,318 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2019-10-07 00:40:29,320 INFO L271 PluginConnector]: Initializing CDTParser... [2019-10-07 00:40:29,320 INFO L275 PluginConnector]: CDTParser initialized [2019-10-07 00:40:29,321 INFO L428 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../../../trunk/examples/svcomp/array-tiling/mlceu.c [2019-10-07 00:40:29,387 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/a51e61403/d2c42f0198de4379a3380d0fa1a08533/FLAG9792f7001 [2019-10-07 00:40:29,899 INFO L306 CDTParser]: Found 1 translation units. [2019-10-07 00:40:29,899 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/trunk/examples/svcomp/array-tiling/mlceu.c [2019-10-07 00:40:29,908 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/a51e61403/d2c42f0198de4379a3380d0fa1a08533/FLAG9792f7001 [2019-10-07 00:40:30,258 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/a51e61403/d2c42f0198de4379a3380d0fa1a08533 [2019-10-07 00:40:30,269 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2019-10-07 00:40:30,270 INFO L131 ToolchainWalker]: Walking toolchain with 4 elements. [2019-10-07 00:40:30,271 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2019-10-07 00:40:30,272 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2019-10-07 00:40:30,275 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2019-10-07 00:40:30,277 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 07.10 12:40:30" (1/1) ... [2019-10-07 00:40:30,280 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@11d05d66 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 07.10 12:40:30, skipping insertion in model container [2019-10-07 00:40:30,280 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 07.10 12:40:30" (1/1) ... [2019-10-07 00:40:30,288 INFO L142 MainTranslator]: Starting translation in SV-COMP mode [2019-10-07 00:40:30,306 INFO L173 MainTranslator]: Built tables and reachable declarations [2019-10-07 00:40:30,493 INFO L206 PostProcessor]: Analyzing one entry point: main [2019-10-07 00:40:30,509 INFO L188 MainTranslator]: Completed pre-run [2019-10-07 00:40:30,537 INFO L206 PostProcessor]: Analyzing one entry point: main [2019-10-07 00:40:30,551 INFO L192 MainTranslator]: Completed translation [2019-10-07 00:40:30,552 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 07.10 12:40:30 WrapperNode [2019-10-07 00:40:30,552 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2019-10-07 00:40:30,553 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2019-10-07 00:40:30,553 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2019-10-07 00:40:30,553 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2019-10-07 00:40:30,656 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 07.10 12:40:30" (1/1) ... [2019-10-07 00:40:30,656 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 07.10 12:40:30" (1/1) ... [2019-10-07 00:40:30,665 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 07.10 12:40:30" (1/1) ... [2019-10-07 00:40:30,666 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 07.10 12:40:30" (1/1) ... [2019-10-07 00:40:30,673 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 07.10 12:40:30" (1/1) ... [2019-10-07 00:40:30,679 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 07.10 12:40:30" (1/1) ... [2019-10-07 00:40:30,680 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 07.10 12:40:30" (1/1) ... [2019-10-07 00:40:30,682 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2019-10-07 00:40:30,683 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2019-10-07 00:40:30,683 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2019-10-07 00:40:30,683 INFO L275 PluginConnector]: RCFGBuilder initialized [2019-10-07 00:40:30,684 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 07.10 12:40:30" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2019-10-07 00:40:30,741 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2019-10-07 00:40:30,741 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2019-10-07 00:40:30,741 INFO L138 BoogieDeclarations]: Found implementation of procedure __VERIFIER_assert [2019-10-07 00:40:30,741 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2019-10-07 00:40:30,741 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_error [2019-10-07 00:40:30,741 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_assume [2019-10-07 00:40:30,742 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_assert [2019-10-07 00:40:30,742 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_int [2019-10-07 00:40:30,742 INFO L130 BoogieDeclarations]: Found specification of procedure malloc [2019-10-07 00:40:30,742 INFO L130 BoogieDeclarations]: Found specification of procedure main [2019-10-07 00:40:30,742 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2019-10-07 00:40:30,742 INFO L130 BoogieDeclarations]: Found specification of procedure write~int [2019-10-07 00:40:30,742 INFO L130 BoogieDeclarations]: Found specification of procedure read~int [2019-10-07 00:40:30,743 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2019-10-07 00:40:30,743 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2019-10-07 00:40:30,743 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2019-10-07 00:40:31,118 INFO L279 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2019-10-07 00:40:31,119 INFO L284 CfgBuilder]: Removed 2 assume(true) statements. [2019-10-07 00:40:31,120 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 07.10 12:40:31 BoogieIcfgContainer [2019-10-07 00:40:31,120 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2019-10-07 00:40:31,122 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2019-10-07 00:40:31,122 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2019-10-07 00:40:31,125 INFO L275 PluginConnector]: TraceAbstraction initialized [2019-10-07 00:40:31,126 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 07.10 12:40:30" (1/3) ... [2019-10-07 00:40:31,129 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1ed0d076 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 07.10 12:40:31, skipping insertion in model container [2019-10-07 00:40:31,129 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 07.10 12:40:30" (2/3) ... [2019-10-07 00:40:31,130 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1ed0d076 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 07.10 12:40:31, skipping insertion in model container [2019-10-07 00:40:31,130 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 07.10 12:40:31" (3/3) ... [2019-10-07 00:40:31,132 INFO L109 eAbstractionObserver]: Analyzing ICFG mlceu.c [2019-10-07 00:40:31,140 INFO L152 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2019-10-07 00:40:31,148 INFO L164 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2019-10-07 00:40:31,158 INFO L249 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2019-10-07 00:40:31,185 INFO L373 AbstractCegarLoop]: Interprodecural is true [2019-10-07 00:40:31,185 INFO L374 AbstractCegarLoop]: Hoare is true [2019-10-07 00:40:31,186 INFO L375 AbstractCegarLoop]: Compute interpolants for FPandBP [2019-10-07 00:40:31,186 INFO L376 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2019-10-07 00:40:31,186 INFO L377 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2019-10-07 00:40:31,186 INFO L378 AbstractCegarLoop]: Difference is false [2019-10-07 00:40:31,186 INFO L379 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2019-10-07 00:40:31,187 INFO L383 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2019-10-07 00:40:31,203 INFO L276 IsEmpty]: Start isEmpty. Operand 20 states. [2019-10-07 00:40:31,210 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 13 [2019-10-07 00:40:31,210 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:40:31,211 INFO L385 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:40:31,214 INFO L410 AbstractCegarLoop]: === Iteration 1 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:40:31,220 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:40:31,220 INFO L82 PathProgramCache]: Analyzing trace with hash 1161728312, now seen corresponding path program 1 times [2019-10-07 00:40:31,227 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:40:31,228 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:31,228 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:31,228 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:31,228 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:40:31,336 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:40:31,420 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2019-10-07 00:40:31,421 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:31,421 INFO L211 tionRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2019-10-07 00:40:31,422 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2019-10-07 00:40:31,426 INFO L442 AbstractCegarLoop]: Interpolant automaton has 3 states [2019-10-07 00:40:31,437 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2019-10-07 00:40:31,438 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2019-10-07 00:40:31,440 INFO L87 Difference]: Start difference. First operand 20 states. Second operand 3 states. [2019-10-07 00:40:31,501 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:40:31,501 INFO L93 Difference]: Finished difference Result 34 states and 40 transitions. [2019-10-07 00:40:31,501 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2019-10-07 00:40:31,503 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 12 [2019-10-07 00:40:31,503 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:40:31,510 INFO L225 Difference]: With dead ends: 34 [2019-10-07 00:40:31,510 INFO L226 Difference]: Without dead ends: 17 [2019-10-07 00:40:31,513 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2019-10-07 00:40:31,530 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 17 states. [2019-10-07 00:40:31,548 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 17 to 17. [2019-10-07 00:40:31,550 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 17 states. [2019-10-07 00:40:31,551 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 17 states to 17 states and 18 transitions. [2019-10-07 00:40:31,552 INFO L78 Accepts]: Start accepts. Automaton has 17 states and 18 transitions. Word has length 12 [2019-10-07 00:40:31,553 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:40:31,553 INFO L462 AbstractCegarLoop]: Abstraction has 17 states and 18 transitions. [2019-10-07 00:40:31,553 INFO L463 AbstractCegarLoop]: Interpolant automaton has 3 states. [2019-10-07 00:40:31,554 INFO L276 IsEmpty]: Start isEmpty. Operand 17 states and 18 transitions. [2019-10-07 00:40:31,554 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 14 [2019-10-07 00:40:31,554 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:40:31,555 INFO L385 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:40:31,555 INFO L410 AbstractCegarLoop]: === Iteration 2 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:40:31,555 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:40:31,556 INFO L82 PathProgramCache]: Analyzing trace with hash 941325065, now seen corresponding path program 1 times [2019-10-07 00:40:31,556 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:40:31,556 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:31,557 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:31,557 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:31,557 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:40:31,585 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:40:31,647 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2019-10-07 00:40:31,649 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:31,650 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:40:31,650 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:40:31,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:40:31,704 INFO L256 TraceCheckSpWp]: Trace formula consists of 81 conjuncts, 4 conjunts are in the unsatisfiable core [2019-10-07 00:40:31,710 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:40:31,777 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2019-10-07 00:40:31,777 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:40:31,828 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2019-10-07 00:40:31,829 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:40:31,866 INFO L162 IcfgInterpreter]: Started Sifa with 13 locations of interest [2019-10-07 00:40:31,867 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:40:31,888 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:40:31,897 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:40:31,898 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:40:32,152 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 30 for LOIs [2019-10-07 00:40:32,656 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:40:32,768 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 35 for LOIs [2019-10-07 00:40:32,790 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:40:32,804 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:40:32,804 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:40:32,805 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 102#(and (exists ((v_main_~a~0.base_BEFORE_CALL_1 Int) (v_main_~a~0.offset_BEFORE_CALL_1 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_1 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< 0 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_1) v_main_~a~0.offset_BEFORE_CALL_1) 0)) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_1 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~a~0.offset_BEFORE_CALL_1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_1) v_main_~a~0.offset_BEFORE_CALL_1) 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:40:32,805 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 111#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:40:32,806 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 87#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (= main_~i~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:32,806 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 107#(and (exists ((v_main_~a~0.base_BEFORE_CALL_1 Int) (v_main_~a~0.offset_BEFORE_CALL_1 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_1 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< 0 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_1) v_main_~a~0.offset_BEFORE_CALL_1) 0)) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_1 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~a~0.offset_BEFORE_CALL_1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_1) v_main_~a~0.offset_BEFORE_CALL_1) 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:40:32,807 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= ~SIZE~0 2147483647) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:40:32,807 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 97#(and (exists ((v_main_~a~0.base_BEFORE_CALL_1 Int) (v_main_~a~0.offset_BEFORE_CALL_1 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_1 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< 0 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_1) v_main_~a~0.offset_BEFORE_CALL_1) 0)) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_1 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~a~0.offset_BEFORE_CALL_1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_1) v_main_~a~0.offset_BEFORE_CALL_1) 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:40:32,809 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 77#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (<= 0 |#NULL.offset|) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:32,810 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:32,811 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:32,812 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 116#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:32,812 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:40:32,813 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 82#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (= main_~i~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:32,814 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 92#(exists ((v_main_~a~0.base_BEFORE_CALL_1 Int) (v_main_~a~0.offset_BEFORE_CALL_1 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_1 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< 0 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_1) v_main_~a~0.offset_BEFORE_CALL_1) 0)) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_1 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~a~0.offset_BEFORE_CALL_1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_1) v_main_~a~0.offset_BEFORE_CALL_1) 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:40:33,457 WARN L191 SmtUtils]: Spent 152.00 ms on a formula simplification. DAG size of input: 71 DAG size of output: 25 [2019-10-07 00:40:33,799 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:40:33,799 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [4, 4, 4, 11] total 18 [2019-10-07 00:40:33,801 INFO L442 AbstractCegarLoop]: Interpolant automaton has 18 states [2019-10-07 00:40:33,802 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 18 interpolants. [2019-10-07 00:40:33,803 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=54, Invalid=252, Unknown=0, NotChecked=0, Total=306 [2019-10-07 00:40:33,803 INFO L87 Difference]: Start difference. First operand 17 states and 18 transitions. Second operand 18 states. [2019-10-07 00:40:34,411 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:40:34,412 INFO L93 Difference]: Finished difference Result 36 states and 38 transitions. [2019-10-07 00:40:34,412 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2019-10-07 00:40:34,413 INFO L78 Accepts]: Start accepts. Automaton has 18 states. Word has length 13 [2019-10-07 00:40:34,413 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:40:34,414 INFO L225 Difference]: With dead ends: 36 [2019-10-07 00:40:34,414 INFO L226 Difference]: Without dead ends: 27 [2019-10-07 00:40:34,419 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 25 SyntacticMatches, 1 SemanticMatches, 23 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 148 ImplicationChecksByTransitivity, 1.4s TimeCoverageRelationStatistics Valid=102, Invalid=498, Unknown=0, NotChecked=0, Total=600 [2019-10-07 00:40:34,429 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 27 states. [2019-10-07 00:40:34,441 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 27 to 18. [2019-10-07 00:40:34,441 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 18 states. [2019-10-07 00:40:34,446 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 18 states to 18 states and 19 transitions. [2019-10-07 00:40:34,447 INFO L78 Accepts]: Start accepts. Automaton has 18 states and 19 transitions. Word has length 13 [2019-10-07 00:40:34,447 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:40:34,448 INFO L462 AbstractCegarLoop]: Abstraction has 18 states and 19 transitions. [2019-10-07 00:40:34,448 INFO L463 AbstractCegarLoop]: Interpolant automaton has 18 states. [2019-10-07 00:40:34,448 INFO L276 IsEmpty]: Start isEmpty. Operand 18 states and 19 transitions. [2019-10-07 00:40:34,448 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 15 [2019-10-07 00:40:34,448 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:40:34,449 INFO L385 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:40:34,649 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:40:34,650 INFO L410 AbstractCegarLoop]: === Iteration 3 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:40:34,650 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:40:34,650 INFO L82 PathProgramCache]: Analyzing trace with hash -1596208296, now seen corresponding path program 2 times [2019-10-07 00:40:34,651 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:40:34,651 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:34,651 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:34,651 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:34,651 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:40:34,710 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:40:34,894 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2019-10-07 00:40:34,895 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:34,895 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:40:34,895 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:40:34,947 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 2 check-sat command(s) [2019-10-07 00:40:34,947 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:40:34,948 INFO L256 TraceCheckSpWp]: Trace formula consists of 85 conjuncts, 20 conjunts are in the unsatisfiable core [2019-10-07 00:40:34,950 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:40:35,091 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2019-10-07 00:40:35,092 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:40:35,288 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 1 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2019-10-07 00:40:35,288 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:40:35,290 INFO L162 IcfgInterpreter]: Started Sifa with 13 locations of interest [2019-10-07 00:40:35,290 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:40:35,290 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:40:35,290 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:40:35,291 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:40:35,351 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 30 for LOIs [2019-10-07 00:40:35,543 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:40:35,549 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:40:35,649 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:40:35,727 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 35 for LOIs [2019-10-07 00:40:35,738 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:40:35,745 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:40:35,745 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:40:35,745 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 104#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (exists ((v_main_~a~0.base_BEFORE_CALL_2 Int) (v_main_~a~0.offset_BEFORE_CALL_2 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_2) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_2) v_main_~a~0.offset_BEFORE_CALL_2) 0) (<= v_main_~a~0.offset_BEFORE_CALL_2 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_2) v_main_~a~0.offset_BEFORE_CALL_2) 0)) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_2) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_2 0) (<= 100000 ~MAX~0)))) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:40:35,746 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 113#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:40:35,746 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 89#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (= main_~i~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:35,746 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 109#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (exists ((v_main_~a~0.base_BEFORE_CALL_2 Int) (v_main_~a~0.offset_BEFORE_CALL_2 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_2) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_2) v_main_~a~0.offset_BEFORE_CALL_2) 0) (<= v_main_~a~0.offset_BEFORE_CALL_2 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_2) v_main_~a~0.offset_BEFORE_CALL_2) 0)) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_2) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_2 0) (<= 100000 ~MAX~0)))) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:40:35,747 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:40:35,747 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 99#(and (exists ((v_main_~a~0.base_BEFORE_CALL_2 Int) (v_main_~a~0.offset_BEFORE_CALL_2 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_2) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_2) v_main_~a~0.offset_BEFORE_CALL_2) 0) (<= v_main_~a~0.offset_BEFORE_CALL_2 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_2) v_main_~a~0.offset_BEFORE_CALL_2) 0)) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_2) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_2 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:40:35,747 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 79#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= 0 (+ ~SIZE~0 2147483648)) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:35,747 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:35,748 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:35,748 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 118#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:35,748 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:40:35,749 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 84#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (= main_~i~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:35,749 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 94#(exists ((v_main_~a~0.base_BEFORE_CALL_2 Int) (v_main_~a~0.offset_BEFORE_CALL_2 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_2) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_2) v_main_~a~0.offset_BEFORE_CALL_2) 0) (<= v_main_~a~0.offset_BEFORE_CALL_2 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_2) v_main_~a~0.offset_BEFORE_CALL_2) 0)) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_2) (< 0 ~SIZE~0) (= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_2 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:40:36,631 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:40:36,631 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9, 9, 11] total 29 [2019-10-07 00:40:36,632 INFO L442 AbstractCegarLoop]: Interpolant automaton has 29 states [2019-10-07 00:40:36,633 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 29 interpolants. [2019-10-07 00:40:36,634 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=105, Invalid=707, Unknown=0, NotChecked=0, Total=812 [2019-10-07 00:40:36,634 INFO L87 Difference]: Start difference. First operand 18 states and 19 transitions. Second operand 29 states. [2019-10-07 00:40:37,735 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:40:37,735 INFO L93 Difference]: Finished difference Result 30 states and 32 transitions. [2019-10-07 00:40:37,735 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 17 states. [2019-10-07 00:40:37,736 INFO L78 Accepts]: Start accepts. Automaton has 29 states. Word has length 14 [2019-10-07 00:40:37,736 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:40:37,738 INFO L225 Difference]: With dead ends: 30 [2019-10-07 00:40:37,739 INFO L226 Difference]: Without dead ends: 28 [2019-10-07 00:40:37,740 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 60 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 37 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 327 ImplicationChecksByTransitivity, 1.7s TimeCoverageRelationStatistics Valid=207, Invalid=1275, Unknown=0, NotChecked=0, Total=1482 [2019-10-07 00:40:37,740 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 28 states. [2019-10-07 00:40:37,751 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 28 to 27. [2019-10-07 00:40:37,752 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 27 states. [2019-10-07 00:40:37,753 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 27 states to 27 states and 29 transitions. [2019-10-07 00:40:37,753 INFO L78 Accepts]: Start accepts. Automaton has 27 states and 29 transitions. Word has length 14 [2019-10-07 00:40:37,753 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:40:37,753 INFO L462 AbstractCegarLoop]: Abstraction has 27 states and 29 transitions. [2019-10-07 00:40:37,753 INFO L463 AbstractCegarLoop]: Interpolant automaton has 29 states. [2019-10-07 00:40:37,754 INFO L276 IsEmpty]: Start isEmpty. Operand 27 states and 29 transitions. [2019-10-07 00:40:37,755 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2019-10-07 00:40:37,755 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:40:37,756 INFO L385 BasicCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:40:37,959 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:40:37,965 INFO L410 AbstractCegarLoop]: === Iteration 4 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:40:37,965 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:40:37,965 INFO L82 PathProgramCache]: Analyzing trace with hash -1737888264, now seen corresponding path program 1 times [2019-10-07 00:40:37,965 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:40:37,965 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:37,965 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:37,966 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:37,966 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:40:37,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:40:38,069 INFO L134 CoverageAnalysis]: Checked inductivity of 18 backedges. 7 proven. 7 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2019-10-07 00:40:38,070 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:38,070 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:40:38,070 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:40:38,130 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:40:38,131 INFO L256 TraceCheckSpWp]: Trace formula consists of 113 conjuncts, 8 conjunts are in the unsatisfiable core [2019-10-07 00:40:38,133 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:40:38,191 INFO L134 CoverageAnalysis]: Checked inductivity of 18 backedges. 11 proven. 3 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2019-10-07 00:40:38,192 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:40:38,226 INFO L134 CoverageAnalysis]: Checked inductivity of 18 backedges. 11 proven. 3 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2019-10-07 00:40:38,226 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:40:38,228 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:40:38,228 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:40:38,228 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:40:38,229 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:40:38,229 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:40:38,271 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 30 for LOIs [2019-10-07 00:40:38,446 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:40:38,830 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:40:38,846 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:40:38,854 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:40:38,854 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:40:38,854 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 191#(and (exists ((v_main_~a~0.offset_BEFORE_CALL_9 Int) (v_main_~a~0.base_BEFORE_CALL_9 Int) (v_main_~i~0_BEFORE_CALL_13 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13)))) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:40:38,855 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 167#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:40:38,855 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 200#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:40:38,855 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 154#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:38,855 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 186#(and (exists ((v_main_~a~0.offset_BEFORE_CALL_9 Int) (v_main_~a~0.base_BEFORE_CALL_9 Int) (v_main_~i~0_BEFORE_CALL_13 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13)))) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:40:38,856 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 181#(and (exists ((v_main_~a~0.offset_BEFORE_CALL_9 Int) (v_main_~a~0.base_BEFORE_CALL_9 Int) (v_main_~i~0_BEFORE_CALL_13 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13)))) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:40:38,856 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 196#(and (exists ((v_main_~a~0.offset_BEFORE_CALL_9 Int) (v_main_~a~0.base_BEFORE_CALL_9 Int) (v_main_~i~0_BEFORE_CALL_13 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13)))) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:40:38,856 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:40:38,856 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 176#(and (exists ((v_main_~a~0.offset_BEFORE_CALL_9 Int) (v_main_~a~0.base_BEFORE_CALL_9 Int) (v_main_~i~0_BEFORE_CALL_13 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13)))) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:40:38,857 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 77#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (<= 0 |#NULL.offset|) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:38,857 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:38,857 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:38,857 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 205#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:38,858 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:40:38,867 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 149#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:38,867 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 171#(exists ((v_main_~a~0.offset_BEFORE_CALL_9 Int) (v_main_~a~0.base_BEFORE_CALL_9 Int) (v_main_~i~0_BEFORE_CALL_13 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13)))) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_9 0) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (< v_main_~i~0_BEFORE_CALL_13 ~SIZE~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_13) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_9) (+ v_main_~a~0.offset_BEFORE_CALL_9 (* 4 v_main_~i~0_BEFORE_CALL_13))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_9) (<= 100000 ~MAX~0)))) [2019-10-07 00:40:39,799 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:40:39,800 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 9, 8, 12] total 26 [2019-10-07 00:40:39,801 INFO L442 AbstractCegarLoop]: Interpolant automaton has 26 states [2019-10-07 00:40:39,801 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 26 interpolants. [2019-10-07 00:40:39,802 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=92, Invalid=558, Unknown=0, NotChecked=0, Total=650 [2019-10-07 00:40:39,802 INFO L87 Difference]: Start difference. First operand 27 states and 29 transitions. Second operand 26 states. [2019-10-07 00:40:41,652 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:40:41,652 INFO L93 Difference]: Finished difference Result 52 states and 57 transitions. [2019-10-07 00:40:41,653 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 33 states. [2019-10-07 00:40:41,653 INFO L78 Accepts]: Start accepts. Automaton has 26 states. Word has length 28 [2019-10-07 00:40:41,653 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:40:41,654 INFO L225 Difference]: With dead ends: 52 [2019-10-07 00:40:41,654 INFO L226 Difference]: Without dead ends: 32 [2019-10-07 00:40:41,656 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 115 GetRequests, 60 SyntacticMatches, 7 SemanticMatches, 48 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 765 ImplicationChecksByTransitivity, 2.4s TimeCoverageRelationStatistics Valid=354, Invalid=2096, Unknown=0, NotChecked=0, Total=2450 [2019-10-07 00:40:41,657 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 32 states. [2019-10-07 00:40:41,664 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 32 to 28. [2019-10-07 00:40:41,664 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 28 states. [2019-10-07 00:40:41,665 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 28 states to 28 states and 30 transitions. [2019-10-07 00:40:41,665 INFO L78 Accepts]: Start accepts. Automaton has 28 states and 30 transitions. Word has length 28 [2019-10-07 00:40:41,665 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:40:41,666 INFO L462 AbstractCegarLoop]: Abstraction has 28 states and 30 transitions. [2019-10-07 00:40:41,666 INFO L463 AbstractCegarLoop]: Interpolant automaton has 26 states. [2019-10-07 00:40:41,666 INFO L276 IsEmpty]: Start isEmpty. Operand 28 states and 30 transitions. [2019-10-07 00:40:41,667 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2019-10-07 00:40:41,667 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:40:41,667 INFO L385 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:40:41,870 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:40:41,871 INFO L410 AbstractCegarLoop]: === Iteration 5 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:40:41,871 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:40:41,872 INFO L82 PathProgramCache]: Analyzing trace with hash -922544695, now seen corresponding path program 2 times [2019-10-07 00:40:41,872 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:40:41,872 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:41,873 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:41,873 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:41,873 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:40:41,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:40:42,087 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 4 proven. 13 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2019-10-07 00:40:42,087 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:42,088 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:40:42,088 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:40:42,150 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 3 check-sat command(s) [2019-10-07 00:40:42,150 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:40:42,151 INFO L256 TraceCheckSpWp]: Trace formula consists of 117 conjuncts, 26 conjunts are in the unsatisfiable core [2019-10-07 00:40:42,153 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:40:42,231 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:40:42,763 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 8 proven. 12 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2019-10-07 00:40:42,764 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:40:43,269 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 7 proven. 10 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2019-10-07 00:40:43,269 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:40:43,271 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:40:43,271 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:40:43,272 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:40:43,272 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:40:43,272 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:40:43,322 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 32 for LOIs [2019-10-07 00:40:43,452 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:40:43,718 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:40:43,728 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:40:43,741 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:40:43,741 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:40:43,741 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 191#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.base_BEFORE_CALL_22 Int) (v_main_~a~0.offset_BEFORE_CALL_22 Int) (v_main_~i~0_BEFORE_CALL_26 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26))))) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:40:43,742 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 167#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:40:43,742 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 200#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:40:43,742 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 154#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:43,743 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 186#(and (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.base_BEFORE_CALL_22 Int) (v_main_~a~0.offset_BEFORE_CALL_22 Int) (v_main_~i~0_BEFORE_CALL_26 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26))))) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:40:43,743 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 181#(and (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.base_BEFORE_CALL_22 Int) (v_main_~a~0.offset_BEFORE_CALL_22 Int) (v_main_~i~0_BEFORE_CALL_26 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26))))) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:40:43,743 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 196#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.base_BEFORE_CALL_22 Int) (v_main_~a~0.offset_BEFORE_CALL_22 Int) (v_main_~i~0_BEFORE_CALL_26 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26))))) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:40:43,744 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= 0 (select |old(#valid)| 0)) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:40:43,745 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 176#(and (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.base_BEFORE_CALL_22 Int) (v_main_~a~0.offset_BEFORE_CALL_22 Int) (v_main_~i~0_BEFORE_CALL_26 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26))))) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:40:43,745 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 77#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= 0 |#NULL.base|) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:43,745 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:43,746 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= 0 (select |old(#valid)| 0)) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:43,746 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 205#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:43,746 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:40:43,746 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 149#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:43,749 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 171#(exists ((v_main_~a~0.base_BEFORE_CALL_22 Int) (v_main_~a~0.offset_BEFORE_CALL_22 Int) (v_main_~i~0_BEFORE_CALL_26 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26))))) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_26) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_22 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_26 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_22) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_22) (+ v_main_~a~0.offset_BEFORE_CALL_22 (* 4 v_main_~i~0_BEFORE_CALL_26)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:40:45,038 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:40:45,038 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 16, 12, 12] total 44 [2019-10-07 00:40:45,040 INFO L442 AbstractCegarLoop]: Interpolant automaton has 44 states [2019-10-07 00:40:45,040 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 44 interpolants. [2019-10-07 00:40:45,041 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=205, Invalid=1687, Unknown=0, NotChecked=0, Total=1892 [2019-10-07 00:40:45,041 INFO L87 Difference]: Start difference. First operand 28 states and 30 transitions. Second operand 44 states. [2019-10-07 00:40:48,360 WARN L191 SmtUtils]: Spent 449.00 ms on a formula simplification. DAG size of input: 72 DAG size of output: 71 [2019-10-07 00:40:52,988 WARN L191 SmtUtils]: Spent 508.00 ms on a formula simplification. DAG size of input: 53 DAG size of output: 52 [2019-10-07 00:40:54,781 WARN L191 SmtUtils]: Spent 727.00 ms on a formula simplification. DAG size of input: 68 DAG size of output: 68 [2019-10-07 00:40:55,235 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:40:55,235 INFO L93 Difference]: Finished difference Result 70 states and 81 transitions. [2019-10-07 00:40:55,235 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 52 states. [2019-10-07 00:40:55,235 INFO L78 Accepts]: Start accepts. Automaton has 44 states. Word has length 29 [2019-10-07 00:40:55,236 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:40:55,237 INFO L225 Difference]: With dead ends: 70 [2019-10-07 00:40:55,237 INFO L226 Difference]: Without dead ends: 37 [2019-10-07 00:40:55,242 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 147 GetRequests, 53 SyntacticMatches, 6 SemanticMatches, 88 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2030 ImplicationChecksByTransitivity, 8.4s TimeCoverageRelationStatistics Valid=1008, Invalid=7002, Unknown=0, NotChecked=0, Total=8010 [2019-10-07 00:40:55,242 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 37 states. [2019-10-07 00:40:55,252 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 37 to 35. [2019-10-07 00:40:55,252 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 35 states. [2019-10-07 00:40:55,253 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 35 states to 35 states and 38 transitions. [2019-10-07 00:40:55,253 INFO L78 Accepts]: Start accepts. Automaton has 35 states and 38 transitions. Word has length 29 [2019-10-07 00:40:55,254 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:40:55,254 INFO L462 AbstractCegarLoop]: Abstraction has 35 states and 38 transitions. [2019-10-07 00:40:55,254 INFO L463 AbstractCegarLoop]: Interpolant automaton has 44 states. [2019-10-07 00:40:55,254 INFO L276 IsEmpty]: Start isEmpty. Operand 35 states and 38 transitions. [2019-10-07 00:40:55,255 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2019-10-07 00:40:55,255 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:40:55,255 INFO L385 BasicCegarLoop]: trace histogram [5, 4, 4, 4, 3, 3, 3, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:40:55,462 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:40:55,463 INFO L410 AbstractCegarLoop]: === Iteration 6 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:40:55,464 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:40:55,464 INFO L82 PathProgramCache]: Analyzing trace with hash 1289388554, now seen corresponding path program 3 times [2019-10-07 00:40:55,464 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:40:55,465 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:55,465 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:55,465 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:40:55,465 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:40:55,526 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:40:55,782 INFO L134 CoverageAnalysis]: Checked inductivity of 48 backedges. 6 proven. 30 refuted. 0 times theorem prover too weak. 12 trivial. 0 not checked. [2019-10-07 00:40:55,782 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:40:55,782 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:40:55,782 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 6 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:40:55,854 INFO L249 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2019-10-07 00:40:55,854 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:40:55,856 INFO L256 TraceCheckSpWp]: Trace formula consists of 139 conjuncts, 37 conjunts are in the unsatisfiable core [2019-10-07 00:40:55,858 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:40:56,534 INFO L134 CoverageAnalysis]: Checked inductivity of 48 backedges. 0 proven. 42 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2019-10-07 00:40:56,535 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:40:56,849 INFO L134 CoverageAnalysis]: Checked inductivity of 48 backedges. 7 proven. 29 refuted. 0 times theorem prover too weak. 12 trivial. 0 not checked. [2019-10-07 00:40:56,850 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:40:56,851 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:40:56,851 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:40:56,852 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:40:56,852 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:40:56,852 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:40:56,893 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 30 for LOIs [2019-10-07 00:40:56,990 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:40:56,995 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:40:57,041 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:40:57,290 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:40:57,299 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:40:57,303 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:40:57,303 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:40:57,303 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 193#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_37 Int) (v_main_~i~0_BEFORE_CALL_41 Int) (v_main_~a~0.base_BEFORE_CALL_37 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41)))) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:40:57,304 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 169#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:40:57,304 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 202#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:40:57,304 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 156#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:57,304 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 188#(and (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_37 Int) (v_main_~i~0_BEFORE_CALL_41 Int) (v_main_~a~0.base_BEFORE_CALL_37 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41)))) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:40:57,304 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 183#(and (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_37 Int) (v_main_~i~0_BEFORE_CALL_41 Int) (v_main_~a~0.base_BEFORE_CALL_37 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41)))) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:40:57,305 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 198#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_37 Int) (v_main_~i~0_BEFORE_CALL_41 Int) (v_main_~a~0.base_BEFORE_CALL_37 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41)))) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:40:57,305 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:40:57,305 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 178#(and (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_37 Int) (v_main_~i~0_BEFORE_CALL_41 Int) (v_main_~a~0.base_BEFORE_CALL_37 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41)))) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:40:57,306 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 79#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= 0 (+ ~SIZE~0 2147483648)) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:57,306 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:57,306 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:57,306 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 207#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:57,306 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:40:57,307 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 151#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:40:57,307 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 173#(exists ((v_main_~a~0.offset_BEFORE_CALL_37 Int) (v_main_~i~0_BEFORE_CALL_41 Int) (v_main_~a~0.base_BEFORE_CALL_37 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_41) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_37) (+ v_main_~a~0.offset_BEFORE_CALL_37 (* 4 v_main_~i~0_BEFORE_CALL_41)))) (< v_main_~i~0_BEFORE_CALL_41 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_37) (<= v_main_~a~0.offset_BEFORE_CALL_37 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:40:58,764 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:40:58,765 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [16, 18, 15, 12] total 49 [2019-10-07 00:40:58,766 INFO L442 AbstractCegarLoop]: Interpolant automaton has 49 states [2019-10-07 00:40:58,766 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 49 interpolants. [2019-10-07 00:40:58,767 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=192, Invalid=2160, Unknown=0, NotChecked=0, Total=2352 [2019-10-07 00:40:58,767 INFO L87 Difference]: Start difference. First operand 35 states and 38 transitions. Second operand 49 states. [2019-10-07 00:41:06,784 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:41:06,785 INFO L93 Difference]: Finished difference Result 46 states and 51 transitions. [2019-10-07 00:41:06,785 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 33 states. [2019-10-07 00:41:06,786 INFO L78 Accepts]: Start accepts. Automaton has 49 states. Word has length 38 [2019-10-07 00:41:06,786 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:41:06,788 INFO L225 Difference]: With dead ends: 46 [2019-10-07 00:41:06,788 INFO L226 Difference]: Without dead ends: 44 [2019-10-07 00:41:06,790 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 159 GetRequests, 75 SyntacticMatches, 10 SemanticMatches, 74 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1238 ImplicationChecksByTransitivity, 8.1s TimeCoverageRelationStatistics Valid=595, Invalid=5104, Unknown=1, NotChecked=0, Total=5700 [2019-10-07 00:41:06,790 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 44 states. [2019-10-07 00:41:06,801 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 44 to 41. [2019-10-07 00:41:06,802 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 41 states. [2019-10-07 00:41:06,803 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 41 states to 41 states and 46 transitions. [2019-10-07 00:41:06,803 INFO L78 Accepts]: Start accepts. Automaton has 41 states and 46 transitions. Word has length 38 [2019-10-07 00:41:06,804 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:41:06,804 INFO L462 AbstractCegarLoop]: Abstraction has 41 states and 46 transitions. [2019-10-07 00:41:06,804 INFO L463 AbstractCegarLoop]: Interpolant automaton has 49 states. [2019-10-07 00:41:06,804 INFO L276 IsEmpty]: Start isEmpty. Operand 41 states and 46 transitions. [2019-10-07 00:41:06,805 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 53 [2019-10-07 00:41:06,806 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:41:06,806 INFO L385 BasicCegarLoop]: trace histogram [6, 6, 6, 5, 5, 5, 5, 5, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:41:07,010 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:41:07,011 INFO L410 AbstractCegarLoop]: === Iteration 7 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:41:07,011 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:41:07,011 INFO L82 PathProgramCache]: Analyzing trace with hash -402520790, now seen corresponding path program 4 times [2019-10-07 00:41:07,011 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:41:07,011 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:41:07,012 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:41:07,012 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:41:07,012 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:41:07,061 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:41:07,193 INFO L134 CoverageAnalysis]: Checked inductivity of 105 backedges. 37 proven. 28 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2019-10-07 00:41:07,193 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:41:07,193 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:41:07,193 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 7 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:41:07,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:41:07,291 INFO L256 TraceCheckSpWp]: Trace formula consists of 167 conjuncts, 14 conjunts are in the unsatisfiable core [2019-10-07 00:41:07,294 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:41:07,425 INFO L134 CoverageAnalysis]: Checked inductivity of 105 backedges. 50 proven. 15 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2019-10-07 00:41:07,426 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:41:07,515 INFO L134 CoverageAnalysis]: Checked inductivity of 105 backedges. 50 proven. 15 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2019-10-07 00:41:07,515 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:41:07,516 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:41:07,517 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:41:07,517 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:41:07,517 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:41:07,518 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:41:07,546 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 32 for LOIs [2019-10-07 00:41:07,650 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:41:07,874 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:41:07,884 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:41:07,888 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:41:07,888 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:41:07,889 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 191#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (exists ((v_main_~i~0_BEFORE_CALL_60 Int) (v_main_~a~0.offset_BEFORE_CALL_46 Int) (v_main_~a~0.base_BEFORE_CALL_46 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46)))) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:41:07,889 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 167#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:41:07,889 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 200#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:41:07,889 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 154#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:07,889 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 186#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~i~0_BEFORE_CALL_60 Int) (v_main_~a~0.offset_BEFORE_CALL_46 Int) (v_main_~a~0.base_BEFORE_CALL_46 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46)))) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:41:07,890 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 181#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~i~0_BEFORE_CALL_60 Int) (v_main_~a~0.offset_BEFORE_CALL_46 Int) (v_main_~a~0.base_BEFORE_CALL_46 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46)))) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:41:07,890 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 196#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (exists ((v_main_~i~0_BEFORE_CALL_60 Int) (v_main_~a~0.offset_BEFORE_CALL_46 Int) (v_main_~a~0.base_BEFORE_CALL_46 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46)))) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:41:07,890 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:41:07,890 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 176#(and (exists ((v_main_~i~0_BEFORE_CALL_60 Int) (v_main_~a~0.offset_BEFORE_CALL_46 Int) (v_main_~a~0.base_BEFORE_CALL_46 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46)))) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:41:07,891 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 77#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= 0 (+ ~SIZE~0 2147483648)) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:07,891 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:07,891 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:07,891 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 205#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:07,891 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:41:07,892 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 149#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:07,892 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 171#(exists ((v_main_~i~0_BEFORE_CALL_60 Int) (v_main_~a~0.offset_BEFORE_CALL_46 Int) (v_main_~a~0.base_BEFORE_CALL_46 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_46) (+ (* 4 v_main_~i~0_BEFORE_CALL_60) v_main_~a~0.offset_BEFORE_CALL_46)))) (<= v_main_~a~0.offset_BEFORE_CALL_46 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_60) (< v_main_~i~0_BEFORE_CALL_60 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_46) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:41:08,895 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:41:08,896 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [14, 15, 14, 12] total 35 [2019-10-07 00:41:08,897 INFO L442 AbstractCegarLoop]: Interpolant automaton has 35 states [2019-10-07 00:41:08,897 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 35 interpolants. [2019-10-07 00:41:08,898 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=170, Invalid=1020, Unknown=0, NotChecked=0, Total=1190 [2019-10-07 00:41:08,898 INFO L87 Difference]: Start difference. First operand 41 states and 46 transitions. Second operand 35 states. [2019-10-07 00:41:12,139 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:41:12,140 INFO L93 Difference]: Finished difference Result 79 states and 89 transitions. [2019-10-07 00:41:12,140 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 51 states. [2019-10-07 00:41:12,140 INFO L78 Accepts]: Start accepts. Automaton has 35 states. Word has length 52 [2019-10-07 00:41:12,141 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:41:12,142 INFO L225 Difference]: With dead ends: 79 [2019-10-07 00:41:12,142 INFO L226 Difference]: Without dead ends: 46 [2019-10-07 00:41:12,144 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 211 GetRequests, 120 SyntacticMatches, 16 SemanticMatches, 75 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2128 ImplicationChecksByTransitivity, 3.7s TimeCoverageRelationStatistics Valid=861, Invalid=4991, Unknown=0, NotChecked=0, Total=5852 [2019-10-07 00:41:12,144 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 46 states. [2019-10-07 00:41:12,155 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 46 to 42. [2019-10-07 00:41:12,155 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 42 states. [2019-10-07 00:41:12,156 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 42 states to 42 states and 47 transitions. [2019-10-07 00:41:12,156 INFO L78 Accepts]: Start accepts. Automaton has 42 states and 47 transitions. Word has length 52 [2019-10-07 00:41:12,157 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:41:12,157 INFO L462 AbstractCegarLoop]: Abstraction has 42 states and 47 transitions. [2019-10-07 00:41:12,157 INFO L463 AbstractCegarLoop]: Interpolant automaton has 35 states. [2019-10-07 00:41:12,157 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 47 transitions. [2019-10-07 00:41:12,158 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2019-10-07 00:41:12,159 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:41:12,159 INFO L385 BasicCegarLoop]: trace histogram [6, 6, 6, 6, 5, 5, 5, 5, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:41:12,362 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:41:12,363 INFO L410 AbstractCegarLoop]: === Iteration 8 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:41:12,363 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:41:12,364 INFO L82 PathProgramCache]: Analyzing trace with hash 1690634747, now seen corresponding path program 5 times [2019-10-07 00:41:12,364 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:41:12,364 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:41:12,365 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:41:12,365 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:41:12,365 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:41:12,392 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:41:12,636 INFO L134 CoverageAnalysis]: Checked inductivity of 111 backedges. 10 proven. 61 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2019-10-07 00:41:12,636 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:41:12,636 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:41:12,637 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 8 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 8 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:41:12,769 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 6 check-sat command(s) [2019-10-07 00:41:12,770 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:41:12,772 INFO L256 TraceCheckSpWp]: Trace formula consists of 171 conjuncts, 27 conjunts are in the unsatisfiable core [2019-10-07 00:41:12,775 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:41:12,924 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:41:14,696 INFO L134 CoverageAnalysis]: Checked inductivity of 111 backedges. 35 proven. 36 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2019-10-07 00:41:14,697 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:41:15,943 INFO L134 CoverageAnalysis]: Checked inductivity of 111 backedges. 40 proven. 31 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2019-10-07 00:41:15,943 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:41:15,947 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:41:15,947 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:41:15,947 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:41:15,948 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:41:15,948 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:41:15,975 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 32 for LOIs [2019-10-07 00:41:16,057 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:41:16,320 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:41:16,333 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:41:16,339 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:41:16,339 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:41:16,340 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 178#(and (exists ((v_main_~a~0.base_BEFORE_CALL_65 Int) (v_main_~a~0.offset_BEFORE_CALL_65 Int) (v_main_~i~0_BEFORE_CALL_79 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0)) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:41:16,340 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 154#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:41:16,341 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 187#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:41:16,342 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 141#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:16,342 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 173#(and (exists ((v_main_~a~0.base_BEFORE_CALL_65 Int) (v_main_~a~0.offset_BEFORE_CALL_65 Int) (v_main_~i~0_BEFORE_CALL_79 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0)) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:41:16,342 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 168#(and (exists ((v_main_~a~0.base_BEFORE_CALL_65 Int) (v_main_~a~0.offset_BEFORE_CALL_65 Int) (v_main_~i~0_BEFORE_CALL_79 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0)) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:41:16,343 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 183#(and (exists ((v_main_~a~0.base_BEFORE_CALL_65 Int) (v_main_~a~0.offset_BEFORE_CALL_65 Int) (v_main_~i~0_BEFORE_CALL_79 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0)) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:41:16,343 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |old(~SIZE~0)|) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:41:16,343 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 163#(and (exists ((v_main_~a~0.base_BEFORE_CALL_65 Int) (v_main_~a~0.offset_BEFORE_CALL_65 Int) (v_main_~i~0_BEFORE_CALL_79 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0)) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:41:16,344 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 64#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (not (= |main_#t~malloc2.base| 0)) (<= 0 (+ ~SIZE~0 2147483648)) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:16,344 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:16,344 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |old(~SIZE~0)|) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:16,345 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 192#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:16,345 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:41:16,351 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 136#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:41:16,351 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 158#(exists ((v_main_~a~0.base_BEFORE_CALL_65 Int) (v_main_~a~0.offset_BEFORE_CALL_65 Int) (v_main_~i~0_BEFORE_CALL_79 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_79) (<= v_main_~a~0.offset_BEFORE_CALL_65 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_65) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_65) (+ v_main_~a~0.offset_BEFORE_CALL_65 (* 4 v_main_~i~0_BEFORE_CALL_79))) 0)) (< v_main_~i~0_BEFORE_CALL_79 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:41:19,745 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:41:19,745 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [19, 20, 18, 12] total 60 [2019-10-07 00:41:19,746 INFO L442 AbstractCegarLoop]: Interpolant automaton has 60 states [2019-10-07 00:41:19,747 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 60 interpolants. [2019-10-07 00:41:19,748 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=387, Invalid=3153, Unknown=0, NotChecked=0, Total=3540 [2019-10-07 00:41:19,748 INFO L87 Difference]: Start difference. First operand 42 states and 47 transitions. Second operand 60 states. [2019-10-07 00:41:52,221 WARN L191 SmtUtils]: Spent 107.00 ms on a formula simplification. DAG size of input: 62 DAG size of output: 51 [2019-10-07 00:42:08,424 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:42:08,424 INFO L93 Difference]: Finished difference Result 104 states and 124 transitions. [2019-10-07 00:42:08,425 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 82 states. [2019-10-07 00:42:08,425 INFO L78 Accepts]: Start accepts. Automaton has 60 states. Word has length 53 [2019-10-07 00:42:08,426 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:42:08,427 INFO L225 Difference]: With dead ends: 104 [2019-10-07 00:42:08,427 INFO L226 Difference]: Without dead ends: 51 [2019-10-07 00:42:08,434 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 255 GetRequests, 106 SyntacticMatches, 15 SemanticMatches, 134 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4877 ImplicationChecksByTransitivity, 19.2s TimeCoverageRelationStatistics Valid=2077, Invalid=16283, Unknown=0, NotChecked=0, Total=18360 [2019-10-07 00:42:08,434 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 51 states. [2019-10-07 00:42:08,445 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 51 to 47. [2019-10-07 00:42:08,446 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 47 states. [2019-10-07 00:42:08,447 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 47 states to 47 states and 53 transitions. [2019-10-07 00:42:08,447 INFO L78 Accepts]: Start accepts. Automaton has 47 states and 53 transitions. Word has length 53 [2019-10-07 00:42:08,447 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:42:08,447 INFO L462 AbstractCegarLoop]: Abstraction has 47 states and 53 transitions. [2019-10-07 00:42:08,447 INFO L463 AbstractCegarLoop]: Interpolant automaton has 60 states. [2019-10-07 00:42:08,447 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 53 transitions. [2019-10-07 00:42:08,449 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2019-10-07 00:42:08,449 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:42:08,449 INFO L385 BasicCegarLoop]: trace histogram [8, 7, 7, 7, 6, 6, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:42:08,653 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:42:08,653 INFO L410 AbstractCegarLoop]: === Iteration 9 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:42:08,654 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:42:08,654 INFO L82 PathProgramCache]: Analyzing trace with hash -296455784, now seen corresponding path program 6 times [2019-10-07 00:42:08,654 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:42:08,654 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:42:08,654 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:42:08,654 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:42:08,654 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:42:08,700 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:42:09,067 INFO L134 CoverageAnalysis]: Checked inductivity of 165 backedges. 12 proven. 93 refuted. 0 times theorem prover too weak. 60 trivial. 0 not checked. [2019-10-07 00:42:09,067 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:42:09,068 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:42:09,068 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 9 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 9 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:42:09,187 INFO L249 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2019-10-07 00:42:09,188 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:42:09,189 INFO L256 TraceCheckSpWp]: Trace formula consists of 193 conjuncts, 49 conjunts are in the unsatisfiable core [2019-10-07 00:42:09,192 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:42:09,413 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:42:10,726 INFO L134 CoverageAnalysis]: Checked inductivity of 165 backedges. 0 proven. 120 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2019-10-07 00:42:10,727 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:42:11,257 INFO L134 CoverageAnalysis]: Checked inductivity of 165 backedges. 13 proven. 92 refuted. 0 times theorem prover too weak. 60 trivial. 0 not checked. [2019-10-07 00:42:11,258 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:42:11,259 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:42:11,259 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:42:11,260 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:42:11,260 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:42:11,260 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:42:11,305 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 32 for LOIs [2019-10-07 00:42:11,405 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:42:11,620 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:42:11,631 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:42:11,638 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:42:11,638 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:42:11,638 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 191#(and (exists ((v_main_~a~0.base_BEFORE_CALL_86 Int) (v_main_~i~0_BEFORE_CALL_100 Int) (v_main_~a~0.offset_BEFORE_CALL_86 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86)))) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86))) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:11,639 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 167#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:42:11,639 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 200#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:42:11,639 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 154#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:11,639 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 186#(and (exists ((v_main_~a~0.base_BEFORE_CALL_86 Int) (v_main_~i~0_BEFORE_CALL_100 Int) (v_main_~a~0.offset_BEFORE_CALL_86 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86)))) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86))) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:11,639 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 181#(and (exists ((v_main_~a~0.base_BEFORE_CALL_86 Int) (v_main_~i~0_BEFORE_CALL_100 Int) (v_main_~a~0.offset_BEFORE_CALL_86 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86)))) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86))) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:11,640 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 196#(and (exists ((v_main_~a~0.base_BEFORE_CALL_86 Int) (v_main_~i~0_BEFORE_CALL_100 Int) (v_main_~a~0.offset_BEFORE_CALL_86 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86)))) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86))) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:11,640 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:42:11,640 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 176#(and (exists ((v_main_~a~0.base_BEFORE_CALL_86 Int) (v_main_~i~0_BEFORE_CALL_100 Int) (v_main_~a~0.offset_BEFORE_CALL_86 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86)))) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86))) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:11,640 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 77#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= 0 (+ ~SIZE~0 2147483648)) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:11,640 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:11,641 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:11,641 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 205#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:11,641 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:42:11,641 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 149#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:11,641 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 171#(exists ((v_main_~a~0.base_BEFORE_CALL_86 Int) (v_main_~i~0_BEFORE_CALL_100 Int) (v_main_~a~0.offset_BEFORE_CALL_86 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86)))) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_86) (+ (* 4 v_main_~i~0_BEFORE_CALL_100) v_main_~a~0.offset_BEFORE_CALL_86))) (<= 0 v_main_~i~0_BEFORE_CALL_100) (<= 0 v_main_~a~0.offset_BEFORE_CALL_86) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_86 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_100 ~SIZE~0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:42:13,646 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:42:13,646 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [22, 24, 21, 12] total 64 [2019-10-07 00:42:13,647 INFO L442 AbstractCegarLoop]: Interpolant automaton has 64 states [2019-10-07 00:42:13,647 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 64 interpolants. [2019-10-07 00:42:13,649 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=261, Invalid=3771, Unknown=0, NotChecked=0, Total=4032 [2019-10-07 00:42:13,649 INFO L87 Difference]: Start difference. First operand 47 states and 53 transitions. Second operand 64 states. [2019-10-07 00:42:22,747 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:42:22,747 INFO L93 Difference]: Finished difference Result 58 states and 66 transitions. [2019-10-07 00:42:22,748 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 46 states. [2019-10-07 00:42:22,748 INFO L78 Accepts]: Start accepts. Automaton has 64 states. Word has length 62 [2019-10-07 00:42:22,749 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:42:22,750 INFO L225 Difference]: With dead ends: 58 [2019-10-07 00:42:22,750 INFO L226 Difference]: Without dead ends: 56 [2019-10-07 00:42:22,753 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 249 GetRequests, 129 SyntacticMatches, 18 SemanticMatches, 102 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2349 ImplicationChecksByTransitivity, 11.3s TimeCoverageRelationStatistics Valid=826, Invalid=9885, Unknown=1, NotChecked=0, Total=10712 [2019-10-07 00:42:22,753 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 56 states. [2019-10-07 00:42:22,767 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 56 to 53. [2019-10-07 00:42:22,768 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 53 states. [2019-10-07 00:42:22,769 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 53 states to 53 states and 61 transitions. [2019-10-07 00:42:22,769 INFO L78 Accepts]: Start accepts. Automaton has 53 states and 61 transitions. Word has length 62 [2019-10-07 00:42:22,769 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:42:22,769 INFO L462 AbstractCegarLoop]: Abstraction has 53 states and 61 transitions. [2019-10-07 00:42:22,770 INFO L463 AbstractCegarLoop]: Interpolant automaton has 64 states. [2019-10-07 00:42:22,770 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 61 transitions. [2019-10-07 00:42:22,771 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 77 [2019-10-07 00:42:22,771 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:42:22,771 INFO L385 BasicCegarLoop]: trace histogram [9, 9, 9, 8, 8, 8, 8, 8, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:42:22,975 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:42:22,975 INFO L410 AbstractCegarLoop]: === Iteration 10 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:42:22,975 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:42:22,976 INFO L82 PathProgramCache]: Analyzing trace with hash -1314741192, now seen corresponding path program 7 times [2019-10-07 00:42:22,976 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:42:22,976 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:42:22,976 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:42:22,976 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:42:22,976 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:42:23,002 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:42:23,217 INFO L134 CoverageAnalysis]: Checked inductivity of 264 backedges. 94 proven. 58 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2019-10-07 00:42:23,218 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:42:23,218 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:42:23,218 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 10 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 10 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:42:23,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:42:23,357 INFO L256 TraceCheckSpWp]: Trace formula consists of 221 conjuncts, 20 conjunts are in the unsatisfiable core [2019-10-07 00:42:23,360 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:42:23,578 INFO L134 CoverageAnalysis]: Checked inductivity of 264 backedges. 116 proven. 36 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2019-10-07 00:42:23,579 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:42:23,739 INFO L134 CoverageAnalysis]: Checked inductivity of 264 backedges. 116 proven. 36 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2019-10-07 00:42:23,740 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:42:23,741 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:42:23,741 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:42:23,742 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:42:23,742 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:42:23,742 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:42:23,764 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 32 for LOIs [2019-10-07 00:42:23,831 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:42:24,026 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:42:24,041 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:42:24,045 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:42:24,045 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:42:24,045 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 178#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_95 Int) (v_main_~i~0_BEFORE_CALL_125 Int) (v_main_~a~0.base_BEFORE_CALL_95 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0)) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:24,045 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 154#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:42:24,046 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 187#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:42:24,046 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 141#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:24,046 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 173#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~a~0.offset_BEFORE_CALL_95 Int) (v_main_~i~0_BEFORE_CALL_125 Int) (v_main_~a~0.base_BEFORE_CALL_95 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0)) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:24,046 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 168#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~a~0.offset_BEFORE_CALL_95 Int) (v_main_~i~0_BEFORE_CALL_125 Int) (v_main_~a~0.base_BEFORE_CALL_95 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0)) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:24,047 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 183#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_95 Int) (v_main_~i~0_BEFORE_CALL_125 Int) (v_main_~a~0.base_BEFORE_CALL_95 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0)) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:24,047 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:42:24,047 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 163#(and (exists ((v_main_~a~0.offset_BEFORE_CALL_95 Int) (v_main_~i~0_BEFORE_CALL_125 Int) (v_main_~a~0.base_BEFORE_CALL_95 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0)) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:24,047 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 64#(and (or (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (<= 0 |#NULL.offset|) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0)) (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0))) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:24,047 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:24,048 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:24,048 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 192#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:24,048 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:42:24,048 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 136#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:24,048 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 158#(exists ((v_main_~a~0.offset_BEFORE_CALL_95 Int) (v_main_~i~0_BEFORE_CALL_125 Int) (v_main_~a~0.base_BEFORE_CALL_95 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0)) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_95 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_95) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_95) (+ v_main_~a~0.offset_BEFORE_CALL_95 (* 4 v_main_~i~0_BEFORE_CALL_125))) 0) (< v_main_~i~0_BEFORE_CALL_125 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_125) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:42:25,333 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:42:25,334 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [20, 21, 20, 12] total 44 [2019-10-07 00:42:25,335 INFO L442 AbstractCegarLoop]: Interpolant automaton has 44 states [2019-10-07 00:42:25,335 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 44 interpolants. [2019-10-07 00:42:25,335 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=284, Invalid=1608, Unknown=0, NotChecked=0, Total=1892 [2019-10-07 00:42:25,336 INFO L87 Difference]: Start difference. First operand 53 states and 61 transitions. Second operand 44 states. [2019-10-07 00:42:30,118 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:42:30,118 INFO L93 Difference]: Finished difference Result 100 states and 116 transitions. [2019-10-07 00:42:30,119 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 69 states. [2019-10-07 00:42:30,119 INFO L78 Accepts]: Start accepts. Automaton has 44 states. Word has length 76 [2019-10-07 00:42:30,119 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:42:30,120 INFO L225 Difference]: With dead ends: 100 [2019-10-07 00:42:30,121 INFO L226 Difference]: Without dead ends: 58 [2019-10-07 00:42:30,122 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 307 GetRequests, 180 SyntacticMatches, 25 SemanticMatches, 102 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4138 ImplicationChecksByTransitivity, 5.5s TimeCoverageRelationStatistics Valid=1620, Invalid=9092, Unknown=0, NotChecked=0, Total=10712 [2019-10-07 00:42:30,123 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 58 states. [2019-10-07 00:42:30,136 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 58 to 54. [2019-10-07 00:42:30,136 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 54 states. [2019-10-07 00:42:30,137 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 54 states to 54 states and 62 transitions. [2019-10-07 00:42:30,137 INFO L78 Accepts]: Start accepts. Automaton has 54 states and 62 transitions. Word has length 76 [2019-10-07 00:42:30,137 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:42:30,138 INFO L462 AbstractCegarLoop]: Abstraction has 54 states and 62 transitions. [2019-10-07 00:42:30,138 INFO L463 AbstractCegarLoop]: Interpolant automaton has 44 states. [2019-10-07 00:42:30,138 INFO L276 IsEmpty]: Start isEmpty. Operand 54 states and 62 transitions. [2019-10-07 00:42:30,139 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 78 [2019-10-07 00:42:30,139 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:42:30,139 INFO L385 BasicCegarLoop]: trace histogram [9, 9, 9, 9, 8, 8, 8, 8, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:42:30,343 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 10 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:42:30,344 INFO L410 AbstractCegarLoop]: === Iteration 11 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:42:30,344 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:42:30,344 INFO L82 PathProgramCache]: Analyzing trace with hash -2113370615, now seen corresponding path program 8 times [2019-10-07 00:42:30,345 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:42:30,345 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:42:30,345 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:42:30,345 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:42:30,346 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:42:30,417 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:42:30,791 INFO L134 CoverageAnalysis]: Checked inductivity of 273 backedges. 16 proven. 145 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2019-10-07 00:42:30,791 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:42:30,791 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:42:30,791 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 11 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 11 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:42:31,102 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 9 check-sat command(s) [2019-10-07 00:42:31,102 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:42:31,104 INFO L256 TraceCheckSpWp]: Trace formula consists of 225 conjuncts, 33 conjunts are in the unsatisfiable core [2019-10-07 00:42:31,108 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:42:31,400 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:42:34,073 INFO L134 CoverageAnalysis]: Checked inductivity of 273 backedges. 92 proven. 69 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2019-10-07 00:42:34,074 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:42:35,353 INFO L134 CoverageAnalysis]: Checked inductivity of 273 backedges. 100 proven. 61 refuted. 0 times theorem prover too weak. 112 trivial. 0 not checked. [2019-10-07 00:42:35,353 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:42:35,355 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:42:35,355 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:42:35,355 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:42:35,355 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:42:35,356 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:42:35,377 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 30 for LOIs [2019-10-07 00:42:35,480 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:42:35,679 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:42:35,688 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:42:35,696 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:42:35,696 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:42:35,696 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 191#(and (exists ((v_main_~i~0_BEFORE_CALL_150 Int) (v_main_~a~0.base_BEFORE_CALL_120 Int) (v_main_~a~0.offset_BEFORE_CALL_120 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0)) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:35,696 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 167#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:42:35,697 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 200#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:42:35,697 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 154#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:35,697 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 186#(and (exists ((v_main_~i~0_BEFORE_CALL_150 Int) (v_main_~a~0.base_BEFORE_CALL_120 Int) (v_main_~a~0.offset_BEFORE_CALL_120 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0)) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:35,697 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 181#(and (exists ((v_main_~i~0_BEFORE_CALL_150 Int) (v_main_~a~0.base_BEFORE_CALL_120 Int) (v_main_~a~0.offset_BEFORE_CALL_120 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0)) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:35,697 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 196#(and (exists ((v_main_~i~0_BEFORE_CALL_150 Int) (v_main_~a~0.base_BEFORE_CALL_120 Int) (v_main_~a~0.offset_BEFORE_CALL_120 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0)) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:35,698 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= 0 (+ ~SIZE~0 2147483648)) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:42:35,698 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 176#(and (exists ((v_main_~i~0_BEFORE_CALL_150 Int) (v_main_~a~0.base_BEFORE_CALL_120 Int) (v_main_~a~0.offset_BEFORE_CALL_120 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0)) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:42:35,698 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 77#(and (or (and (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (not (= |main_#t~malloc2.base| 0)) (<= 0 (+ ~SIZE~0 2147483648)) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0)) (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= |#NULL.offset| 0))) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:35,698 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:35,698 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:35,698 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 205#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:35,699 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:42:35,699 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 149#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:42:35,699 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 171#(exists ((v_main_~i~0_BEFORE_CALL_150 Int) (v_main_~a~0.base_BEFORE_CALL_120 Int) (v_main_~a~0.offset_BEFORE_CALL_120 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_120) (+ (* 4 v_main_~i~0_BEFORE_CALL_150) v_main_~a~0.offset_BEFORE_CALL_120)) 0)) (<= v_main_~a~0.offset_BEFORE_CALL_120 0) (<= 0 |#NULL.base|) (<= 0 v_main_~a~0.offset_BEFORE_CALL_120) (= ~MAX~0 100000) (<= 0 v_main_~i~0_BEFORE_CALL_150) (< v_main_~i~0_BEFORE_CALL_150 ~SIZE~0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:42:38,128 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:42:38,128 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [25, 26, 24, 12] total 78 [2019-10-07 00:42:38,129 INFO L442 AbstractCegarLoop]: Interpolant automaton has 78 states [2019-10-07 00:42:38,129 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 78 interpolants. [2019-10-07 00:42:38,130 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=672, Invalid=5334, Unknown=0, NotChecked=0, Total=6006 [2019-10-07 00:42:38,130 INFO L87 Difference]: Start difference. First operand 54 states and 62 transitions. Second operand 78 states. [2019-10-07 00:43:40,798 WARN L191 SmtUtils]: Spent 100.00 ms on a formula simplification. DAG size of input: 53 DAG size of output: 52 [2019-10-07 00:43:45,181 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:43:45,181 INFO L93 Difference]: Finished difference Result 134 states and 163 transitions. [2019-10-07 00:43:45,182 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 112 states. [2019-10-07 00:43:45,182 INFO L78 Accepts]: Start accepts. Automaton has 78 states. Word has length 77 [2019-10-07 00:43:45,183 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:43:45,184 INFO L225 Difference]: With dead ends: 134 [2019-10-07 00:43:45,184 INFO L226 Difference]: Without dead ends: 63 [2019-10-07 00:43:45,188 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 363 GetRequests, 157 SyntacticMatches, 24 SemanticMatches, 182 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9238 ImplicationChecksByTransitivity, 22.5s TimeCoverageRelationStatistics Valid=3487, Invalid=30183, Unknown=2, NotChecked=0, Total=33672 [2019-10-07 00:43:45,188 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 63 states. [2019-10-07 00:43:45,205 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 63 to 59. [2019-10-07 00:43:45,206 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 59 states. [2019-10-07 00:43:45,207 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 59 states to 59 states and 68 transitions. [2019-10-07 00:43:45,207 INFO L78 Accepts]: Start accepts. Automaton has 59 states and 68 transitions. Word has length 77 [2019-10-07 00:43:45,207 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:43:45,208 INFO L462 AbstractCegarLoop]: Abstraction has 59 states and 68 transitions. [2019-10-07 00:43:45,208 INFO L463 AbstractCegarLoop]: Interpolant automaton has 78 states. [2019-10-07 00:43:45,208 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 68 transitions. [2019-10-07 00:43:45,209 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 87 [2019-10-07 00:43:45,209 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:43:45,210 INFO L385 BasicCegarLoop]: trace histogram [11, 10, 10, 10, 9, 9, 9, 9, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:43:45,415 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 11 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:43:45,416 INFO L410 AbstractCegarLoop]: === Iteration 12 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:43:45,416 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:43:45,416 INFO L82 PathProgramCache]: Analyzing trace with hash 1585023434, now seen corresponding path program 9 times [2019-10-07 00:43:45,417 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:43:45,417 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:43:45,417 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:43:45,417 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:43:45,418 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:43:45,453 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:43:45,999 INFO L134 CoverageAnalysis]: Checked inductivity of 354 backedges. 18 proven. 192 refuted. 0 times theorem prover too weak. 144 trivial. 0 not checked. [2019-10-07 00:43:45,999 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:43:45,999 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:43:46,000 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 12 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 12 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:43:46,192 INFO L249 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2019-10-07 00:43:46,192 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:43:46,194 INFO L256 TraceCheckSpWp]: Trace formula consists of 247 conjuncts, 61 conjunts are in the unsatisfiable core [2019-10-07 00:43:46,197 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:43:48,434 INFO L134 CoverageAnalysis]: Checked inductivity of 354 backedges. 0 proven. 234 refuted. 0 times theorem prover too weak. 120 trivial. 0 not checked. [2019-10-07 00:43:48,434 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:43:49,189 INFO L134 CoverageAnalysis]: Checked inductivity of 354 backedges. 19 proven. 191 refuted. 0 times theorem prover too weak. 144 trivial. 0 not checked. [2019-10-07 00:43:49,189 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:43:49,190 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:43:49,190 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:43:49,191 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:43:49,191 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:43:49,191 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:43:49,212 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 30 for LOIs [2019-10-07 00:43:49,262 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:43:49,432 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:43:49,440 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:43:49,443 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:43:49,444 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:43:49,444 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 178#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_147 Int) (v_main_~a~0.base_BEFORE_CALL_147 Int) (v_main_~i~0_BEFORE_CALL_177 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177))))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:43:49,444 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 154#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:43:49,444 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 187#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:43:49,445 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 141#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:43:49,445 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 173#(and (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_147 Int) (v_main_~a~0.base_BEFORE_CALL_147 Int) (v_main_~i~0_BEFORE_CALL_177 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177))))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:43:49,445 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 168#(and (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_147 Int) (v_main_~a~0.base_BEFORE_CALL_147 Int) (v_main_~i~0_BEFORE_CALL_177 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177))))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:43:49,445 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 183#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_147 Int) (v_main_~a~0.base_BEFORE_CALL_147 Int) (v_main_~i~0_BEFORE_CALL_177 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177))))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:43:49,445 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:43:49,446 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 163#(and (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_147 Int) (v_main_~a~0.base_BEFORE_CALL_147 Int) (v_main_~i~0_BEFORE_CALL_177 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177))))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0))))) [2019-10-07 00:43:49,446 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 64#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (<= 0 |#NULL.offset|) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:43:49,446 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:43:49,446 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:43:49,446 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 192#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:43:49,447 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:43:49,447 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 136#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:43:49,447 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 158#(exists ((v_main_~a~0.offset_BEFORE_CALL_147 Int) (v_main_~a~0.base_BEFORE_CALL_147 Int) (v_main_~i~0_BEFORE_CALL_177 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177))))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_147) (<= 0 v_main_~i~0_BEFORE_CALL_177) (< v_main_~i~0_BEFORE_CALL_177 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_147 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_147) (+ v_main_~a~0.offset_BEFORE_CALL_147 (* 4 v_main_~i~0_BEFORE_CALL_177)))) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:43:52,053 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:43:52,053 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [28, 30, 27, 12] total 79 [2019-10-07 00:43:52,054 INFO L442 AbstractCegarLoop]: Interpolant automaton has 79 states [2019-10-07 00:43:52,054 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 79 interpolants. [2019-10-07 00:43:52,055 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=330, Invalid=5832, Unknown=0, NotChecked=0, Total=6162 [2019-10-07 00:43:52,055 INFO L87 Difference]: Start difference. First operand 59 states and 68 transitions. Second operand 79 states. [2019-10-07 00:44:01,150 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:44:01,151 INFO L93 Difference]: Finished difference Result 70 states and 81 transitions. [2019-10-07 00:44:01,151 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 58 states. [2019-10-07 00:44:01,151 INFO L78 Accepts]: Start accepts. Automaton has 79 states. Word has length 86 [2019-10-07 00:44:01,152 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:44:01,153 INFO L225 Difference]: With dead ends: 70 [2019-10-07 00:44:01,153 INFO L226 Difference]: Without dead ends: 68 [2019-10-07 00:44:01,155 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 339 GetRequests, 183 SyntacticMatches, 27 SemanticMatches, 129 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3731 ImplicationChecksByTransitivity, 11.9s TimeCoverageRelationStatistics Valid=1088, Invalid=15942, Unknown=0, NotChecked=0, Total=17030 [2019-10-07 00:44:01,155 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 68 states. [2019-10-07 00:44:01,171 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 68 to 65. [2019-10-07 00:44:01,171 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 65 states. [2019-10-07 00:44:01,172 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 65 states to 65 states and 76 transitions. [2019-10-07 00:44:01,172 INFO L78 Accepts]: Start accepts. Automaton has 65 states and 76 transitions. Word has length 86 [2019-10-07 00:44:01,172 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:44:01,172 INFO L462 AbstractCegarLoop]: Abstraction has 65 states and 76 transitions. [2019-10-07 00:44:01,173 INFO L463 AbstractCegarLoop]: Interpolant automaton has 79 states. [2019-10-07 00:44:01,173 INFO L276 IsEmpty]: Start isEmpty. Operand 65 states and 76 transitions. [2019-10-07 00:44:01,174 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 101 [2019-10-07 00:44:01,174 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:44:01,174 INFO L385 BasicCegarLoop]: trace histogram [12, 12, 12, 11, 11, 11, 11, 11, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:44:01,379 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 12 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:44:01,379 INFO L410 AbstractCegarLoop]: === Iteration 13 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:44:01,379 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:44:01,380 INFO L82 PathProgramCache]: Analyzing trace with hash -1680311062, now seen corresponding path program 10 times [2019-10-07 00:44:01,380 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:44:01,380 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:44:01,380 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:44:01,380 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:44:01,381 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:44:01,403 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:44:01,746 INFO L134 CoverageAnalysis]: Checked inductivity of 495 backedges. 178 proven. 97 refuted. 0 times theorem prover too weak. 220 trivial. 0 not checked. [2019-10-07 00:44:01,747 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:44:01,747 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:44:01,747 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 13 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 13 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:44:01,996 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:44:01,999 INFO L256 TraceCheckSpWp]: Trace formula consists of 275 conjuncts, 26 conjunts are in the unsatisfiable core [2019-10-07 00:44:02,006 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:44:02,367 INFO L134 CoverageAnalysis]: Checked inductivity of 495 backedges. 209 proven. 66 refuted. 0 times theorem prover too weak. 220 trivial. 0 not checked. [2019-10-07 00:44:02,367 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:44:02,584 INFO L134 CoverageAnalysis]: Checked inductivity of 495 backedges. 209 proven. 66 refuted. 0 times theorem prover too weak. 220 trivial. 0 not checked. [2019-10-07 00:44:02,584 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:44:02,585 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:44:02,585 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:44:02,585 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:44:02,586 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:44:02,586 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:44:02,609 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 30 for LOIs [2019-10-07 00:44:02,678 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:44:02,683 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:44:02,760 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:44:02,919 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:44:02,927 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:44:02,931 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:44:02,931 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:44:02,932 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 193#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_156 Int) (v_main_~i~0_BEFORE_CALL_208 Int) (v_main_~a~0.base_BEFORE_CALL_156 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:44:02,932 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 169#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:44:02,932 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 202#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:44:02,932 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 156#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:02,933 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 188#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~a~0.offset_BEFORE_CALL_156 Int) (v_main_~i~0_BEFORE_CALL_208 Int) (v_main_~a~0.base_BEFORE_CALL_156 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:44:02,933 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 183#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~a~0.offset_BEFORE_CALL_156 Int) (v_main_~i~0_BEFORE_CALL_208 Int) (v_main_~a~0.base_BEFORE_CALL_156 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:44:02,933 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 198#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (exists ((v_main_~a~0.offset_BEFORE_CALL_156 Int) (v_main_~i~0_BEFORE_CALL_208 Int) (v_main_~a~0.base_BEFORE_CALL_156 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:44:02,933 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= ~SIZE~0 2147483647) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:44:02,933 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 178#(and (exists ((v_main_~a~0.offset_BEFORE_CALL_156 Int) (v_main_~i~0_BEFORE_CALL_208 Int) (v_main_~a~0.base_BEFORE_CALL_156 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:44:02,934 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 79#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= 0 (+ ~SIZE~0 2147483648)) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:02,934 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:02,934 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:02,934 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 207#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:02,935 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:44:02,935 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 151#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:02,935 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 173#(exists ((v_main_~a~0.offset_BEFORE_CALL_156 Int) (v_main_~i~0_BEFORE_CALL_208 Int) (v_main_~a~0.base_BEFORE_CALL_156 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~a~0.offset_BEFORE_CALL_156) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= v_main_~a~0.offset_BEFORE_CALL_156 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_208 ~SIZE~0) (<= 0 v_main_~i~0_BEFORE_CALL_208) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_156) (+ v_main_~a~0.offset_BEFORE_CALL_156 (* 4 v_main_~i~0_BEFORE_CALL_208))) 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:44:04,448 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:44:04,449 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [26, 27, 26, 12] total 53 [2019-10-07 00:44:04,450 INFO L442 AbstractCegarLoop]: Interpolant automaton has 53 states [2019-10-07 00:44:04,450 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 53 interpolants. [2019-10-07 00:44:04,450 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=434, Invalid=2322, Unknown=0, NotChecked=0, Total=2756 [2019-10-07 00:44:04,451 INFO L87 Difference]: Start difference. First operand 65 states and 76 transitions. Second operand 53 states. [2019-10-07 00:44:10,620 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:44:10,620 INFO L93 Difference]: Finished difference Result 121 states and 143 transitions. [2019-10-07 00:44:10,621 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 87 states. [2019-10-07 00:44:10,621 INFO L78 Accepts]: Start accepts. Automaton has 53 states. Word has length 100 [2019-10-07 00:44:10,622 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:44:10,622 INFO L225 Difference]: With dead ends: 121 [2019-10-07 00:44:10,622 INFO L226 Difference]: Without dead ends: 70 [2019-10-07 00:44:10,624 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 403 GetRequests, 240 SyntacticMatches, 34 SemanticMatches, 129 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6796 ImplicationChecksByTransitivity, 7.2s TimeCoverageRelationStatistics Valid=2631, Invalid=14399, Unknown=0, NotChecked=0, Total=17030 [2019-10-07 00:44:10,624 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 70 states. [2019-10-07 00:44:10,641 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 70 to 66. [2019-10-07 00:44:10,641 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 66 states. [2019-10-07 00:44:10,642 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 77 transitions. [2019-10-07 00:44:10,642 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 77 transitions. Word has length 100 [2019-10-07 00:44:10,642 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:44:10,642 INFO L462 AbstractCegarLoop]: Abstraction has 66 states and 77 transitions. [2019-10-07 00:44:10,642 INFO L463 AbstractCegarLoop]: Interpolant automaton has 53 states. [2019-10-07 00:44:10,643 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 77 transitions. [2019-10-07 00:44:10,643 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 102 [2019-10-07 00:44:10,643 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:44:10,644 INFO L385 BasicCegarLoop]: trace histogram [12, 12, 12, 12, 11, 11, 11, 11, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:44:10,844 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 13 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:44:10,844 INFO L410 AbstractCegarLoop]: === Iteration 14 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:44:10,845 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:44:10,845 INFO L82 PathProgramCache]: Analyzing trace with hash 744111035, now seen corresponding path program 11 times [2019-10-07 00:44:10,846 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:44:10,846 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:44:10,846 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:44:10,846 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:44:10,846 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:44:10,892 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:44:11,472 INFO L134 CoverageAnalysis]: Checked inductivity of 507 backedges. 22 proven. 265 refuted. 0 times theorem prover too weak. 220 trivial. 0 not checked. [2019-10-07 00:44:11,472 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:44:11,472 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:44:11,473 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 14 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 14 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:44:12,085 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 12 check-sat command(s) [2019-10-07 00:44:12,085 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:44:12,088 INFO L256 TraceCheckSpWp]: Trace formula consists of 279 conjuncts, 39 conjunts are in the unsatisfiable core [2019-10-07 00:44:12,090 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:44:12,514 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:44:18,498 INFO L134 CoverageAnalysis]: Checked inductivity of 507 backedges. 176 proven. 111 refuted. 0 times theorem prover too weak. 220 trivial. 0 not checked. [2019-10-07 00:44:18,498 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:44:20,353 INFO L134 CoverageAnalysis]: Checked inductivity of 507 backedges. 187 proven. 100 refuted. 0 times theorem prover too weak. 220 trivial. 0 not checked. [2019-10-07 00:44:20,353 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:44:20,355 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:44:20,355 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:44:20,355 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:44:20,356 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:44:20,356 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:44:20,373 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 30 for LOIs [2019-10-07 00:44:20,454 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:44:20,682 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:44:20,694 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:44:20,698 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:44:20,698 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:44:20,698 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 191#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (exists ((v_main_~i~0_BEFORE_CALL_239 Int) (v_main_~a~0.base_BEFORE_CALL_187 Int) (v_main_~a~0.offset_BEFORE_CALL_187 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187)))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:44:20,698 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 167#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:44:20,699 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 200#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:44:20,699 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 154#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:20,699 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 186#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~i~0_BEFORE_CALL_239 Int) (v_main_~a~0.base_BEFORE_CALL_187 Int) (v_main_~a~0.offset_BEFORE_CALL_187 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187)))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:44:20,699 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 181#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~i~0_BEFORE_CALL_239 Int) (v_main_~a~0.base_BEFORE_CALL_187 Int) (v_main_~a~0.offset_BEFORE_CALL_187 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187)))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:44:20,700 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 196#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (exists ((v_main_~i~0_BEFORE_CALL_239 Int) (v_main_~a~0.base_BEFORE_CALL_187 Int) (v_main_~a~0.offset_BEFORE_CALL_187 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187)))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:44:20,700 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:44:20,700 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 176#(and (exists ((v_main_~i~0_BEFORE_CALL_239 Int) (v_main_~a~0.base_BEFORE_CALL_187 Int) (v_main_~a~0.offset_BEFORE_CALL_187 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187)))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:44:20,700 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 77#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (<= 0 |#NULL.offset|) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:20,700 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:20,701 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:20,701 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 205#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:20,701 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:44:20,701 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 149#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:44:20,701 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 171#(exists ((v_main_~i~0_BEFORE_CALL_239 Int) (v_main_~a~0.base_BEFORE_CALL_187 Int) (v_main_~a~0.offset_BEFORE_CALL_187 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187)))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_239) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_187) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_187) (+ (* 4 v_main_~i~0_BEFORE_CALL_239) v_main_~a~0.offset_BEFORE_CALL_187))) (<= v_main_~a~0.offset_BEFORE_CALL_187 0) (= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_239 ~SIZE~0) (<= 100000 ~MAX~0)))) [2019-10-07 00:44:21,771 WARN L191 SmtUtils]: Spent 104.00 ms on a formula simplification. DAG size of input: 71 DAG size of output: 25 [2019-10-07 00:44:23,745 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:44:23,745 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [31, 32, 30, 12] total 96 [2019-10-07 00:44:23,746 INFO L442 AbstractCegarLoop]: Interpolant automaton has 96 states [2019-10-07 00:44:23,747 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 96 interpolants. [2019-10-07 00:44:23,747 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=1047, Invalid=8073, Unknown=0, NotChecked=0, Total=9120 [2019-10-07 00:44:23,747 INFO L87 Difference]: Start difference. First operand 66 states and 77 transitions. Second operand 96 states. [2019-10-07 00:45:00,633 WARN L191 SmtUtils]: Spent 100.00 ms on a formula simplification. DAG size of input: 62 DAG size of output: 51 [2019-10-07 00:45:05,225 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:45:05,225 INFO L93 Difference]: Finished difference Result 159 states and 196 transitions. [2019-10-07 00:45:05,226 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 139 states. [2019-10-07 00:45:05,226 INFO L78 Accepts]: Start accepts. Automaton has 96 states. Word has length 101 [2019-10-07 00:45:05,226 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:45:05,230 INFO L225 Difference]: With dead ends: 159 [2019-10-07 00:45:05,230 INFO L226 Difference]: Without dead ends: 73 [2019-10-07 00:45:05,233 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 468 GetRequests, 208 SyntacticMatches, 33 SemanticMatches, 227 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14689 ImplicationChecksByTransitivity, 35.6s TimeCoverageRelationStatistics Valid=4925, Invalid=47285, Unknown=2, NotChecked=0, Total=52212 [2019-10-07 00:45:05,234 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 73 states. [2019-10-07 00:45:05,251 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 73 to 71. [2019-10-07 00:45:05,252 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 71 states. [2019-10-07 00:45:05,252 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 71 states to 71 states and 83 transitions. [2019-10-07 00:45:05,253 INFO L78 Accepts]: Start accepts. Automaton has 71 states and 83 transitions. Word has length 101 [2019-10-07 00:45:05,253 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:45:05,253 INFO L462 AbstractCegarLoop]: Abstraction has 71 states and 83 transitions. [2019-10-07 00:45:05,253 INFO L463 AbstractCegarLoop]: Interpolant automaton has 96 states. [2019-10-07 00:45:05,253 INFO L276 IsEmpty]: Start isEmpty. Operand 71 states and 83 transitions. [2019-10-07 00:45:05,254 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2019-10-07 00:45:05,255 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:45:05,255 INFO L385 BasicCegarLoop]: trace histogram [14, 13, 13, 13, 12, 12, 12, 12, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:45:05,458 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 14 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:45:05,459 INFO L410 AbstractCegarLoop]: === Iteration 15 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:45:05,459 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:45:05,459 INFO L82 PathProgramCache]: Analyzing trace with hash 875497432, now seen corresponding path program 12 times [2019-10-07 00:45:05,460 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:45:05,460 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:45:05,460 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:45:05,460 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:45:05,461 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:45:05,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:45:06,228 INFO L134 CoverageAnalysis]: Checked inductivity of 615 backedges. 24 proven. 327 refuted. 0 times theorem prover too weak. 264 trivial. 0 not checked. [2019-10-07 00:45:06,229 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:45:06,229 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:45:06,229 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 15 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 15 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:45:06,448 INFO L249 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2019-10-07 00:45:06,448 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:45:06,450 INFO L256 TraceCheckSpWp]: Trace formula consists of 301 conjuncts, 73 conjunts are in the unsatisfiable core [2019-10-07 00:45:06,452 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:45:09,799 INFO L134 CoverageAnalysis]: Checked inductivity of 615 backedges. 0 proven. 384 refuted. 0 times theorem prover too weak. 231 trivial. 0 not checked. [2019-10-07 00:45:09,800 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:45:10,824 INFO L134 CoverageAnalysis]: Checked inductivity of 615 backedges. 25 proven. 326 refuted. 0 times theorem prover too weak. 264 trivial. 0 not checked. [2019-10-07 00:45:10,824 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:45:10,825 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:45:10,825 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:45:10,825 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:45:10,826 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:45:10,826 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:45:10,850 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 30 for LOIs [2019-10-07 00:45:10,948 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:45:10,953 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:45:10,995 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:45:11,210 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:45:11,229 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:45:11,232 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:45:11,232 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:45:11,232 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 193#(and (<= __VERIFIER_assert_~cond 0) (exists ((v_main_~i~0_BEFORE_CALL_272 Int) (v_main_~a~0.base_BEFORE_CALL_220 Int) (v_main_~a~0.offset_BEFORE_CALL_220 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0)) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (<= 100000 ~MAX~0)))) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:45:11,232 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 169#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:45:11,233 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 202#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:45:11,233 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 156#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:11,233 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 188#(and (exists ((v_main_~i~0_BEFORE_CALL_272 Int) (v_main_~a~0.base_BEFORE_CALL_220 Int) (v_main_~a~0.offset_BEFORE_CALL_220 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0)) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:45:11,233 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 183#(and (exists ((v_main_~i~0_BEFORE_CALL_272 Int) (v_main_~a~0.base_BEFORE_CALL_220 Int) (v_main_~a~0.offset_BEFORE_CALL_220 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0)) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:45:11,233 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 198#(and (<= __VERIFIER_assert_~cond 0) (exists ((v_main_~i~0_BEFORE_CALL_272 Int) (v_main_~a~0.base_BEFORE_CALL_220 Int) (v_main_~a~0.offset_BEFORE_CALL_220 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0)) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (<= 100000 ~MAX~0)))) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:45:11,233 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= ~SIZE~0 2147483647) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:45:11,233 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 178#(and (exists ((v_main_~i~0_BEFORE_CALL_272 Int) (v_main_~a~0.base_BEFORE_CALL_220 Int) (v_main_~a~0.offset_BEFORE_CALL_220 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0)) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:45:11,234 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 79#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= 0 (+ ~SIZE~0 2147483648)) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:11,234 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:11,234 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:11,234 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 207#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:11,234 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:45:11,234 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 151#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:11,234 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 173#(exists ((v_main_~i~0_BEFORE_CALL_272 Int) (v_main_~a~0.base_BEFORE_CALL_220 Int) (v_main_~a~0.offset_BEFORE_CALL_220 Int)) (or (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0)) (<= 100000 ~MAX~0)) (and (<= 0 v_main_~i~0_BEFORE_CALL_272) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_220 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_220) (+ (* 4 v_main_~i~0_BEFORE_CALL_272) v_main_~a~0.offset_BEFORE_CALL_220)) 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_272 ~SIZE~0) (= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_220) (<= 100000 ~MAX~0)))) [2019-10-07 00:45:14,506 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:45:14,507 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 36, 33, 12] total 94 [2019-10-07 00:45:14,508 INFO L442 AbstractCegarLoop]: Interpolant automaton has 94 states [2019-10-07 00:45:14,508 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 94 interpolants. [2019-10-07 00:45:14,509 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=399, Invalid=8343, Unknown=0, NotChecked=0, Total=8742 [2019-10-07 00:45:14,509 INFO L87 Difference]: Start difference. First operand 71 states and 83 transitions. Second operand 94 states. [2019-10-07 00:45:29,456 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:45:29,456 INFO L93 Difference]: Finished difference Result 82 states and 96 transitions. [2019-10-07 00:45:29,457 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 69 states. [2019-10-07 00:45:29,457 INFO L78 Accepts]: Start accepts. Automaton has 94 states. Word has length 110 [2019-10-07 00:45:29,457 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:45:29,458 INFO L225 Difference]: With dead ends: 82 [2019-10-07 00:45:29,459 INFO L226 Difference]: Without dead ends: 80 [2019-10-07 00:45:29,460 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 428 GetRequests, 237 SyntacticMatches, 36 SemanticMatches, 155 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5240 ImplicationChecksByTransitivity, 18.1s TimeCoverageRelationStatistics Valid=1458, Invalid=23032, Unknown=2, NotChecked=0, Total=24492 [2019-10-07 00:45:29,461 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 80 states. [2019-10-07 00:45:29,482 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 80 to 77. [2019-10-07 00:45:29,483 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 77 states. [2019-10-07 00:45:29,483 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 77 states to 77 states and 91 transitions. [2019-10-07 00:45:29,484 INFO L78 Accepts]: Start accepts. Automaton has 77 states and 91 transitions. Word has length 110 [2019-10-07 00:45:29,484 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:45:29,484 INFO L462 AbstractCegarLoop]: Abstraction has 77 states and 91 transitions. [2019-10-07 00:45:29,484 INFO L463 AbstractCegarLoop]: Interpolant automaton has 94 states. [2019-10-07 00:45:29,484 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 91 transitions. [2019-10-07 00:45:29,485 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 125 [2019-10-07 00:45:29,485 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:45:29,486 INFO L385 BasicCegarLoop]: trace histogram [15, 15, 15, 14, 14, 14, 14, 14, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:45:29,690 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 15 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:45:29,690 INFO L410 AbstractCegarLoop]: === Iteration 16 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:45:29,691 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:45:29,691 INFO L82 PathProgramCache]: Analyzing trace with hash -1189524872, now seen corresponding path program 13 times [2019-10-07 00:45:29,691 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:45:29,691 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:45:29,692 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:45:29,692 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:45:29,692 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:45:29,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:45:30,108 INFO L134 CoverageAnalysis]: Checked inductivity of 798 backedges. 289 proven. 145 refuted. 0 times theorem prover too weak. 364 trivial. 0 not checked. [2019-10-07 00:45:30,108 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:45:30,108 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:45:30,109 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 16 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 16 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:45:30,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:45:30,352 INFO L256 TraceCheckSpWp]: Trace formula consists of 329 conjuncts, 32 conjunts are in the unsatisfiable core [2019-10-07 00:45:30,354 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:45:30,794 INFO L134 CoverageAnalysis]: Checked inductivity of 798 backedges. 329 proven. 105 refuted. 0 times theorem prover too weak. 364 trivial. 0 not checked. [2019-10-07 00:45:30,794 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:45:31,133 INFO L134 CoverageAnalysis]: Checked inductivity of 798 backedges. 329 proven. 105 refuted. 0 times theorem prover too weak. 364 trivial. 0 not checked. [2019-10-07 00:45:31,133 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:45:31,134 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:45:31,134 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:45:31,135 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:45:31,135 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:45:31,135 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:45:31,160 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 32 for LOIs [2019-10-07 00:45:31,204 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:45:31,379 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:45:31,390 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:45:31,393 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:45:31,393 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:45:31,394 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 178#(and (exists ((v_main_~a~0.base_BEFORE_CALL_229 Int) (v_main_~i~0_BEFORE_CALL_309 Int) (v_main_~a~0.offset_BEFORE_CALL_229 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229)))) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229))) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:45:31,394 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 154#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:45:31,394 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 187#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:45:31,394 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 141#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:31,394 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 173#(and (exists ((v_main_~a~0.base_BEFORE_CALL_229 Int) (v_main_~i~0_BEFORE_CALL_309 Int) (v_main_~a~0.offset_BEFORE_CALL_229 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229)))) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229))) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:45:31,394 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 168#(and (exists ((v_main_~a~0.base_BEFORE_CALL_229 Int) (v_main_~i~0_BEFORE_CALL_309 Int) (v_main_~a~0.offset_BEFORE_CALL_229 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229)))) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229))) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:45:31,395 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 183#(and (exists ((v_main_~a~0.base_BEFORE_CALL_229 Int) (v_main_~i~0_BEFORE_CALL_309 Int) (v_main_~a~0.offset_BEFORE_CALL_229 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229)))) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229))) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:45:31,395 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |old(~SIZE~0)|) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:45:31,395 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 163#(and (exists ((v_main_~a~0.base_BEFORE_CALL_229 Int) (v_main_~i~0_BEFORE_CALL_309 Int) (v_main_~a~0.offset_BEFORE_CALL_229 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229)))) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229))) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:45:31,395 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 64#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (not (= |main_#t~malloc2.base| 0)) (<= 0 (+ ~SIZE~0 2147483648)) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:31,396 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:31,396 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |old(~SIZE~0)|) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:31,396 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 192#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:31,396 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:45:31,396 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 136#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:45:31,396 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 158#(exists ((v_main_~a~0.base_BEFORE_CALL_229 Int) (v_main_~i~0_BEFORE_CALL_309 Int) (v_main_~a~0.offset_BEFORE_CALL_229 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229)))) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= 0 v_main_~i~0_BEFORE_CALL_309) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_229) (+ (* 4 v_main_~i~0_BEFORE_CALL_309) v_main_~a~0.offset_BEFORE_CALL_229))) (< v_main_~i~0_BEFORE_CALL_309 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_229) (<= v_main_~a~0.offset_BEFORE_CALL_229 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:45:33,182 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:45:33,182 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [32, 33, 32, 12] total 62 [2019-10-07 00:45:33,183 INFO L442 AbstractCegarLoop]: Interpolant automaton has 62 states [2019-10-07 00:45:33,184 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 62 interpolants. [2019-10-07 00:45:33,184 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=620, Invalid=3162, Unknown=0, NotChecked=0, Total=3782 [2019-10-07 00:45:33,185 INFO L87 Difference]: Start difference. First operand 77 states and 91 transitions. Second operand 62 states. [2019-10-07 00:45:40,826 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:45:40,826 INFO L93 Difference]: Finished difference Result 142 states and 170 transitions. [2019-10-07 00:45:40,827 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 105 states. [2019-10-07 00:45:40,827 INFO L78 Accepts]: Start accepts. Automaton has 62 states. Word has length 124 [2019-10-07 00:45:40,827 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:45:40,829 INFO L225 Difference]: With dead ends: 142 [2019-10-07 00:45:40,829 INFO L226 Difference]: Without dead ends: 82 [2019-10-07 00:45:40,831 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 499 GetRequests, 300 SyntacticMatches, 43 SemanticMatches, 156 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 10102 ImplicationChecksByTransitivity, 8.8s TimeCoverageRelationStatistics Valid=3894, Invalid=20912, Unknown=0, NotChecked=0, Total=24806 [2019-10-07 00:45:40,831 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 82 states. [2019-10-07 00:45:40,862 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 82 to 78. [2019-10-07 00:45:40,863 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 78 states. [2019-10-07 00:45:40,863 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 78 states to 78 states and 92 transitions. [2019-10-07 00:45:40,864 INFO L78 Accepts]: Start accepts. Automaton has 78 states and 92 transitions. Word has length 124 [2019-10-07 00:45:40,864 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:45:40,864 INFO L462 AbstractCegarLoop]: Abstraction has 78 states and 92 transitions. [2019-10-07 00:45:40,864 INFO L463 AbstractCegarLoop]: Interpolant automaton has 62 states. [2019-10-07 00:45:40,864 INFO L276 IsEmpty]: Start isEmpty. Operand 78 states and 92 transitions. [2019-10-07 00:45:40,865 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 126 [2019-10-07 00:45:40,865 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:45:40,865 INFO L385 BasicCegarLoop]: trace histogram [15, 15, 15, 15, 14, 14, 14, 14, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:45:41,065 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 16 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:45:41,066 INFO L410 AbstractCegarLoop]: === Iteration 17 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:45:41,066 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:45:41,067 INFO L82 PathProgramCache]: Analyzing trace with hash -617617847, now seen corresponding path program 14 times [2019-10-07 00:45:41,067 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:45:41,067 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:45:41,067 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:45:41,068 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:45:41,068 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:45:41,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:45:42,052 INFO L134 CoverageAnalysis]: Checked inductivity of 813 backedges. 28 proven. 421 refuted. 0 times theorem prover too weak. 364 trivial. 0 not checked. [2019-10-07 00:45:42,052 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:45:42,052 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:45:42,053 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 17 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 17 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:45:48,491 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 15 check-sat command(s) [2019-10-07 00:45:48,492 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:45:48,500 INFO L256 TraceCheckSpWp]: Trace formula consists of 333 conjuncts, 45 conjunts are in the unsatisfiable core [2019-10-07 00:45:48,503 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:45:49,149 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:45:57,887 INFO L134 CoverageAnalysis]: Checked inductivity of 813 backedges. 335 proven. 162 refuted. 4 times theorem prover too weak. 312 trivial. 0 not checked. [2019-10-07 00:45:57,887 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:46:00,629 INFO L134 CoverageAnalysis]: Checked inductivity of 813 backedges. 301 proven. 148 refuted. 0 times theorem prover too weak. 364 trivial. 0 not checked. [2019-10-07 00:46:00,629 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:46:00,630 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:46:00,630 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:46:00,631 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:46:00,631 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:46:00,631 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:46:00,653 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 30 for LOIs [2019-10-07 00:46:00,711 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:46:00,883 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:46:00,894 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:46:00,898 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:46:00,898 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:46:00,898 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 178#(and (<= __VERIFIER_assert_~cond 0) (exists ((v_main_~a~0.offset_BEFORE_CALL_266 Int) (v_main_~a~0.base_BEFORE_CALL_266 Int) (v_main_~i~0_BEFORE_CALL_346 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:46:00,898 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 154#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:46:00,899 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 187#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:46:00,899 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 141#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:46:00,899 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 173#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~a~0.offset_BEFORE_CALL_266 Int) (v_main_~a~0.base_BEFORE_CALL_266 Int) (v_main_~i~0_BEFORE_CALL_346 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:46:00,899 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 168#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~a~0.offset_BEFORE_CALL_266 Int) (v_main_~a~0.base_BEFORE_CALL_266 Int) (v_main_~i~0_BEFORE_CALL_346 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:46:00,900 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 183#(and (<= __VERIFIER_assert_~cond 0) (exists ((v_main_~a~0.offset_BEFORE_CALL_266 Int) (v_main_~a~0.base_BEFORE_CALL_266 Int) (v_main_~i~0_BEFORE_CALL_346 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:46:00,900 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:46:00,900 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 163#(and (exists ((v_main_~a~0.offset_BEFORE_CALL_266 Int) (v_main_~a~0.base_BEFORE_CALL_266 Int) (v_main_~i~0_BEFORE_CALL_346 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:46:00,900 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 64#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (<= 0 |#NULL.offset|) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:46:00,901 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:46:00,901 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:46:00,901 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 192#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:46:00,901 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:46:00,901 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 136#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:46:00,901 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 158#(exists ((v_main_~a~0.offset_BEFORE_CALL_266 Int) (v_main_~a~0.base_BEFORE_CALL_266 Int) (v_main_~i~0_BEFORE_CALL_346 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0)) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= v_main_~a~0.offset_BEFORE_CALL_266 0) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (< v_main_~i~0_BEFORE_CALL_346 ~SIZE~0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_266) (+ v_main_~a~0.offset_BEFORE_CALL_266 (* 4 v_main_~i~0_BEFORE_CALL_346))) 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_266) (<= 0 v_main_~i~0_BEFORE_CALL_346) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:46:04,476 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:46:04,476 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [37, 39, 36, 12] total 115 [2019-10-07 00:46:04,477 INFO L442 AbstractCegarLoop]: Interpolant automaton has 115 states [2019-10-07 00:46:04,478 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 115 interpolants. [2019-10-07 00:46:04,479 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=1545, Invalid=11564, Unknown=1, NotChecked=0, Total=13110 [2019-10-07 00:46:04,479 INFO L87 Difference]: Start difference. First operand 78 states and 92 transitions. Second operand 115 states. [2019-10-07 00:46:39,372 WARN L191 SmtUtils]: Spent 105.00 ms on a formula simplification. DAG size of input: 62 DAG size of output: 51 [2019-10-07 00:46:56,879 WARN L191 SmtUtils]: Spent 102.00 ms on a formula simplification. DAG size of input: 62 DAG size of output: 51 [2019-10-07 00:49:35,985 WARN L191 SmtUtils]: Spent 100.00 ms on a formula simplification. DAG size of input: 62 DAG size of output: 51 [2019-10-07 00:50:05,144 WARN L191 SmtUtils]: Spent 100.00 ms on a formula simplification. DAG size of input: 58 DAG size of output: 52 [2019-10-07 00:50:12,761 WARN L191 SmtUtils]: Spent 104.00 ms on a formula simplification. DAG size of input: 53 DAG size of output: 52 [2019-10-07 00:50:15,314 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:50:15,314 INFO L93 Difference]: Finished difference Result 194 states and 241 transitions. [2019-10-07 00:50:15,315 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 172 states. [2019-10-07 00:50:15,315 INFO L78 Accepts]: Start accepts. Automaton has 115 states. Word has length 125 [2019-10-07 00:50:15,315 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:50:15,317 INFO L225 Difference]: With dead ends: 194 [2019-10-07 00:50:15,317 INFO L226 Difference]: Without dead ends: 87 [2019-10-07 00:50:15,321 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 579 GetRequests, 259 SyntacticMatches, 41 SemanticMatches, 279 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 22393 ImplicationChecksByTransitivity, 61.6s TimeCoverageRelationStatistics Valid=7361, Invalid=71308, Unknown=11, NotChecked=0, Total=78680 [2019-10-07 00:50:15,321 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 87 states. [2019-10-07 00:50:15,344 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 87 to 83. [2019-10-07 00:50:15,344 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 83 states. [2019-10-07 00:50:15,344 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 83 states to 83 states and 98 transitions. [2019-10-07 00:50:15,345 INFO L78 Accepts]: Start accepts. Automaton has 83 states and 98 transitions. Word has length 125 [2019-10-07 00:50:15,345 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:50:15,345 INFO L462 AbstractCegarLoop]: Abstraction has 83 states and 98 transitions. [2019-10-07 00:50:15,345 INFO L463 AbstractCegarLoop]: Interpolant automaton has 115 states. [2019-10-07 00:50:15,345 INFO L276 IsEmpty]: Start isEmpty. Operand 83 states and 98 transitions. [2019-10-07 00:50:15,346 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 135 [2019-10-07 00:50:15,346 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:50:15,346 INFO L385 BasicCegarLoop]: trace histogram [17, 16, 16, 16, 15, 15, 15, 15, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:50:15,554 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 17 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:50:15,555 INFO L410 AbstractCegarLoop]: === Iteration 18 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:50:15,555 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:50:15,556 INFO L82 PathProgramCache]: Analyzing trace with hash 1869128074, now seen corresponding path program 15 times [2019-10-07 00:50:15,556 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:50:15,556 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:50:15,557 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:50:15,557 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:50:15,557 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:50:15,622 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:50:16,657 INFO L134 CoverageAnalysis]: Checked inductivity of 948 backedges. 30 proven. 498 refuted. 0 times theorem prover too weak. 420 trivial. 0 not checked. [2019-10-07 00:50:16,657 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:50:16,658 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:50:16,658 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 18 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 18 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:50:16,952 INFO L249 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2019-10-07 00:50:16,952 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:50:16,954 INFO L256 TraceCheckSpWp]: Trace formula consists of 355 conjuncts, 85 conjunts are in the unsatisfiable core [2019-10-07 00:50:16,956 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:50:21,886 INFO L134 CoverageAnalysis]: Checked inductivity of 948 backedges. 0 proven. 570 refuted. 0 times theorem prover too weak. 378 trivial. 0 not checked. [2019-10-07 00:50:21,887 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:50:23,368 INFO L134 CoverageAnalysis]: Checked inductivity of 948 backedges. 31 proven. 497 refuted. 0 times theorem prover too weak. 420 trivial. 0 not checked. [2019-10-07 00:50:23,368 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:50:23,369 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:50:23,369 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:50:23,369 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:50:23,370 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:50:23,370 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:50:23,397 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 32 for LOIs [2019-10-07 00:50:23,455 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:50:23,636 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:50:23,644 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:50:23,648 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:50:23,648 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:50:23,648 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 178#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (exists ((v_main_~a~0.base_BEFORE_CALL_305 Int) (v_main_~a~0.offset_BEFORE_CALL_305 Int) (v_main_~i~0_BEFORE_CALL_385 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385)))) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:50:23,648 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 154#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:50:23,649 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 187#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:50:23,649 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 141#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:23,649 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 173#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~a~0.base_BEFORE_CALL_305 Int) (v_main_~a~0.offset_BEFORE_CALL_305 Int) (v_main_~i~0_BEFORE_CALL_385 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385)))) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:50:23,649 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 168#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~a~0.base_BEFORE_CALL_305 Int) (v_main_~a~0.offset_BEFORE_CALL_305 Int) (v_main_~i~0_BEFORE_CALL_385 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385)))) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:50:23,649 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 183#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (exists ((v_main_~a~0.base_BEFORE_CALL_305 Int) (v_main_~a~0.offset_BEFORE_CALL_305 Int) (v_main_~i~0_BEFORE_CALL_385 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385)))) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:50:23,650 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= ~SIZE~0 2147483647) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:50:23,650 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 163#(and (exists ((v_main_~a~0.base_BEFORE_CALL_305 Int) (v_main_~a~0.offset_BEFORE_CALL_305 Int) (v_main_~i~0_BEFORE_CALL_385 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385)))) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:50:23,650 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 64#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (<= 0 |#NULL.offset|) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:23,650 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:23,650 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:23,651 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 192#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:23,651 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:50:23,651 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 136#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:23,651 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 158#(exists ((v_main_~a~0.base_BEFORE_CALL_305 Int) (v_main_~a~0.offset_BEFORE_CALL_305 Int) (v_main_~i~0_BEFORE_CALL_385 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385)))) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_305) (+ v_main_~a~0.offset_BEFORE_CALL_305 (* 4 v_main_~i~0_BEFORE_CALL_385))))) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (< v_main_~i~0_BEFORE_CALL_385 ~SIZE~0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_305) (<= 0 v_main_~i~0_BEFORE_CALL_385) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= v_main_~a~0.offset_BEFORE_CALL_305 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:50:28,090 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:50:28,090 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [40, 42, 39, 12] total 109 [2019-10-07 00:50:28,091 INFO L442 AbstractCegarLoop]: Interpolant automaton has 109 states [2019-10-07 00:50:28,092 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 109 interpolants. [2019-10-07 00:50:28,093 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=468, Invalid=11304, Unknown=0, NotChecked=0, Total=11772 [2019-10-07 00:50:28,093 INFO L87 Difference]: Start difference. First operand 83 states and 98 transitions. Second operand 109 states. [2019-10-07 00:50:44,592 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:50:44,593 INFO L93 Difference]: Finished difference Result 94 states and 111 transitions. [2019-10-07 00:50:44,593 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 82 states. [2019-10-07 00:50:44,593 INFO L78 Accepts]: Start accepts. Automaton has 109 states. Word has length 134 [2019-10-07 00:50:44,594 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:50:44,595 INFO L225 Difference]: With dead ends: 94 [2019-10-07 00:50:44,595 INFO L226 Difference]: Without dead ends: 92 [2019-10-07 00:50:44,597 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 519 GetRequests, 291 SyntacticMatches, 45 SemanticMatches, 183 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7442 ImplicationChecksByTransitivity, 21.9s TimeCoverageRelationStatistics Valid=1609, Invalid=32430, Unknown=1, NotChecked=0, Total=34040 [2019-10-07 00:50:44,597 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 92 states. [2019-10-07 00:50:44,618 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 92 to 89. [2019-10-07 00:50:44,618 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 89 states. [2019-10-07 00:50:44,618 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 89 states to 89 states and 106 transitions. [2019-10-07 00:50:44,619 INFO L78 Accepts]: Start accepts. Automaton has 89 states and 106 transitions. Word has length 134 [2019-10-07 00:50:44,619 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:50:44,619 INFO L462 AbstractCegarLoop]: Abstraction has 89 states and 106 transitions. [2019-10-07 00:50:44,619 INFO L463 AbstractCegarLoop]: Interpolant automaton has 109 states. [2019-10-07 00:50:44,619 INFO L276 IsEmpty]: Start isEmpty. Operand 89 states and 106 transitions. [2019-10-07 00:50:44,620 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 149 [2019-10-07 00:50:44,620 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:50:44,620 INFO L385 BasicCegarLoop]: trace histogram [18, 18, 18, 17, 17, 17, 17, 17, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:50:44,820 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 18 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:50:44,821 INFO L410 AbstractCegarLoop]: === Iteration 19 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:50:44,821 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:50:44,822 INFO L82 PathProgramCache]: Analyzing trace with hash -106756950, now seen corresponding path program 16 times [2019-10-07 00:50:44,822 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:50:44,822 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:50:44,822 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:50:44,822 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:50:44,823 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:50:44,860 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:50:45,827 INFO L134 CoverageAnalysis]: Checked inductivity of 1173 backedges. 427 proven. 202 refuted. 0 times theorem prover too weak. 544 trivial. 0 not checked. [2019-10-07 00:50:45,827 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:50:45,827 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:50:45,828 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 19 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 19 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:50:46,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:50:46,153 INFO L256 TraceCheckSpWp]: Trace formula consists of 383 conjuncts, 38 conjunts are in the unsatisfiable core [2019-10-07 00:50:46,156 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:50:46,820 INFO L134 CoverageAnalysis]: Checked inductivity of 1173 backedges. 476 proven. 153 refuted. 0 times theorem prover too weak. 544 trivial. 0 not checked. [2019-10-07 00:50:46,820 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:50:47,301 INFO L134 CoverageAnalysis]: Checked inductivity of 1173 backedges. 476 proven. 153 refuted. 0 times theorem prover too weak. 544 trivial. 0 not checked. [2019-10-07 00:50:47,301 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:50:47,302 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:50:47,303 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:50:47,303 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:50:47,303 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:50:47,303 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:50:47,324 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 32 for LOIs [2019-10-07 00:50:47,406 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:50:47,554 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:50:47,560 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:50:47,562 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:50:47,562 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:50:47,563 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 191#(and (exists ((v_main_~i~0_BEFORE_CALL_428 Int) (v_main_~a~0.base_BEFORE_CALL_314 Int) (v_main_~a~0.offset_BEFORE_CALL_314 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0)) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:50:47,563 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 167#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:50:47,563 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 200#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:50:47,563 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 154#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:47,563 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 186#(and (exists ((v_main_~i~0_BEFORE_CALL_428 Int) (v_main_~a~0.base_BEFORE_CALL_314 Int) (v_main_~a~0.offset_BEFORE_CALL_314 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0)) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:50:47,563 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 181#(and (exists ((v_main_~i~0_BEFORE_CALL_428 Int) (v_main_~a~0.base_BEFORE_CALL_314 Int) (v_main_~a~0.offset_BEFORE_CALL_314 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0)) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (not (= 0 __VERIFIER_assert_~cond)) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:50:47,563 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 196#(and (exists ((v_main_~i~0_BEFORE_CALL_428 Int) (v_main_~a~0.base_BEFORE_CALL_314 Int) (v_main_~a~0.offset_BEFORE_CALL_314 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0)) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:50:47,563 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:50:47,564 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 176#(and (exists ((v_main_~i~0_BEFORE_CALL_428 Int) (v_main_~a~0.base_BEFORE_CALL_314 Int) (v_main_~a~0.offset_BEFORE_CALL_314 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0)) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:50:47,564 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 77#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= 0 (+ ~SIZE~0 2147483648)) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:47,564 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:47,564 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |old(#valid)| 0)) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:47,564 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 205#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:47,564 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:50:47,564 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 149#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:50:47,564 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 171#(exists ((v_main_~i~0_BEFORE_CALL_428 Int) (v_main_~a~0.base_BEFORE_CALL_314 Int) (v_main_~a~0.offset_BEFORE_CALL_314 Int)) (or (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (= |#NULL.offset| 0) (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0) (<= 100000 ~MAX~0)) (and (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= v_main_~a~0.offset_BEFORE_CALL_314 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 v_main_~a~0.offset_BEFORE_CALL_314) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_428) (< v_main_~i~0_BEFORE_CALL_428 ~SIZE~0) (not (= (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_314) (+ (* 4 v_main_~i~0_BEFORE_CALL_428) v_main_~a~0.offset_BEFORE_CALL_314)) 0)) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)))) [2019-10-07 00:50:49,711 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:50:49,712 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [38, 39, 38, 12] total 71 [2019-10-07 00:50:49,713 INFO L442 AbstractCegarLoop]: Interpolant automaton has 71 states [2019-10-07 00:50:49,713 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 71 interpolants. [2019-10-07 00:50:49,714 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=842, Invalid=4128, Unknown=0, NotChecked=0, Total=4970 [2019-10-07 00:50:49,714 INFO L87 Difference]: Start difference. First operand 89 states and 106 transitions. Second operand 71 states. [2019-10-07 00:50:59,534 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2019-10-07 00:50:59,534 INFO L93 Difference]: Finished difference Result 163 states and 197 transitions. [2019-10-07 00:50:59,535 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 123 states. [2019-10-07 00:50:59,535 INFO L78 Accepts]: Start accepts. Automaton has 71 states. Word has length 148 [2019-10-07 00:50:59,535 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2019-10-07 00:50:59,536 INFO L225 Difference]: With dead ends: 163 [2019-10-07 00:50:59,536 INFO L226 Difference]: Without dead ends: 94 [2019-10-07 00:50:59,538 INFO L606 BasicCegarLoop]: 0 DeclaredPredicates, 595 GetRequests, 360 SyntacticMatches, 52 SemanticMatches, 183 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14056 ImplicationChecksByTransitivity, 11.9s TimeCoverageRelationStatistics Valid=5409, Invalid=28631, Unknown=0, NotChecked=0, Total=34040 [2019-10-07 00:50:59,538 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 94 states. [2019-10-07 00:50:59,563 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 94 to 90. [2019-10-07 00:50:59,563 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 90 states. [2019-10-07 00:50:59,564 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 90 states to 90 states and 107 transitions. [2019-10-07 00:50:59,564 INFO L78 Accepts]: Start accepts. Automaton has 90 states and 107 transitions. Word has length 148 [2019-10-07 00:50:59,564 INFO L84 Accepts]: Finished accepts. word is rejected. [2019-10-07 00:50:59,564 INFO L462 AbstractCegarLoop]: Abstraction has 90 states and 107 transitions. [2019-10-07 00:50:59,564 INFO L463 AbstractCegarLoop]: Interpolant automaton has 71 states. [2019-10-07 00:50:59,564 INFO L276 IsEmpty]: Start isEmpty. Operand 90 states and 107 transitions. [2019-10-07 00:50:59,565 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 150 [2019-10-07 00:50:59,565 INFO L377 BasicCegarLoop]: Found error trace [2019-10-07 00:50:59,565 INFO L385 BasicCegarLoop]: trace histogram [18, 18, 18, 18, 17, 17, 17, 17, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2019-10-07 00:50:59,766 WARN L499 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 19 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:50:59,766 INFO L410 AbstractCegarLoop]: === Iteration 20 === [__VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2019-10-07 00:50:59,766 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2019-10-07 00:50:59,767 INFO L82 PathProgramCache]: Analyzing trace with hash -473465477, now seen corresponding path program 17 times [2019-10-07 00:50:59,767 INFO L150 tionRefinementEngine]: Executing refinement strategy SIFA_TAIPAN [2019-10-07 00:50:59,767 INFO L231 tionRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:50:59,767 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:50:59,768 INFO L117 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2019-10-07 00:50:59,768 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2019-10-07 00:50:59,866 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2019-10-07 00:51:01,009 INFO L134 CoverageAnalysis]: Checked inductivity of 1191 backedges. 34 proven. 613 refuted. 0 times theorem prover too weak. 544 trivial. 0 not checked. [2019-10-07 00:51:01,010 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2019-10-07 00:51:01,010 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2019-10-07 00:51:01,010 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 20 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 20 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2019-10-07 00:51:04,728 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 18 check-sat command(s) [2019-10-07 00:51:04,729 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2019-10-07 00:51:04,735 INFO L256 TraceCheckSpWp]: Trace formula consists of 387 conjuncts, 51 conjunts are in the unsatisfiable core [2019-10-07 00:51:04,738 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2019-10-07 00:51:05,610 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:51:17,236 INFO L134 CoverageAnalysis]: Checked inductivity of 1191 backedges. 425 proven. 222 refuted. 0 times theorem prover too weak. 544 trivial. 0 not checked. [2019-10-07 00:51:17,236 INFO L322 TraceCheckSpWp]: Computing backward predicates... [2019-10-07 00:51:20,904 INFO L134 CoverageAnalysis]: Checked inductivity of 1191 backedges. 442 proven. 205 refuted. 0 times theorem prover too weak. 544 trivial. 0 not checked. [2019-10-07 00:51:20,904 INFO L286 tionRefinementEngine]: Using interpolant generator IpTcStrategyModuleSifa [2019-10-07 00:51:20,905 INFO L162 IcfgInterpreter]: Started Sifa with 16 locations of interest [2019-10-07 00:51:20,905 INFO L169 IcfgInterpreter]: Building call graph [2019-10-07 00:51:20,905 INFO L174 IcfgInterpreter]: Initial procedures are [ULTIMATE.start] [2019-10-07 00:51:20,905 INFO L179 IcfgInterpreter]: Starting interpretation [2019-10-07 00:51:20,906 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.start with input of size 1 for LOIs [2019-10-07 00:51:20,921 INFO L199 IcfgInterpreter]: Interpreting procedure main with input of size 32 for LOIs [2019-10-07 00:51:20,992 WARN L225 Elim1Store]: Array PQE input equivalent to false [2019-10-07 00:51:21,185 INFO L199 IcfgInterpreter]: Interpreting procedure __VERIFIER_assert with input of size 40 for LOIs [2019-10-07 00:51:21,195 INFO L199 IcfgInterpreter]: Interpreting procedure ULTIMATE.init with input of size 16 for LOIs [2019-10-07 00:51:21,200 INFO L183 IcfgInterpreter]: Interpretation finished [2019-10-07 00:51:21,201 INFO L191 IcfgInterpreter]: Final predicates for locations of interest are: [2019-10-07 00:51:21,201 INFO L193 IcfgInterpreter]: Reachable states at location L3-1 satisfy 178#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (exists ((v_main_~a~0.base_BEFORE_CALL_357 Int) (v_main_~a~0.offset_BEFORE_CALL_357 Int) (v_main_~i~0_BEFORE_CALL_471 Int)) (or (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471)))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (<= 100000 ~MAX~0)) (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471))))) (<= 100000 ~MAX~0)))) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:51:21,201 INFO L193 IcfgInterpreter]: Reachable states at location L34-1 satisfy 154#(and (= |old(~SIZE~0)| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (< main_~i~0 ~SIZE~0) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (= 0 |main_#t~mem5|) (<= 0 |#NULL.offset|) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= 100000 ~MAX~0) (= |#NULL.base| 0) (<= ~SIZE~0 100000) (<= 0 |main_#t~mem5|) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (<= |main_#t~mem5| 0) (= |#NULL.offset| 0)) [2019-10-07 00:51:21,202 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initENTRY satisfy 187#(and (= |old(#NULL.base)| |#NULL.base|) (= |#valid| |old(#valid)|) (= ~MAX~0 |old(~MAX~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= |old(~SIZE~0)| ~SIZE~0)) [2019-10-07 00:51:21,202 INFO L193 IcfgInterpreter]: Reachable states at location L34 satisfy 141#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= main_~i~0 100000) (< main_~i~0 ~SIZE~0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |main_#t~mem5| (select (select |#memory_int| main_~a~0.base) (+ (* 4 main_~i~0) main_~a~0.offset))) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:51:21,202 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertEXIT satisfy 173#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~a~0.base_BEFORE_CALL_357 Int) (v_main_~a~0.offset_BEFORE_CALL_357 Int) (v_main_~i~0_BEFORE_CALL_471 Int)) (or (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471)))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (<= 100000 ~MAX~0)) (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471))))) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:51:21,203 INFO L193 IcfgInterpreter]: Reachable states at location L3-3 satisfy 168#(and (not (= 0 __VERIFIER_assert_~cond)) (exists ((v_main_~a~0.base_BEFORE_CALL_357 Int) (v_main_~a~0.offset_BEFORE_CALL_357 Int) (v_main_~i~0_BEFORE_CALL_471 Int)) (or (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471)))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (<= 100000 ~MAX~0)) (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471))))) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:51:21,203 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertErr0ASSERT_VIOLATIONERROR_FUNCTION satisfy 183#(and (<= __VERIFIER_assert_~cond 0) (<= 0 |__VERIFIER_assert_#in~cond|) (<= |__VERIFIER_assert_#in~cond| 0) (exists ((v_main_~a~0.base_BEFORE_CALL_357 Int) (v_main_~a~0.offset_BEFORE_CALL_357 Int) (v_main_~i~0_BEFORE_CALL_471 Int)) (or (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471)))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (<= 100000 ~MAX~0)) (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471))))) (<= 100000 ~MAX~0)))) (<= 0 __VERIFIER_assert_~cond) (= 0 __VERIFIER_assert_~cond) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:51:21,203 INFO L193 IcfgInterpreter]: Reachable states at location L14 satisfy 38#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (<= ~SIZE~0 2147483647) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= 100000 ~MAX~0)) [2019-10-07 00:51:21,204 INFO L193 IcfgInterpreter]: Reachable states at location L3 satisfy 163#(and (exists ((v_main_~a~0.base_BEFORE_CALL_357 Int) (v_main_~a~0.offset_BEFORE_CALL_357 Int) (v_main_~i~0_BEFORE_CALL_471 Int)) (or (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471)))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (<= 100000 ~MAX~0)) (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471))))) (<= 100000 ~MAX~0)))) (= |__VERIFIER_assert_#in~cond| __VERIFIER_assert_~cond)) [2019-10-07 00:51:21,204 INFO L193 IcfgInterpreter]: Reachable states at location L19-3 satisfy 64#(and (or (and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#NULL.offset| 0)) (and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (<= |main_#t~malloc2.offset| 0) (<= 0 main_~i~0) (= 0 |#NULL.base|) (< ~SIZE~0 ~MAX~0) (< 1 ~SIZE~0) (= 0 |main_#t~malloc2.offset|) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= |#valid| (store |old(#valid)| |main_#t~malloc2.base| 1)) (<= 0 |#NULL.offset|) (= main_~a~0.offset |main_#t~malloc2.offset|) (<= ~SIZE~0 2147483647) (< |#StackHeapBarrier| |main_#t~malloc2.base|) (= (store |old(#length)| |main_#t~malloc2.base| (* 4 ~SIZE~0)) |#length|) (<= ~SIZE~0 100000) (not (= |main_#t~malloc2.base| 0)) (<= |#NULL.base| 0) (<= 0 (+ ~SIZE~0 2147483648)) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |main_#t~malloc2.offset|) (<= main_~i~0 0) (= 0 (select |old(#valid)| 0)) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= (select |old(#valid)| |main_#t~malloc2.base|) 0) (= |main_#t~malloc2.base| main_~a~0.base) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= main_~i~0 0))) (<= |old(~SIZE~0)| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:51:21,204 INFO L193 IcfgInterpreter]: Reachable states at location L-1 satisfy 23#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select |#valid| 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:51:21,204 INFO L193 IcfgInterpreter]: Reachable states at location mainENTRY satisfy 33#(and (<= ~MAX~0 100000) (= |old(~SIZE~0)| 0) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (= 0 (select |old(#valid)| 0)) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 |old(~SIZE~0)|) (= |#valid| |old(#valid)|) (<= |old(~SIZE~0)| 0) (<= 0 ~SIZE~0) (= |#memory_int| |old(#memory_int)|) (= |#NULL.offset| 0) (= |old(#length)| |#length|) (<= ~SIZE~0 0) (= |old(~SIZE~0)| ~SIZE~0) (<= 100000 ~MAX~0)) [2019-10-07 00:51:21,205 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.initEXIT satisfy 192#(and (<= ~MAX~0 100000) (= 0 |#NULL.base|) (<= |#NULL.base| 0) (= ~SIZE~0 0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= |#valid| (store |old(#valid)| 0 0)) (<= 0 ~SIZE~0) (= |#NULL.offset| 0) (<= ~SIZE~0 0) (<= 100000 ~MAX~0)) [2019-10-07 00:51:21,205 INFO L193 IcfgInterpreter]: Reachable states at location ULTIMATE.startENTRY satisfy 6#true [2019-10-07 00:51:21,205 INFO L193 IcfgInterpreter]: Reachable states at location L32-3 satisfy 136#(and (= |old(~SIZE~0)| 0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= |main_#t~malloc2.offset| 0) (<= ~SIZE~0 100000) (<= 0 main_~i~0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= main_~a~0.offset 0) (<= 0 main_~a~0.offset) (<= 0 |#NULL.base|) (= |main_#t~malloc2.offset| 0) (= ~MAX~0 100000) (<= 0 |main_#t~malloc2.offset|) (<= 0 |old(~SIZE~0)|) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= |old(~SIZE~0)| 0) (= |#NULL.offset| 0) (<= 100000 ~MAX~0)) [2019-10-07 00:51:21,205 INFO L193 IcfgInterpreter]: Reachable states at location __VERIFIER_assertENTRY satisfy 158#(exists ((v_main_~a~0.base_BEFORE_CALL_357 Int) (v_main_~a~0.offset_BEFORE_CALL_357 Int) (v_main_~i~0_BEFORE_CALL_471 Int)) (or (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 1) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471)))) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (<= 100000 ~MAX~0)) (and (<= v_main_~a~0.offset_BEFORE_CALL_357 0) (< v_main_~i~0_BEFORE_CALL_471 ~SIZE~0) (= |#NULL.base| 0) (<= ~MAX~0 100000) (<= ~SIZE~0 100000) (= |__VERIFIER_assert_#in~cond| 0) (<= |#NULL.base| 0) (<= 1 ~SIZE~0) (<= 0 |#NULL.base|) (= ~MAX~0 100000) (<= 0 |#NULL.offset|) (<= |#NULL.offset| 0) (<= 0 v_main_~a~0.offset_BEFORE_CALL_357) (= |#NULL.offset| 0) (<= 0 v_main_~i~0_BEFORE_CALL_471) (not (= 0 (select (select |#memory_int| v_main_~a~0.base_BEFORE_CALL_357) (+ v_main_~a~0.offset_BEFORE_CALL_357 (* 4 v_main_~i~0_BEFORE_CALL_471))))) (<= 100000 ~MAX~0)))) [2019-10-07 00:51:25,914 INFO L211 tionRefinementEngine]: Constructing automaton from 0 perfect and 4 imperfect interpolant sequences. [2019-10-07 00:51:25,915 INFO L224 tionRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [43, 44, 42, 12] total 132 [2019-10-07 00:51:25,916 INFO L442 AbstractCegarLoop]: Interpolant automaton has 132 states [2019-10-07 00:51:25,916 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 132 interpolants. [2019-10-07 00:51:25,918 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=2067, Invalid=15225, Unknown=0, NotChecked=0, Total=17292 [2019-10-07 00:51:25,918 INFO L87 Difference]: Start difference. First operand 90 states and 107 transitions. Second operand 132 states. [2019-10-07 00:51:55,150 WARN L191 SmtUtils]: Spent 102.00 ms on a formula simplification. DAG size of input: 62 DAG size of output: 51