./Ultimate.py --spec ../../sv-benchmarks/c/properties/unreach-call.prp --file ../../sv-benchmarks/c/list-ext3-properties/sll_nondet_insert_false-unreach-call_false-valid-memcleanup.i --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version aa418289 Calling Ultimate with: java -Dosgi.configuration.area=/tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/data/config -Xmx12G -Xms1G -jar /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/data -tc /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/config/AutomizerReach.xml -i ../../sv-benchmarks/c/list-ext3-properties/sll_nondet_insert_false-unreach-call_false-valid-memcleanup.i -s /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(__VERIFIER_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1b97bc973900e2f9596f533e03f1df56d5945f81 ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... Execution finished normally Writing output log to file Ultimate.log Writing human readable error path to file UltimateCounterExample.errorpath Result: FALSE --- Real Ultimate output --- This is Ultimate 0.1.23-aa41828 [2018-11-23 11:59:02,233 INFO L170 SettingsManager]: Resetting all preferences to default values... [2018-11-23 11:59:02,234 INFO L174 SettingsManager]: Resetting UltimateCore preferences to default values [2018-11-23 11:59:02,241 INFO L177 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2018-11-23 11:59:02,241 INFO L174 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2018-11-23 11:59:02,242 INFO L174 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2018-11-23 11:59:02,243 INFO L174 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2018-11-23 11:59:02,244 INFO L174 SettingsManager]: Resetting LassoRanker preferences to default values [2018-11-23 11:59:02,245 INFO L174 SettingsManager]: Resetting Reaching Definitions preferences to default values [2018-11-23 11:59:02,245 INFO L174 SettingsManager]: Resetting SyntaxChecker preferences to default values [2018-11-23 11:59:02,246 INFO L177 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2018-11-23 11:59:02,246 INFO L174 SettingsManager]: Resetting LTL2Aut preferences to default values [2018-11-23 11:59:02,247 INFO L174 SettingsManager]: Resetting PEA to Boogie preferences to default values [2018-11-23 11:59:02,247 INFO L174 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2018-11-23 11:59:02,248 INFO L174 SettingsManager]: Resetting ChcToBoogie preferences to default values [2018-11-23 11:59:02,248 INFO L174 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2018-11-23 11:59:02,249 INFO L174 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2018-11-23 11:59:02,250 INFO L174 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2018-11-23 11:59:02,251 INFO L174 SettingsManager]: Resetting CodeCheck preferences to default values [2018-11-23 11:59:02,252 INFO L174 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2018-11-23 11:59:02,253 INFO L174 SettingsManager]: Resetting RCFGBuilder preferences to default values [2018-11-23 11:59:02,254 INFO L174 SettingsManager]: Resetting TraceAbstraction preferences to default values [2018-11-23 11:59:02,255 INFO L177 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2018-11-23 11:59:02,255 INFO L177 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2018-11-23 11:59:02,255 INFO L174 SettingsManager]: Resetting TreeAutomizer preferences to default values [2018-11-23 11:59:02,257 INFO L174 SettingsManager]: Resetting IcfgTransformer preferences to default values [2018-11-23 11:59:02,257 INFO L174 SettingsManager]: Resetting Boogie Printer preferences to default values [2018-11-23 11:59:02,257 INFO L174 SettingsManager]: Resetting ReqPrinter preferences to default values [2018-11-23 11:59:02,258 INFO L174 SettingsManager]: Resetting Witness Printer preferences to default values [2018-11-23 11:59:02,258 INFO L177 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2018-11-23 11:59:02,259 INFO L174 SettingsManager]: Resetting CDTParser preferences to default values [2018-11-23 11:59:02,259 INFO L177 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2018-11-23 11:59:02,259 INFO L177 SettingsManager]: ReqParser provides no preferences, ignoring... [2018-11-23 11:59:02,259 INFO L174 SettingsManager]: Resetting SmtParser preferences to default values [2018-11-23 11:59:02,259 INFO L174 SettingsManager]: Resetting Witness Parser preferences to default values [2018-11-23 11:59:02,260 INFO L181 SettingsManager]: Finished resetting all preferences to default values... [2018-11-23 11:59:02,260 INFO L98 SettingsManager]: Beginning loading settings from /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/config/svcomp-Reach-32bit-Automizer_Default.epf [2018-11-23 11:59:02,267 INFO L110 SettingsManager]: Loading preferences was successful [2018-11-23 11:59:02,267 INFO L112 SettingsManager]: Preferences different from defaults after loading the file: [2018-11-23 11:59:02,268 INFO L131 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2018-11-23 11:59:02,268 INFO L133 SettingsManager]: * ... calls to implemented procedures=ONLY_FOR_CONCURRENT_PROGRAMS [2018-11-23 11:59:02,268 INFO L131 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2018-11-23 11:59:02,268 INFO L133 SettingsManager]: * Create parallel compositions if possible=false [2018-11-23 11:59:02,268 INFO L133 SettingsManager]: * Use SBE=true [2018-11-23 11:59:02,269 INFO L131 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2018-11-23 11:59:02,269 INFO L133 SettingsManager]: * sizeof long=4 [2018-11-23 11:59:02,269 INFO L133 SettingsManager]: * Overapproximate operations on floating types=true [2018-11-23 11:59:02,269 INFO L133 SettingsManager]: * sizeof POINTER=4 [2018-11-23 11:59:02,269 INFO L133 SettingsManager]: * Check division by zero=IGNORE [2018-11-23 11:59:02,269 INFO L133 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2018-11-23 11:59:02,269 INFO L133 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2018-11-23 11:59:02,270 INFO L133 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2018-11-23 11:59:02,270 INFO L133 SettingsManager]: * sizeof long double=12 [2018-11-23 11:59:02,270 INFO L133 SettingsManager]: * Check if freed pointer was valid=false [2018-11-23 11:59:02,270 INFO L133 SettingsManager]: * Use constant arrays=true [2018-11-23 11:59:02,270 INFO L133 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2018-11-23 11:59:02,270 INFO L131 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2018-11-23 11:59:02,270 INFO L133 SettingsManager]: * Size of a code block=SequenceOfStatements [2018-11-23 11:59:02,271 INFO L133 SettingsManager]: * To the following directory=./dump/ [2018-11-23 11:59:02,271 INFO L133 SettingsManager]: * SMT solver=External_DefaultMode [2018-11-23 11:59:02,271 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:59:02,271 INFO L131 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2018-11-23 11:59:02,271 INFO L133 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2018-11-23 11:59:02,271 INFO L133 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2018-11-23 11:59:02,271 INFO L133 SettingsManager]: * Trace refinement strategy=CAMEL [2018-11-23 11:59:02,272 INFO L133 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2018-11-23 11:59:02,272 INFO L133 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2018-11-23 11:59:02,273 INFO L133 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(__VERIFIER_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1b97bc973900e2f9596f533e03f1df56d5945f81 [2018-11-23 11:59:02,298 INFO L81 nceAwareModelManager]: Repository-Root is: /tmp [2018-11-23 11:59:02,307 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2018-11-23 11:59:02,309 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2018-11-23 11:59:02,311 INFO L271 PluginConnector]: Initializing CDTParser... [2018-11-23 11:59:02,311 INFO L276 PluginConnector]: CDTParser initialized [2018-11-23 11:59:02,311 INFO L418 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/../../sv-benchmarks/c/list-ext3-properties/sll_nondet_insert_false-unreach-call_false-valid-memcleanup.i [2018-11-23 11:59:02,356 INFO L221 CDTParser]: Created temporary CDT project at /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/data/3a6d7d897/4a1e01bf7aba4f03a4b8604c6dfc5b80/FLAGbc1696393 [2018-11-23 11:59:02,790 INFO L307 CDTParser]: Found 1 translation units. [2018-11-23 11:59:02,790 INFO L161 CDTParser]: Scanning /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/sv-benchmarks/c/list-ext3-properties/sll_nondet_insert_false-unreach-call_false-valid-memcleanup.i [2018-11-23 11:59:02,797 INFO L355 CDTParser]: About to delete temporary CDT project at /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/data/3a6d7d897/4a1e01bf7aba4f03a4b8604c6dfc5b80/FLAGbc1696393 [2018-11-23 11:59:02,813 INFO L363 CDTParser]: Successfully deleted /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/data/3a6d7d897/4a1e01bf7aba4f03a4b8604c6dfc5b80 [2018-11-23 11:59:02,816 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2018-11-23 11:59:02,817 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2018-11-23 11:59:02,817 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2018-11-23 11:59:02,817 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2018-11-23 11:59:02,820 INFO L276 PluginConnector]: CACSL2BoogieTranslator initialized [2018-11-23 11:59:02,820 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:59:02" (1/1) ... [2018-11-23 11:59:02,822 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@3b8dd392 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:02, skipping insertion in model container [2018-11-23 11:59:02,822 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 23.11 11:59:02" (1/1) ... [2018-11-23 11:59:02,828 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2018-11-23 11:59:02,859 INFO L176 MainTranslator]: Built tables and reachable declarations [2018-11-23 11:59:03,070 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:59:03,076 INFO L191 MainTranslator]: Completed pre-run [2018-11-23 11:59:03,161 INFO L201 PostProcessor]: Analyzing one entry point: main [2018-11-23 11:59:03,193 INFO L195 MainTranslator]: Completed translation [2018-11-23 11:59:03,194 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03 WrapperNode [2018-11-23 11:59:03,194 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2018-11-23 11:59:03,194 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2018-11-23 11:59:03,195 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2018-11-23 11:59:03,195 INFO L276 PluginConnector]: Boogie Procedure Inliner initialized [2018-11-23 11:59:03,202 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03" (1/1) ... [2018-11-23 11:59:03,211 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03" (1/1) ... [2018-11-23 11:59:03,216 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2018-11-23 11:59:03,216 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2018-11-23 11:59:03,217 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2018-11-23 11:59:03,217 INFO L276 PluginConnector]: Boogie Preprocessor initialized [2018-11-23 11:59:03,222 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03" (1/1) ... [2018-11-23 11:59:03,222 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03" (1/1) ... [2018-11-23 11:59:03,225 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03" (1/1) ... [2018-11-23 11:59:03,225 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03" (1/1) ... [2018-11-23 11:59:03,233 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03" (1/1) ... [2018-11-23 11:59:03,238 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03" (1/1) ... [2018-11-23 11:59:03,240 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03" (1/1) ... [2018-11-23 11:59:03,242 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2018-11-23 11:59:03,243 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2018-11-23 11:59:03,243 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2018-11-23 11:59:03,243 INFO L276 PluginConnector]: RCFGBuilder initialized [2018-11-23 11:59:03,244 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03" (1/1) ... No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2018-11-23 11:59:03,281 INFO L130 BoogieDeclarations]: Found specification of procedure sll_destroy [2018-11-23 11:59:03,282 INFO L138 BoogieDeclarations]: Found implementation of procedure sll_destroy [2018-11-23 11:59:03,282 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.alloc [2018-11-23 11:59:03,282 INFO L130 BoogieDeclarations]: Found specification of procedure sll_length [2018-11-23 11:59:03,282 INFO L138 BoogieDeclarations]: Found implementation of procedure sll_length [2018-11-23 11:59:03,282 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2018-11-23 11:59:03,282 INFO L138 BoogieDeclarations]: Found implementation of procedure exit [2018-11-23 11:59:03,283 INFO L130 BoogieDeclarations]: Found specification of procedure sll_create [2018-11-23 11:59:03,283 INFO L138 BoogieDeclarations]: Found implementation of procedure sll_create [2018-11-23 11:59:03,283 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2018-11-23 11:59:03,283 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2018-11-23 11:59:03,283 INFO L130 BoogieDeclarations]: Found specification of procedure _get_nondet_int [2018-11-23 11:59:03,283 INFO L138 BoogieDeclarations]: Found implementation of procedure _get_nondet_int [2018-11-23 11:59:03,283 INFO L130 BoogieDeclarations]: Found specification of procedure main [2018-11-23 11:59:03,284 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2018-11-23 11:59:03,284 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2018-11-23 11:59:03,284 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2018-11-23 11:59:03,284 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2018-11-23 11:59:03,284 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$ [2018-11-23 11:59:03,284 INFO L130 BoogieDeclarations]: Found specification of procedure sll_insert [2018-11-23 11:59:03,284 INFO L138 BoogieDeclarations]: Found implementation of procedure sll_insert [2018-11-23 11:59:03,285 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2018-11-23 11:59:03,285 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2018-11-23 11:59:03,557 INFO L275 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2018-11-23 11:59:03,557 INFO L280 CfgBuilder]: Removed 6 assue(true) statements. [2018-11-23 11:59:03,558 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:59:03 BoogieIcfgContainer [2018-11-23 11:59:03,558 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2018-11-23 11:59:03,558 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2018-11-23 11:59:03,558 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2018-11-23 11:59:03,560 INFO L276 PluginConnector]: TraceAbstraction initialized [2018-11-23 11:59:03,560 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 23.11 11:59:02" (1/3) ... [2018-11-23 11:59:03,561 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@9866f3 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:59:03, skipping insertion in model container [2018-11-23 11:59:03,561 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 23.11 11:59:03" (2/3) ... [2018-11-23 11:59:03,561 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@9866f3 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 23.11 11:59:03, skipping insertion in model container [2018-11-23 11:59:03,561 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:59:03" (3/3) ... [2018-11-23 11:59:03,562 INFO L112 eAbstractionObserver]: Analyzing ICFG sll_nondet_insert_false-unreach-call_false-valid-memcleanup.i [2018-11-23 11:59:03,568 INFO L156 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2018-11-23 11:59:03,573 INFO L168 ceAbstractionStarter]: Appying trace abstraction to program that has 1 error locations. [2018-11-23 11:59:03,582 INFO L257 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2018-11-23 11:59:03,599 INFO L133 ementStrategyFactory]: Using default assertion order modulation [2018-11-23 11:59:03,599 INFO L382 AbstractCegarLoop]: Interprodecural is true [2018-11-23 11:59:03,599 INFO L383 AbstractCegarLoop]: Hoare is true [2018-11-23 11:59:03,599 INFO L384 AbstractCegarLoop]: Compute interpolants for FPandBP [2018-11-23 11:59:03,599 INFO L385 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2018-11-23 11:59:03,599 INFO L386 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2018-11-23 11:59:03,600 INFO L387 AbstractCegarLoop]: Difference is false [2018-11-23 11:59:03,600 INFO L388 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2018-11-23 11:59:03,600 INFO L393 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2018-11-23 11:59:03,610 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states. [2018-11-23 11:59:03,615 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2018-11-23 11:59:03,616 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:59:03,616 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:59:03,618 INFO L423 AbstractCegarLoop]: === Iteration 1 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:59:03,623 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:59:03,623 INFO L82 PathProgramCache]: Analyzing trace with hash -1255392346, now seen corresponding path program 1 times [2018-11-23 11:59:03,625 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-11-23 11:59:03,625 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-11-23 11:59:03,657 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:03,658 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:03,658 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:03,680 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:03,716 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 3 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2018-11-23 11:59:03,718 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-11-23 11:59:03,718 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/z3 Starting monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-11-23 11:59:03,731 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:03,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:03,765 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:59:03,776 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2018-11-23 11:59:03,798 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 1 imperfect interpolant sequences. [2018-11-23 11:59:03,798 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [2] imperfect sequences [2] total 2 [2018-11-23 11:59:03,802 INFO L459 AbstractCegarLoop]: Interpolant automaton has 2 states [2018-11-23 11:59:03,810 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2018-11-23 11:59:03,810 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:59:03,811 INFO L87 Difference]: Start difference. First operand 67 states. Second operand 2 states. [2018-11-23 11:59:03,831 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:59:03,831 INFO L93 Difference]: Finished difference Result 128 states and 172 transitions. [2018-11-23 11:59:03,831 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2018-11-23 11:59:03,833 INFO L78 Accepts]: Start accepts. Automaton has 2 states. Word has length 37 [2018-11-23 11:59:03,833 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:59:03,839 INFO L225 Difference]: With dead ends: 128 [2018-11-23 11:59:03,839 INFO L226 Difference]: Without dead ends: 53 [2018-11-23 11:59:03,843 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 38 GetRequests, 38 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2018-11-23 11:59:03,854 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 53 states. [2018-11-23 11:59:03,868 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 53 to 53. [2018-11-23 11:59:03,869 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 53 states. [2018-11-23 11:59:03,870 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 53 states to 53 states and 62 transitions. [2018-11-23 11:59:03,871 INFO L78 Accepts]: Start accepts. Automaton has 53 states and 62 transitions. Word has length 37 [2018-11-23 11:59:03,871 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:59:03,871 INFO L480 AbstractCegarLoop]: Abstraction has 53 states and 62 transitions. [2018-11-23 11:59:03,872 INFO L481 AbstractCegarLoop]: Interpolant automaton has 2 states. [2018-11-23 11:59:03,872 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 62 transitions. [2018-11-23 11:59:03,874 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2018-11-23 11:59:03,874 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:59:03,874 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:59:03,874 INFO L423 AbstractCegarLoop]: === Iteration 2 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:59:03,874 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:59:03,875 INFO L82 PathProgramCache]: Analyzing trace with hash 1088704214, now seen corresponding path program 1 times [2018-11-23 11:59:03,875 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-11-23 11:59:03,875 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-11-23 11:59:03,876 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:03,876 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:03,876 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:03,907 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:03,978 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 0 proven. 6 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:59:03,978 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-11-23 11:59:03,978 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/z3 Starting monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-11-23 11:59:03,994 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:04,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:04,024 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:59:04,043 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:59:04,063 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 1 imperfect interpolant sequences. [2018-11-23 11:59:04,064 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [9] imperfect sequences [9] total 9 [2018-11-23 11:59:04,064 INFO L459 AbstractCegarLoop]: Interpolant automaton has 9 states [2018-11-23 11:59:04,064 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2018-11-23 11:59:04,064 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2018-11-23 11:59:04,065 INFO L87 Difference]: Start difference. First operand 53 states and 62 transitions. Second operand 9 states. [2018-11-23 11:59:04,175 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:59:04,176 INFO L93 Difference]: Finished difference Result 95 states and 112 transitions. [2018-11-23 11:59:04,176 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2018-11-23 11:59:04,176 INFO L78 Accepts]: Start accepts. Automaton has 9 states. Word has length 44 [2018-11-23 11:59:04,177 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:59:04,177 INFO L225 Difference]: With dead ends: 95 [2018-11-23 11:59:04,178 INFO L226 Difference]: Without dead ends: 55 [2018-11-23 11:59:04,178 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=71, Unknown=0, NotChecked=0, Total=90 [2018-11-23 11:59:04,179 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 55 states. [2018-11-23 11:59:04,184 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 55 to 55. [2018-11-23 11:59:04,184 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 55 states. [2018-11-23 11:59:04,185 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 55 states to 55 states and 64 transitions. [2018-11-23 11:59:04,186 INFO L78 Accepts]: Start accepts. Automaton has 55 states and 64 transitions. Word has length 44 [2018-11-23 11:59:04,187 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:59:04,187 INFO L480 AbstractCegarLoop]: Abstraction has 55 states and 64 transitions. [2018-11-23 11:59:04,187 INFO L481 AbstractCegarLoop]: Interpolant automaton has 9 states. [2018-11-23 11:59:04,187 INFO L276 IsEmpty]: Start isEmpty. Operand 55 states and 64 transitions. [2018-11-23 11:59:04,188 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2018-11-23 11:59:04,188 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:59:04,188 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:59:04,189 INFO L423 AbstractCegarLoop]: === Iteration 3 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:59:04,189 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:59:04,189 INFO L82 PathProgramCache]: Analyzing trace with hash 78154813, now seen corresponding path program 1 times [2018-11-23 11:59:04,189 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-11-23 11:59:04,189 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-11-23 11:59:04,190 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:04,190 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:04,190 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:04,211 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:04,331 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2018-11-23 11:59:04,331 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2018-11-23 11:59:04,331 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2018-11-23 11:59:04,332 INFO L459 AbstractCegarLoop]: Interpolant automaton has 10 states [2018-11-23 11:59:04,332 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2018-11-23 11:59:04,332 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2018-11-23 11:59:04,332 INFO L87 Difference]: Start difference. First operand 55 states and 64 transitions. Second operand 10 states. [2018-11-23 11:59:04,498 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:59:04,498 INFO L93 Difference]: Finished difference Result 77 states and 91 transitions. [2018-11-23 11:59:04,499 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2018-11-23 11:59:04,499 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 48 [2018-11-23 11:59:04,500 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:59:04,502 INFO L225 Difference]: With dead ends: 77 [2018-11-23 11:59:04,502 INFO L226 Difference]: Without dead ends: 73 [2018-11-23 11:59:04,503 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=35, Invalid=147, Unknown=0, NotChecked=0, Total=182 [2018-11-23 11:59:04,503 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 73 states. [2018-11-23 11:59:04,511 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 73 to 64. [2018-11-23 11:59:04,511 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 64 states. [2018-11-23 11:59:04,513 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 64 states to 64 states and 77 transitions. [2018-11-23 11:59:04,513 INFO L78 Accepts]: Start accepts. Automaton has 64 states and 77 transitions. Word has length 48 [2018-11-23 11:59:04,513 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:59:04,513 INFO L480 AbstractCegarLoop]: Abstraction has 64 states and 77 transitions. [2018-11-23 11:59:04,514 INFO L481 AbstractCegarLoop]: Interpolant automaton has 10 states. [2018-11-23 11:59:04,514 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 77 transitions. [2018-11-23 11:59:04,515 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 50 [2018-11-23 11:59:04,515 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:59:04,515 INFO L402 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:59:04,515 INFO L423 AbstractCegarLoop]: === Iteration 4 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:59:04,515 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:59:04,515 INFO L82 PathProgramCache]: Analyzing trace with hash 455412652, now seen corresponding path program 1 times [2018-11-23 11:59:04,516 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-11-23 11:59:04,516 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-11-23 11:59:04,519 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:04,519 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:04,519 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:04,536 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:04,624 INFO L134 CoverageAnalysis]: Checked inductivity of 10 backedges. 0 proven. 8 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2018-11-23 11:59:04,624 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-11-23 11:59:04,625 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/z3 Starting monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-11-23 11:59:04,631 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:04,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:04,655 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:59:04,671 INFO L134 CoverageAnalysis]: Checked inductivity of 10 backedges. 7 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2018-11-23 11:59:04,688 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:59:04,688 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 10] total 10 [2018-11-23 11:59:04,689 INFO L459 AbstractCegarLoop]: Interpolant automaton has 10 states [2018-11-23 11:59:04,689 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2018-11-23 11:59:04,689 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=72, Unknown=0, NotChecked=0, Total=90 [2018-11-23 11:59:04,689 INFO L87 Difference]: Start difference. First operand 64 states and 77 transitions. Second operand 10 states. [2018-11-23 11:59:04,792 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:59:04,792 INFO L93 Difference]: Finished difference Result 117 states and 142 transitions. [2018-11-23 11:59:04,793 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2018-11-23 11:59:04,793 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 49 [2018-11-23 11:59:04,794 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:59:04,794 INFO L225 Difference]: With dead ends: 117 [2018-11-23 11:59:04,795 INFO L226 Difference]: Without dead ends: 68 [2018-11-23 11:59:04,795 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 60 GetRequests, 50 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=26, Invalid=106, Unknown=0, NotChecked=0, Total=132 [2018-11-23 11:59:04,795 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 68 states. [2018-11-23 11:59:04,803 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 68 to 68. [2018-11-23 11:59:04,803 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 68 states. [2018-11-23 11:59:04,804 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 68 states to 68 states and 81 transitions. [2018-11-23 11:59:04,804 INFO L78 Accepts]: Start accepts. Automaton has 68 states and 81 transitions. Word has length 49 [2018-11-23 11:59:04,804 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:59:04,804 INFO L480 AbstractCegarLoop]: Abstraction has 68 states and 81 transitions. [2018-11-23 11:59:04,805 INFO L481 AbstractCegarLoop]: Interpolant automaton has 10 states. [2018-11-23 11:59:04,805 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 81 transitions. [2018-11-23 11:59:04,806 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2018-11-23 11:59:04,806 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:59:04,806 INFO L402 BasicCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:59:04,806 INFO L423 AbstractCegarLoop]: === Iteration 5 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:59:04,806 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:59:04,807 INFO L82 PathProgramCache]: Analyzing trace with hash -649980251, now seen corresponding path program 2 times [2018-11-23 11:59:04,807 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-11-23 11:59:04,807 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-11-23 11:59:04,810 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:04,810 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:04,810 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:04,823 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:04,927 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 4 proven. 5 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2018-11-23 11:59:04,927 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-11-23 11:59:04,927 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/z3 Starting monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-11-23 11:59:04,934 INFO L103 rtionOrderModulation]: Keeping assertion order OUTSIDE_LOOP_FIRST1 [2018-11-23 11:59:04,957 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2018-11-23 11:59:04,957 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-11-23 11:59:04,960 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:59:05,030 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 10 trivial. 0 not checked. [2018-11-23 11:59:05,047 INFO L312 seRefinementStrategy]: Constructing automaton from 1 perfect and 1 imperfect interpolant sequences. [2018-11-23 11:59:05,047 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [7] imperfect sequences [12] total 17 [2018-11-23 11:59:05,047 INFO L459 AbstractCegarLoop]: Interpolant automaton has 17 states [2018-11-23 11:59:05,048 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 17 interpolants. [2018-11-23 11:59:05,048 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=31, Invalid=241, Unknown=0, NotChecked=0, Total=272 [2018-11-23 11:59:05,048 INFO L87 Difference]: Start difference. First operand 68 states and 81 transitions. Second operand 17 states. [2018-11-23 11:59:05,367 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:59:05,367 INFO L93 Difference]: Finished difference Result 140 states and 175 transitions. [2018-11-23 11:59:05,367 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2018-11-23 11:59:05,367 INFO L78 Accepts]: Start accepts. Automaton has 17 states. Word has length 53 [2018-11-23 11:59:05,367 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:59:05,368 INFO L225 Difference]: With dead ends: 140 [2018-11-23 11:59:05,368 INFO L226 Difference]: Without dead ends: 99 [2018-11-23 11:59:05,369 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 75 GetRequests, 49 SyntacticMatches, 0 SemanticMatches, 26 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 50 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=87, Invalid=669, Unknown=0, NotChecked=0, Total=756 [2018-11-23 11:59:05,369 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 99 states. [2018-11-23 11:59:05,378 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 99 to 80. [2018-11-23 11:59:05,378 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 80 states. [2018-11-23 11:59:05,379 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 80 states to 80 states and 98 transitions. [2018-11-23 11:59:05,379 INFO L78 Accepts]: Start accepts. Automaton has 80 states and 98 transitions. Word has length 53 [2018-11-23 11:59:05,379 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:59:05,379 INFO L480 AbstractCegarLoop]: Abstraction has 80 states and 98 transitions. [2018-11-23 11:59:05,379 INFO L481 AbstractCegarLoop]: Interpolant automaton has 17 states. [2018-11-23 11:59:05,379 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 98 transitions. [2018-11-23 11:59:05,380 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 55 [2018-11-23 11:59:05,380 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:59:05,381 INFO L402 BasicCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:59:05,381 INFO L423 AbstractCegarLoop]: === Iteration 6 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:59:05,381 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:59:05,381 INFO L82 PathProgramCache]: Analyzing trace with hash -1653055102, now seen corresponding path program 1 times [2018-11-23 11:59:05,381 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-11-23 11:59:05,381 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-11-23 11:59:05,382 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:05,382 INFO L101 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2018-11-23 11:59:05,383 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:05,397 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:05,623 INFO L134 CoverageAnalysis]: Checked inductivity of 18 backedges. 0 proven. 3 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2018-11-23 11:59:05,623 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-11-23 11:59:05,623 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/z3 Starting monitored process 6 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-11-23 11:59:05,640 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:05,669 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:05,673 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:59:05,757 INFO L134 CoverageAnalysis]: Checked inductivity of 18 backedges. 0 proven. 3 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2018-11-23 11:59:05,773 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:59:05,773 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [13, 13] total 14 [2018-11-23 11:59:05,773 INFO L459 AbstractCegarLoop]: Interpolant automaton has 14 states [2018-11-23 11:59:05,773 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2018-11-23 11:59:05,773 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=152, Unknown=0, NotChecked=0, Total=182 [2018-11-23 11:59:05,774 INFO L87 Difference]: Start difference. First operand 80 states and 98 transitions. Second operand 14 states. [2018-11-23 11:59:05,927 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:59:05,927 INFO L93 Difference]: Finished difference Result 126 states and 161 transitions. [2018-11-23 11:59:05,928 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2018-11-23 11:59:05,928 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 54 [2018-11-23 11:59:05,928 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:59:05,929 INFO L225 Difference]: With dead ends: 126 [2018-11-23 11:59:05,929 INFO L226 Difference]: Without dead ends: 122 [2018-11-23 11:59:05,930 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 70 GetRequests, 50 SyntacticMatches, 6 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 19 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=38, Invalid=202, Unknown=0, NotChecked=0, Total=240 [2018-11-23 11:59:05,930 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 122 states. [2018-11-23 11:59:05,942 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 122 to 94. [2018-11-23 11:59:05,942 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 94 states. [2018-11-23 11:59:05,943 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 94 states to 94 states and 118 transitions. [2018-11-23 11:59:05,943 INFO L78 Accepts]: Start accepts. Automaton has 94 states and 118 transitions. Word has length 54 [2018-11-23 11:59:05,944 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:59:05,944 INFO L480 AbstractCegarLoop]: Abstraction has 94 states and 118 transitions. [2018-11-23 11:59:05,944 INFO L481 AbstractCegarLoop]: Interpolant automaton has 14 states. [2018-11-23 11:59:05,944 INFO L276 IsEmpty]: Start isEmpty. Operand 94 states and 118 transitions. [2018-11-23 11:59:05,945 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2018-11-23 11:59:05,945 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:59:05,945 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:59:05,945 INFO L423 AbstractCegarLoop]: === Iteration 7 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:59:05,946 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:59:05,946 INFO L82 PathProgramCache]: Analyzing trace with hash -1672487161, now seen corresponding path program 2 times [2018-11-23 11:59:05,946 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-11-23 11:59:05,946 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-11-23 11:59:05,947 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:05,947 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:05,947 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:05,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:06,137 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 0 proven. 14 refuted. 0 times theorem prover too weak. 7 trivial. 0 not checked. [2018-11-23 11:59:06,138 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-11-23 11:59:06,138 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/z3 Starting monitored process 7 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-11-23 11:59:06,144 INFO L103 rtionOrderModulation]: Keeping assertion order OUTSIDE_LOOP_FIRST1 [2018-11-23 11:59:06,161 INFO L249 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2018-11-23 11:59:06,162 INFO L250 tOrderPrioritization]: Conjunction of SSA is unsat [2018-11-23 11:59:06,164 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:59:06,180 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2018-11-23 11:59:06,182 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,189 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,189 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:13, output treesize:12 [2018-11-23 11:59:06,195 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:59:06,197 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:59:06,197 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,199 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,209 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 8 [2018-11-23 11:59:06,212 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:59:06,212 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,213 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,217 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,217 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 2 variables, input treesize:28, output treesize:20 [2018-11-23 11:59:06,223 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:59:06,223 INFO L701 Elim1Store]: detected not equals via solver [2018-11-23 11:59:06,224 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 11 treesize of output 4 [2018-11-23 11:59:06,224 INFO L267 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,230 INFO L267 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,230 INFO L202 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:25, output treesize:19 [2018-11-23 11:59:06,252 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 20 [2018-11-23 11:59:06,254 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:59:06,254 INFO L267 ElimStorePlain]: Start of recursive call 3: End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,257 INFO L267 ElimStorePlain]: Start of recursive call 2: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,267 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 19 treesize of output 24 [2018-11-23 11:59:06,269 INFO L478 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 8 treesize of output 7 [2018-11-23 11:59:06,269 INFO L267 ElimStorePlain]: Start of recursive call 5: End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,272 INFO L267 ElimStorePlain]: Start of recursive call 4: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,277 INFO L267 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 2 dim-2 vars, End of recursive call: and 1 xjuncts. [2018-11-23 11:59:06,277 INFO L202 ElimStorePlain]: Needed 5 recursive calls to eliminate 4 variables, input treesize:41, output treesize:39 [2018-11-23 11:59:07,691 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 7 proven. 14 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2018-11-23 11:59:07,706 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:59:07,707 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [15, 16] total 26 [2018-11-23 11:59:07,707 INFO L459 AbstractCegarLoop]: Interpolant automaton has 26 states [2018-11-23 11:59:07,707 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 26 interpolants. [2018-11-23 11:59:07,707 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=66, Invalid=578, Unknown=6, NotChecked=0, Total=650 [2018-11-23 11:59:07,707 INFO L87 Difference]: Start difference. First operand 94 states and 118 transitions. Second operand 26 states. [2018-11-23 11:59:08,359 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:59:08,359 INFO L93 Difference]: Finished difference Result 173 states and 212 transitions. [2018-11-23 11:59:08,359 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2018-11-23 11:59:08,359 INFO L78 Accepts]: Start accepts. Automaton has 26 states. Word has length 55 [2018-11-23 11:59:08,360 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:59:08,361 INFO L225 Difference]: With dead ends: 173 [2018-11-23 11:59:08,361 INFO L226 Difference]: Without dead ends: 153 [2018-11-23 11:59:08,361 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 72 GetRequests, 37 SyntacticMatches, 8 SemanticMatches, 27 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 157 ImplicationChecksByTransitivity, 1.6s TimeCoverageRelationStatistics Valid=84, Invalid=721, Unknown=7, NotChecked=0, Total=812 [2018-11-23 11:59:08,362 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 153 states. [2018-11-23 11:59:08,375 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 153 to 136. [2018-11-23 11:59:08,376 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 136 states. [2018-11-23 11:59:08,377 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 136 states to 136 states and 171 transitions. [2018-11-23 11:59:08,377 INFO L78 Accepts]: Start accepts. Automaton has 136 states and 171 transitions. Word has length 55 [2018-11-23 11:59:08,377 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:59:08,377 INFO L480 AbstractCegarLoop]: Abstraction has 136 states and 171 transitions. [2018-11-23 11:59:08,377 INFO L481 AbstractCegarLoop]: Interpolant automaton has 26 states. [2018-11-23 11:59:08,377 INFO L276 IsEmpty]: Start isEmpty. Operand 136 states and 171 transitions. [2018-11-23 11:59:08,379 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2018-11-23 11:59:08,379 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:59:08,379 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:59:08,379 INFO L423 AbstractCegarLoop]: === Iteration 8 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:59:08,379 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:59:08,379 INFO L82 PathProgramCache]: Analyzing trace with hash 542766457, now seen corresponding path program 1 times [2018-11-23 11:59:08,379 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-11-23 11:59:08,380 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-11-23 11:59:08,381 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:08,381 INFO L101 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2018-11-23 11:59:08,381 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:08,390 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:08,467 INFO L134 CoverageAnalysis]: Checked inductivity of 24 backedges. 0 proven. 12 refuted. 0 times theorem prover too weak. 12 trivial. 0 not checked. [2018-11-23 11:59:08,467 INFO L300 seRefinementStrategy]: The current sequences of interpolants are not accepted, trying to find more. [2018-11-23 11:59:08,467 INFO L223 ckRefinementStrategy]: Switched to mode Z3_FP No working directory specified, using /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/z3 Starting monitored process 8 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 8 with z3 -smt2 -in SMTLIB2_COMPLIANT=true -t:12000 [2018-11-23 11:59:08,473 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:08,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2018-11-23 11:59:08,494 INFO L273 TraceCheckSpWp]: Computing forward predicates... [2018-11-23 11:59:08,544 INFO L134 CoverageAnalysis]: Checked inductivity of 24 backedges. 1 proven. 11 refuted. 0 times theorem prover too weak. 12 trivial. 0 not checked. [2018-11-23 11:59:08,559 INFO L312 seRefinementStrategy]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2018-11-23 11:59:08,559 INFO L327 seRefinementStrategy]: Number of different interpolants: perfect sequences [] imperfect sequences [10, 10] total 14 [2018-11-23 11:59:08,559 INFO L459 AbstractCegarLoop]: Interpolant automaton has 14 states [2018-11-23 11:59:08,559 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2018-11-23 11:59:08,559 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=32, Invalid=150, Unknown=0, NotChecked=0, Total=182 [2018-11-23 11:59:08,560 INFO L87 Difference]: Start difference. First operand 136 states and 171 transitions. Second operand 14 states. [2018-11-23 11:59:08,791 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2018-11-23 11:59:08,791 INFO L93 Difference]: Finished difference Result 271 states and 356 transitions. [2018-11-23 11:59:08,792 INFO L142 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2018-11-23 11:59:08,792 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 57 [2018-11-23 11:59:08,799 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2018-11-23 11:59:08,801 INFO L225 Difference]: With dead ends: 271 [2018-11-23 11:59:08,801 INFO L226 Difference]: Without dead ends: 186 [2018-11-23 11:59:08,802 INFO L631 BasicCegarLoop]: 0 DeclaredPredicates, 74 GetRequests, 54 SyntacticMatches, 0 SemanticMatches, 20 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 44 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=102, Invalid=360, Unknown=0, NotChecked=0, Total=462 [2018-11-23 11:59:08,802 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 186 states. [2018-11-23 11:59:08,820 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 186 to 157. [2018-11-23 11:59:08,820 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 157 states. [2018-11-23 11:59:08,821 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 157 states to 157 states and 201 transitions. [2018-11-23 11:59:08,822 INFO L78 Accepts]: Start accepts. Automaton has 157 states and 201 transitions. Word has length 57 [2018-11-23 11:59:08,822 INFO L84 Accepts]: Finished accepts. word is rejected. [2018-11-23 11:59:08,822 INFO L480 AbstractCegarLoop]: Abstraction has 157 states and 201 transitions. [2018-11-23 11:59:08,822 INFO L481 AbstractCegarLoop]: Interpolant automaton has 14 states. [2018-11-23 11:59:08,822 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 201 transitions. [2018-11-23 11:59:08,823 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 58 [2018-11-23 11:59:08,823 INFO L394 BasicCegarLoop]: Found error trace [2018-11-23 11:59:08,823 INFO L402 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2018-11-23 11:59:08,824 INFO L423 AbstractCegarLoop]: === Iteration 9 === [mainErr0ASSERT_VIOLATIONERROR_FUNCTION]=== [2018-11-23 11:59:08,826 INFO L141 PredicateUnifier]: Initialized classic predicate unifier [2018-11-23 11:59:08,826 INFO L82 PathProgramCache]: Analyzing trace with hash 965468283, now seen corresponding path program 1 times [2018-11-23 11:59:08,826 INFO L223 ckRefinementStrategy]: Switched to mode SMTINTERPOL_TREE_INTERPOLANTS [2018-11-23 11:59:08,826 INFO L69 tionRefinementEngine]: Using refinement strategy CamelRefinementStrategy [2018-11-23 11:59:08,827 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:08,827 INFO L103 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2018-11-23 11:59:08,827 INFO L119 rtionOrderModulation]: Craig_TreeInterpolation forces the order to NOT_INCREMENTALLY [2018-11-23 11:59:08,838 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2018-11-23 11:59:08,849 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2018-11-23 11:59:08,870 INFO L469 BasicCegarLoop]: Counterexample might be feasible ----- class de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder.RCFGBacktranslator [?] CALL call ULTIMATE.init(); VAL [|#NULL.base|=8, |#NULL.offset|=5, |old(#NULL.base)|=8, |old(#NULL.offset)|=5] [?] #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0]; VAL [|#NULL.base|=0, |#NULL.offset|=0, |old(#NULL.base)|=8, |old(#NULL.offset)|=5] [?] assume true; VAL [|#NULL.base|=0, |#NULL.offset|=0, |old(#NULL.base)|=8, |old(#NULL.offset)|=5] [?] RET #176#return; VAL [|#NULL.base|=0, |#NULL.offset|=0] [?] CALL call #t~ret24 := main(); VAL [|#NULL.base|=0, |#NULL.offset|=0] [?] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [|#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5] [?] ~from := #in~from;~until := #in~until;~len~1 := ~from; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5] [?] #t~short12 := ~len~1 < ~until; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5, |_get_nondet_int_#t~short12|=true] [?] assume #t~short12;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647;#t~short12 := 0 != #t~nondet11; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5, |_get_nondet_int_#t~nondet11|=0, |_get_nondet_int_#t~short12|=false] [?] assume !#t~short12;havoc #t~nondet11;havoc #t~short12; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5] [?] #res := ~len~1; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5, |_get_nondet_int_#res|=2] [?] assume true; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5, |_get_nondet_int_#res|=2] [?] RET #158#return; VAL [|#NULL.base|=0, |#NULL.offset|=0, |main_#t~ret14|=2] [?] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647;~len~2 := #t~ret14;havoc #t~ret14;call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4); VAL [main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] CALL call #t~ret15.base, #t~ret15.offset := sll_create(~len~2); VAL [|#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2] [?] ~len := #in~len;~head~0.base, ~head~0.offset := 0, 0; VAL [sll_create_~head~0.base=0, sll_create_~head~0.offset=0, sll_create_~len=2, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2] [?] #t~post2 := ~len;~len := #t~post2 - 1; VAL [sll_create_~head~0.base=0, sll_create_~head~0.offset=0, sll_create_~len=1, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~post2|=2] [?] assume !!(#t~post2 > 0);havoc #t~post2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [sll_create_~head~0.base=0, sll_create_~head~0.offset=0, sll_create_~len=1, sll_create_~new_head~0.base=6, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=6, |sll_create_#t~malloc3.offset|=0] [?] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [sll_create_~head~0.base=0, sll_create_~head~0.offset=0, sll_create_~len=1, sll_create_~new_head~0.base=6, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=6, |sll_create_#t~malloc3.offset|=0] [?] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4);~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [sll_create_~head~0.base=6, sll_create_~head~0.offset=0, sll_create_~len=1, sll_create_~new_head~0.base=6, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=6, |sll_create_#t~malloc3.offset|=0] [?] #t~post2 := ~len;~len := #t~post2 - 1; VAL [sll_create_~head~0.base=6, sll_create_~head~0.offset=0, sll_create_~len=0, sll_create_~new_head~0.base=6, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=6, |sll_create_#t~malloc3.offset|=0, |sll_create_#t~post2|=1] [?] assume !!(#t~post2 > 0);havoc #t~post2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [sll_create_~head~0.base=6, sll_create_~head~0.offset=0, sll_create_~len=0, sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [sll_create_~head~0.base=6, sll_create_~head~0.offset=0, sll_create_~len=0, sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4);~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [sll_create_~head~0.base=9, sll_create_~head~0.offset=0, sll_create_~len=0, sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] #t~post2 := ~len;~len := #t~post2 - 1; VAL [sll_create_~head~0.base=9, sll_create_~head~0.offset=0, sll_create_~len=(- 1), sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0, |sll_create_#t~post2|=0] [?] assume !(#t~post2 > 0);havoc #t~post2; VAL [sll_create_~head~0.base=9, sll_create_~head~0.offset=0, sll_create_~len=(- 1), sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [sll_create_~head~0.base=9, sll_create_~head~0.offset=0, sll_create_~len=(- 1), sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#res.base|=9, |sll_create_#res.offset|=0, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] assume true; VAL [sll_create_~head~0.base=9, sll_create_~head~0.offset=0, sll_create_~len=(- 1), sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#res.base|=9, |sll_create_#res.offset|=0, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] RET #160#return; VAL [main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~ret15.base|=9, |main_#t~ret15.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] call write~init~$Pointer$(#t~ret15.base, #t~ret15.offset, ~#s~0.base, ~#s~0.offset, 4);havoc #t~ret15.base, #t~ret15.offset; VAL [main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [|#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1] [?] ~from := #in~from;~until := #in~until;~len~1 := ~from; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=0, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1] [?] #t~short12 := ~len~1 < ~until; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=0, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#t~short12|=true] [?] assume #t~short12;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647;#t~short12 := 0 != #t~nondet11; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=0, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#t~nondet11|=1, |_get_nondet_int_#t~short12|=true] [?] assume !!#t~short12;havoc #t~nondet11;havoc #t~short12;#t~post13 := ~len~1;~len~1 := 1 + #t~post13;havoc #t~post13; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1] [?] #t~short12 := ~len~1 < ~until; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#t~short12|=false] [?] assume !#t~short12; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#t~short12|=false] [?] assume !#t~short12;havoc #t~nondet11;havoc #t~short12; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1] [?] #res := ~len~1; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#res|=1] [?] assume true; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#res|=1] [?] RET #162#return; VAL [main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~ret16|=1, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647;~k~0 := #t~ret16;havoc #t~ret16;~i~0 := 0; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] #t~short18 := ~i~0 < ~k~0; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~short18|=true, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume #t~short18;assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647;#t~short18 := 0 != #t~nondet17; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~nondet17|=0, |main_#t~short18|=false, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume !#t~short18;havoc #t~short18;havoc #t~nondet17; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4); VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~mem21.base|=9, |main_#t~mem21.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] CALL call #t~ret22 := sll_length(#t~mem21.base, #t~mem21.offset); VAL [|#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0] [?] ~head.base, ~head.offset := #in~head.base, #in~head.offset;~len~0 := 0; VAL [sll_length_~head.base=9, sll_length_~head.offset=0, sll_length_~len~0=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0] [?] assume !!(~head.base != 0 || ~head.offset != 0);#t~post4 := ~len~0;~len~0 := 1 + #t~post4;havoc #t~post4;call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4);~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset;havoc #t~mem5.base, #t~mem5.offset; VAL [sll_length_~head.base=6, sll_length_~head.offset=0, sll_length_~len~0=1, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0] [?] assume !!(~head.base != 0 || ~head.offset != 0);#t~post4 := ~len~0;~len~0 := 1 + #t~post4;havoc #t~post4;call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4);~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset;havoc #t~mem5.base, #t~mem5.offset; VAL [sll_length_~head.base=0, sll_length_~head.offset=0, sll_length_~len~0=2, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0] [?] assume !(~head.base != 0 || ~head.offset != 0); VAL [sll_length_~head.base=0, sll_length_~head.offset=0, sll_length_~len~0=2, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0] [?] #res := ~len~0; VAL [sll_length_~head.base=0, sll_length_~head.offset=0, sll_length_~len~0=2, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0, |sll_length_#res|=2] [?] assume true; VAL [sll_length_~head.base=0, sll_length_~head.offset=0, sll_length_~len~0=2, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0, |sll_length_#res|=2] [?] RET #168#return; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~mem21.base|=9, |main_#t~mem21.offset|=0, |main_#t~ret22|=2, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~mem21.base|=9, |main_#t~mem21.offset|=0, |main_#t~ret22|=2, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume ~k~0 + ~len~2 != #t~ret22;havoc #t~mem21.base, #t~mem21.offset;havoc #t~ret22; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume !false; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] CALL call ULTIMATE.init(); VAL [#NULL.base=8, #NULL.offset=5, old(#NULL.base)=8, old(#NULL.offset)=5] [?] #NULL.base, #NULL.offset := 0, 0; [?] #valid := #valid[0 := 0]; VAL [#NULL.base=0, #NULL.offset=0, old(#NULL.base)=8, old(#NULL.offset)=5] [?] ensures true; VAL [#NULL.base=0, #NULL.offset=0, old(#NULL.base)=8, old(#NULL.offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL.base=0, #NULL.offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL.base=0, #NULL.offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] assume #t~short12; [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] assume !#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L608-L614] ensures true; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL.base=0, #NULL.offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4); VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L617] CALL call #t~ret15.base, #t~ret15.offset := sll_create(~len~2); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0.base, ~head~0.offset := 0, 0; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~post2=2, ~head~0.base=0, ~head~0.offset=0, ~len=1] [L565-L572] assume !!(#t~post2 > 0); [L565] havoc #t~post2; [L566] call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4); [L566] ~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L567-L569] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L570] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4); [L571] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, #t~post2=1, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=6, ~new_head~0.offset=0] [L565-L572] assume !!(#t~post2 > 0); [L565] havoc #t~post2; [L566] call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4); [L566] ~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L567-L569] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L570] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4); [L571] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, #t~post2=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L565-L572] assume !(#t~post2 > 0); [L565] havoc #t~post2; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L573] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #res.base=9, #res.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L563-L574] ensures true; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #res.base=9, #res.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L617] RET call #t~ret15.base, #t~ret15.offset := sll_create(~len~2); VAL [#NULL.base=0, #NULL.offset=0, #t~ret15.base=9, #t~ret15.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L617] call write~init~$Pointer$(#t~ret15.base, #t~ret15.offset, ~#s~0.base, ~#s~0.offset, 4); [L617] havoc #t~ret15.base, #t~ret15.offset; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] assume #t~short12; [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] assume !!#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] assume !#t~short12; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] assume !#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L608-L614] ensures true; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL.base=0, #NULL.offset=0, #t~ret16=1, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL.base=0, #NULL.offset=0, #t~short18=true, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] assume #t~short18; [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL.base=0, #NULL.offset=0, #t~nondet17=0, #t~short18=false, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] assume !#t~short18; [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4); VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21.base, #t~mem21.offset); VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0] [L575-L582] ~head.base, ~head.offset := #in~head.base, #in~head.offset; [L576] ~len~0 := 0; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=9, ~head.offset=0, ~len~0=0] [L577-L580] assume !!(~head.base != 0 || ~head.offset != 0); [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4); [L579] ~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset; [L579] havoc #t~mem5.base, #t~mem5.offset; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=6, ~head.offset=0, ~len~0=1] [L577-L580] assume !!(~head.base != 0 || ~head.offset != 0); [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4); [L579] ~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset; [L579] havoc #t~mem5.base, #t~mem5.offset; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=0, ~head.offset=0, ~len~0=2] [L577-L580] assume !(~head.base != 0 || ~head.offset != 0); VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=0, ~head.offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, #res=2, ~head.base=0, ~head.offset=0, ~len~0=2] [L575-L582] ensures true; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, #res=2, ~head.base=0, ~head.offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21.base, #t~mem21.offset); VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, #t~ret22=2, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, #t~ret22=2, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625-L627] assume ~k~0 + ~len~2 != #t~ret22; [L625] havoc #t~mem21.base, #t~mem21.offset; [L625] havoc #t~ret22; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] ----- ----- class de.uni_freiburg.informatik.ultimate.boogie.preprocessor.BoogiePreprocessorBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL.base=8, #NULL.offset=5, old(#NULL.base)=8, old(#NULL.offset)=5] [?] #NULL.base, #NULL.offset := 0, 0; [?] #valid := #valid[0 := 0]; VAL [#NULL.base=0, #NULL.offset=0, old(#NULL.base)=8, old(#NULL.offset)=5] [?] ensures true; VAL [#NULL.base=0, #NULL.offset=0, old(#NULL.base)=8, old(#NULL.offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL.base=0, #NULL.offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL.base=0, #NULL.offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] assume #t~short12; [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] assume !#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L608-L614] ensures true; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL.base=0, #NULL.offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4); VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L617] CALL call #t~ret15.base, #t~ret15.offset := sll_create(~len~2); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0.base, ~head~0.offset := 0, 0; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~post2=2, ~head~0.base=0, ~head~0.offset=0, ~len=1] [L565-L572] assume !!(#t~post2 > 0); [L565] havoc #t~post2; [L566] call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4); [L566] ~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L567-L569] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L570] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4); [L571] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, #t~post2=1, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=6, ~new_head~0.offset=0] [L565-L572] assume !!(#t~post2 > 0); [L565] havoc #t~post2; [L566] call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4); [L566] ~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L567-L569] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L570] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4); [L571] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, #t~post2=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L565-L572] assume !(#t~post2 > 0); [L565] havoc #t~post2; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L573] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #res.base=9, #res.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L563-L574] ensures true; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #res.base=9, #res.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L617] RET call #t~ret15.base, #t~ret15.offset := sll_create(~len~2); VAL [#NULL.base=0, #NULL.offset=0, #t~ret15.base=9, #t~ret15.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L617] call write~init~$Pointer$(#t~ret15.base, #t~ret15.offset, ~#s~0.base, ~#s~0.offset, 4); [L617] havoc #t~ret15.base, #t~ret15.offset; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] assume #t~short12; [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] assume !!#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] assume !#t~short12; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] assume !#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L608-L614] ensures true; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL.base=0, #NULL.offset=0, #t~ret16=1, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL.base=0, #NULL.offset=0, #t~short18=true, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] assume #t~short18; [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL.base=0, #NULL.offset=0, #t~nondet17=0, #t~short18=false, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] assume !#t~short18; [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4); VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21.base, #t~mem21.offset); VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0] [L575-L582] ~head.base, ~head.offset := #in~head.base, #in~head.offset; [L576] ~len~0 := 0; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=9, ~head.offset=0, ~len~0=0] [L577-L580] assume !!(~head.base != 0 || ~head.offset != 0); [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4); [L579] ~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset; [L579] havoc #t~mem5.base, #t~mem5.offset; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=6, ~head.offset=0, ~len~0=1] [L577-L580] assume !!(~head.base != 0 || ~head.offset != 0); [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4); [L579] ~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset; [L579] havoc #t~mem5.base, #t~mem5.offset; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=0, ~head.offset=0, ~len~0=2] [L577-L580] assume !(~head.base != 0 || ~head.offset != 0); VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=0, ~head.offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, #res=2, ~head.base=0, ~head.offset=0, ~len~0=2] [L575-L582] ensures true; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, #res=2, ~head.base=0, ~head.offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21.base, #t~mem21.offset); VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, #t~ret22=2, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, #t~ret22=2, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625-L627] assume ~k~0 + ~len~2 != #t~ret22; [L625] havoc #t~mem21.base, #t~mem21.offset; [L625] havoc #t~ret22; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [?] CALL call ULTIMATE.init(); VAL [#NULL!base=8, #NULL!offset=5, old(#NULL!base)=8, old(#NULL!offset)=5] [?] #NULL := { base: 0, offset: 0 }; [?] #valid[0] := 0; VAL [#NULL!base=0, #NULL!offset=0, old(#NULL!base)=8, old(#NULL!offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0, #NULL!offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL!base=0, #NULL!offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL!base=0, #NULL!offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] FCALL call ~#s~0 := #Ultimate.alloc(4); VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] CALL call #t~ret15 := sll_create(~len~2); VAL [#in~len=2, #NULL!base=0, #NULL!offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0 := { base: 0, offset: 0 }; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~post2=2, ~head~0!base=0, ~head~0!offset=0, ~len=1] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, #t~post2=1, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=6, ~new_head~0!offset=0] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, #t~post2=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L565-L572] COND TRUE !(#t~post2 > 0) [L565] havoc #t~post2; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L573] #res := ~head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #res!base=9, #res!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L617] RET call #t~ret15 := sll_create(~len~2); VAL [#NULL!base=0, #NULL!offset=0, #t~ret15!base=9, #t~ret15!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] FCALL call write~init~$Pointer$(#t~ret15, ~#s~0, 4); [L617] havoc #t~ret15; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] COND FALSE !(!#t~short12) [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] COND FALSE !(#t~short12) VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL!base=0, #NULL!offset=0, #t~ret16=1, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL!base=0, #NULL!offset=0, #t~short18=true, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] COND TRUE #t~short18 [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, #t~nondet17=0, #t~short18=false, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] COND TRUE !#t~short18 [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] FCALL call #t~mem21 := read~$Pointer$(~#s~0, 4); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21); VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0] [L575-L582] ~head := #in~head; [L576] ~len~0 := 0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=9, ~head!offset=0, ~len~0=0] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=6, ~head!offset=0, ~len~0=1] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L577-L580] COND TRUE !(~head != { base: 0, offset: 0 }) VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, #res=2, ~head!base=0, ~head!offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] COND TRUE ~k~0 + ~len~2 != #t~ret22 [L625] havoc #t~mem21; [L625] havoc #t~ret22; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] ----- ----- class de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL!base=8, #NULL!offset=5, old(#NULL!base)=8, old(#NULL!offset)=5] [?] #NULL := { base: 0, offset: 0 }; [?] #valid[0] := 0; VAL [#NULL!base=0, #NULL!offset=0, old(#NULL!base)=8, old(#NULL!offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0, #NULL!offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL!base=0, #NULL!offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL!base=0, #NULL!offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] FCALL call ~#s~0 := #Ultimate.alloc(4); VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] CALL call #t~ret15 := sll_create(~len~2); VAL [#in~len=2, #NULL!base=0, #NULL!offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0 := { base: 0, offset: 0 }; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~post2=2, ~head~0!base=0, ~head~0!offset=0, ~len=1] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, #t~post2=1, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=6, ~new_head~0!offset=0] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, #t~post2=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L565-L572] COND TRUE !(#t~post2 > 0) [L565] havoc #t~post2; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L573] #res := ~head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #res!base=9, #res!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L617] RET call #t~ret15 := sll_create(~len~2); VAL [#NULL!base=0, #NULL!offset=0, #t~ret15!base=9, #t~ret15!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] FCALL call write~init~$Pointer$(#t~ret15, ~#s~0, 4); [L617] havoc #t~ret15; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] COND FALSE !(!#t~short12) [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] COND FALSE !(#t~short12) VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL!base=0, #NULL!offset=0, #t~ret16=1, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL!base=0, #NULL!offset=0, #t~short18=true, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] COND TRUE #t~short18 [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, #t~nondet17=0, #t~short18=false, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] COND TRUE !#t~short18 [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] FCALL call #t~mem21 := read~$Pointer$(~#s~0, 4); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21); VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0] [L575-L582] ~head := #in~head; [L576] ~len~0 := 0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=9, ~head!offset=0, ~len~0=0] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=6, ~head!offset=0, ~len~0=1] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L577-L580] COND TRUE !(~head != { base: 0, offset: 0 }) VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, #res=2, ~head!base=0, ~head!offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] COND TRUE ~k~0 + ~len~2 != #t~ret22 [L625] havoc #t~mem21; [L625] havoc #t~ret22; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [?] CALL call ULTIMATE.init(); VAL [#NULL!base=8, #NULL!offset=5, old(#NULL!base)=8, old(#NULL!offset)=5] [?] #NULL := { base: 0, offset: 0 }; [?] #valid[0] := 0; VAL [#NULL!base=0, #NULL!offset=0, old(#NULL!base)=8, old(#NULL!offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0, #NULL!offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL!base=0, #NULL!offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL!base=0, #NULL!offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] FCALL call ~#s~0 := #Ultimate.alloc(4); VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] CALL call #t~ret15 := sll_create(~len~2); VAL [#in~len=2, #NULL!base=0, #NULL!offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0 := { base: 0, offset: 0 }; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~post2=2, ~head~0!base=0, ~head~0!offset=0, ~len=1] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, #t~post2=1, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=6, ~new_head~0!offset=0] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, #t~post2=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L565-L572] COND TRUE !(#t~post2 > 0) [L565] havoc #t~post2; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L573] #res := ~head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #res!base=9, #res!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L617] RET call #t~ret15 := sll_create(~len~2); VAL [#NULL!base=0, #NULL!offset=0, #t~ret15!base=9, #t~ret15!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] FCALL call write~init~$Pointer$(#t~ret15, ~#s~0, 4); [L617] havoc #t~ret15; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] COND FALSE !(!#t~short12) [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] COND FALSE !(#t~short12) VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL!base=0, #NULL!offset=0, #t~ret16=1, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL!base=0, #NULL!offset=0, #t~short18=true, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] COND TRUE #t~short18 [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, #t~nondet17=0, #t~short18=false, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] COND TRUE !#t~short18 [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] FCALL call #t~mem21 := read~$Pointer$(~#s~0, 4); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21); VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0] [L575-L582] ~head := #in~head; [L576] ~len~0 := 0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=9, ~head!offset=0, ~len~0=0] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=6, ~head!offset=0, ~len~0=1] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L577-L580] COND TRUE !(~head != { base: 0, offset: 0 }) VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, #res=2, ~head!base=0, ~head!offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] COND TRUE ~k~0 + ~len~2 != #t~ret22 [L625] havoc #t~mem21; [L625] havoc #t~ret22; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] ----- ----- class de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL!base=8, #NULL!offset=5, old(#NULL!base)=8, old(#NULL!offset)=5] [?] #NULL := { base: 0, offset: 0 }; [?] #valid[0] := 0; VAL [#NULL!base=0, #NULL!offset=0, old(#NULL!base)=8, old(#NULL!offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0, #NULL!offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL!base=0, #NULL!offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL!base=0, #NULL!offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] FCALL call ~#s~0 := #Ultimate.alloc(4); VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] CALL call #t~ret15 := sll_create(~len~2); VAL [#in~len=2, #NULL!base=0, #NULL!offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0 := { base: 0, offset: 0 }; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~post2=2, ~head~0!base=0, ~head~0!offset=0, ~len=1] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, #t~post2=1, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=6, ~new_head~0!offset=0] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, #t~post2=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L565-L572] COND TRUE !(#t~post2 > 0) [L565] havoc #t~post2; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L573] #res := ~head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #res!base=9, #res!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L617] RET call #t~ret15 := sll_create(~len~2); VAL [#NULL!base=0, #NULL!offset=0, #t~ret15!base=9, #t~ret15!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] FCALL call write~init~$Pointer$(#t~ret15, ~#s~0, 4); [L617] havoc #t~ret15; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] COND FALSE !(!#t~short12) [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] COND FALSE !(#t~short12) VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL!base=0, #NULL!offset=0, #t~ret16=1, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL!base=0, #NULL!offset=0, #t~short18=true, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] COND TRUE #t~short18 [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, #t~nondet17=0, #t~short18=false, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] COND TRUE !#t~short18 [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] FCALL call #t~mem21 := read~$Pointer$(~#s~0, 4); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21); VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0] [L575-L582] ~head := #in~head; [L576] ~len~0 := 0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=9, ~head!offset=0, ~len~0=0] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=6, ~head!offset=0, ~len~0=1] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L577-L580] COND TRUE !(~head != { base: 0, offset: 0 }) VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, #res=2, ~head!base=0, ~head!offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] COND TRUE ~k~0 + ~len~2 != #t~ret22 [L625] havoc #t~mem21; [L625] havoc #t~ret22; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L616] CALL, EXPR _get_nondet_int(2, 5) VAL [\old(from)=2, \old(until)=5] [L609] int len = from; VAL [\old(from)=2, \old(until)=5, from=2, len=2, until=5] [L610] len < until && __VERIFIER_nondet_int() [L610] len < until && __VERIFIER_nondet_int() VAL [\old(from)=2, \old(until)=5, __VERIFIER_nondet_int()=0, from=2, len=2, len < until && __VERIFIER_nondet_int()=0, until=5] [L610] COND FALSE !(len < until && __VERIFIER_nondet_int()) [L613] return len; VAL [\old(from)=2, \old(until)=5, \result=2, from=2, len=2, until=5] [L616] RET, EXPR _get_nondet_int(2, 5) VAL [_get_nondet_int(2, 5)=2] [L616] const int len = _get_nondet_int(2, 5); [L617] SLL s = sll_create(len); VAL [len=2, s={7:0}] [L617] CALL, EXPR sll_create(len) VAL [\old(len)=2] [L564] SLL head = ((void *)0); VAL [\old(len)=2, head={0:0}, len=2] [L565] EXPR len-- VAL [\old(len)=2, head={0:0}, len=1, len--=2] [L565] COND TRUE len-- > 0 [L566] SLL new_head = (SLL) malloc(sizeof(struct node)); VAL [\old(len)=2, head={0:0}, len=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L567] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=2, head={0:0}, len=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L570] new_head->next = head [L571] head = new_head VAL [\old(len)=2, head={6:0}, len=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L565] EXPR len-- VAL [\old(len)=2, head={6:0}, len=0, len--=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L565] COND TRUE len-- > 0 [L566] SLL new_head = (SLL) malloc(sizeof(struct node)); VAL [\old(len)=2, head={6:0}, len=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L567] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=2, head={6:0}, len=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L570] new_head->next = head [L571] head = new_head VAL [\old(len)=2, head={9:0}, len=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L565] EXPR len-- VAL [\old(len)=2, head={9:0}, len=-1, len--=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L565] COND FALSE !(len-- > 0) [L573] return head; VAL [\old(len)=2, \result={9:0}, head={9:0}, len=-1, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L617] RET, EXPR sll_create(len) VAL [len=2, s={7:0}, sll_create(len)={9:0}] [L617] SLL s = sll_create(len); [L618] CALL, EXPR _get_nondet_int(0, len - 1) VAL [\old(from)=0, \old(until)=1] [L609] int len = from; VAL [\old(from)=0, \old(until)=1, from=0, len=0, until=1] [L610] len < until && __VERIFIER_nondet_int() [L610] len < until && __VERIFIER_nondet_int() VAL [\old(from)=0, \old(until)=1, __VERIFIER_nondet_int()=1, from=0, len=0, len < until && __VERIFIER_nondet_int()=1, until=1] [L610] COND TRUE len < until && __VERIFIER_nondet_int() [L611] len++ VAL [\old(from)=0, \old(until)=1, from=0, len=1, until=1] [L610] len < until && __VERIFIER_nondet_int() VAL [\old(from)=0, \old(until)=1, from=0, len=1, len < until && __VERIFIER_nondet_int()=0, until=1] [L610] COND FALSE !(len < until && __VERIFIER_nondet_int()) [L613] return len; VAL [\old(from)=0, \old(until)=1, \result=1, from=0, len=1, until=1] [L618] RET, EXPR _get_nondet_int(0, len - 1) VAL [_get_nondet_int(0, len - 1)=1, len=2, s={7:0}] [L618] const int k = _get_nondet_int(0, len - 1); [L619] int i = 0; VAL [i=0, k=1, len=2, s={7:0}] [L620] i < k && __VERIFIER_nondet_int() [L620] i < k && __VERIFIER_nondet_int() VAL [__VERIFIER_nondet_int()=0, i=0, i < k && __VERIFIER_nondet_int()=0, k=1, len=2, s={7:0}] [L620] COND FALSE !(i < k && __VERIFIER_nondet_int()) [L625] EXPR \read(s) VAL [\read(s)={9:0}, i=0, k=1, len=2, s={7:0}] [L625] CALL, EXPR sll_length(s) VAL [head={9:0}] [L576] int len = 0; VAL [head={9:0}, head={9:0}, len=0] [L577] COND TRUE \read(head) [L578] len++ [L579] EXPR head->next [L579] head = head->next [L577] COND TRUE \read(head) [L578] len++ [L579] EXPR head->next [L579] head = head->next [L577] COND FALSE !(\read(head)) VAL [head={0:0}, head={9:0}, len=2] [L581] return len; VAL [\result=2, head={0:0}, head={9:0}, len=2] [L625] RET, EXPR sll_length(s) VAL [\read(s)={9:0}, i=0, k=1, len=2, s={7:0}, sll_length(s)=2] [L625] COND TRUE k + len != sll_length(s) [L630] __VERIFIER_error() VAL [i=0, k=1, len=2, s={7:0}] ----- [2018-11-23 11:59:09,010 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 23.11 11:59:09 BoogieIcfgContainer [2018-11-23 11:59:09,010 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2018-11-23 11:59:09,010 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2018-11-23 11:59:09,010 INFO L271 PluginConnector]: Initializing Witness Printer... [2018-11-23 11:59:09,010 INFO L276 PluginConnector]: Witness Printer initialized [2018-11-23 11:59:09,011 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 23.11 11:59:03" (3/4) ... [2018-11-23 11:59:09,014 INFO L138 WitnessPrinter]: Generating witness for reachability counterexample ----- class de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder.RCFGBacktranslator [?] CALL call ULTIMATE.init(); VAL [|#NULL.base|=8, |#NULL.offset|=5, |old(#NULL.base)|=8, |old(#NULL.offset)|=5] [?] #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0]; VAL [|#NULL.base|=0, |#NULL.offset|=0, |old(#NULL.base)|=8, |old(#NULL.offset)|=5] [?] assume true; VAL [|#NULL.base|=0, |#NULL.offset|=0, |old(#NULL.base)|=8, |old(#NULL.offset)|=5] [?] RET #176#return; VAL [|#NULL.base|=0, |#NULL.offset|=0] [?] CALL call #t~ret24 := main(); VAL [|#NULL.base|=0, |#NULL.offset|=0] [?] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [|#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5] [?] ~from := #in~from;~until := #in~until;~len~1 := ~from; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5] [?] #t~short12 := ~len~1 < ~until; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5, |_get_nondet_int_#t~short12|=true] [?] assume #t~short12;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647;#t~short12 := 0 != #t~nondet11; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5, |_get_nondet_int_#t~nondet11|=0, |_get_nondet_int_#t~short12|=false] [?] assume !#t~short12;havoc #t~nondet11;havoc #t~short12; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5] [?] #res := ~len~1; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5, |_get_nondet_int_#res|=2] [?] assume true; VAL [_get_nondet_int_~from=2, _get_nondet_int_~len~1=2, _get_nondet_int_~until=5, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=2, |_get_nondet_int_#in~until|=5, |_get_nondet_int_#res|=2] [?] RET #158#return; VAL [|#NULL.base|=0, |#NULL.offset|=0, |main_#t~ret14|=2] [?] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647;~len~2 := #t~ret14;havoc #t~ret14;call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4); VAL [main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] CALL call #t~ret15.base, #t~ret15.offset := sll_create(~len~2); VAL [|#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2] [?] ~len := #in~len;~head~0.base, ~head~0.offset := 0, 0; VAL [sll_create_~head~0.base=0, sll_create_~head~0.offset=0, sll_create_~len=2, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2] [?] #t~post2 := ~len;~len := #t~post2 - 1; VAL [sll_create_~head~0.base=0, sll_create_~head~0.offset=0, sll_create_~len=1, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~post2|=2] [?] assume !!(#t~post2 > 0);havoc #t~post2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [sll_create_~head~0.base=0, sll_create_~head~0.offset=0, sll_create_~len=1, sll_create_~new_head~0.base=6, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=6, |sll_create_#t~malloc3.offset|=0] [?] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [sll_create_~head~0.base=0, sll_create_~head~0.offset=0, sll_create_~len=1, sll_create_~new_head~0.base=6, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=6, |sll_create_#t~malloc3.offset|=0] [?] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4);~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [sll_create_~head~0.base=6, sll_create_~head~0.offset=0, sll_create_~len=1, sll_create_~new_head~0.base=6, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=6, |sll_create_#t~malloc3.offset|=0] [?] #t~post2 := ~len;~len := #t~post2 - 1; VAL [sll_create_~head~0.base=6, sll_create_~head~0.offset=0, sll_create_~len=0, sll_create_~new_head~0.base=6, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=6, |sll_create_#t~malloc3.offset|=0, |sll_create_#t~post2|=1] [?] assume !!(#t~post2 > 0);havoc #t~post2;call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4);~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [sll_create_~head~0.base=6, sll_create_~head~0.offset=0, sll_create_~len=0, sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [sll_create_~head~0.base=6, sll_create_~head~0.offset=0, sll_create_~len=0, sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4);~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [sll_create_~head~0.base=9, sll_create_~head~0.offset=0, sll_create_~len=0, sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] #t~post2 := ~len;~len := #t~post2 - 1; VAL [sll_create_~head~0.base=9, sll_create_~head~0.offset=0, sll_create_~len=(- 1), sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0, |sll_create_#t~post2|=0] [?] assume !(#t~post2 > 0);havoc #t~post2; VAL [sll_create_~head~0.base=9, sll_create_~head~0.offset=0, sll_create_~len=(- 1), sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [sll_create_~head~0.base=9, sll_create_~head~0.offset=0, sll_create_~len=(- 1), sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#res.base|=9, |sll_create_#res.offset|=0, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] assume true; VAL [sll_create_~head~0.base=9, sll_create_~head~0.offset=0, sll_create_~len=(- 1), sll_create_~new_head~0.base=9, sll_create_~new_head~0.offset=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_create_#in~len|=2, |sll_create_#res.base|=9, |sll_create_#res.offset|=0, |sll_create_#t~malloc3.base|=9, |sll_create_#t~malloc3.offset|=0] [?] RET #160#return; VAL [main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~ret15.base|=9, |main_#t~ret15.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] call write~init~$Pointer$(#t~ret15.base, #t~ret15.offset, ~#s~0.base, ~#s~0.offset, 4);havoc #t~ret15.base, #t~ret15.offset; VAL [main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [|#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1] [?] ~from := #in~from;~until := #in~until;~len~1 := ~from; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=0, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1] [?] #t~short12 := ~len~1 < ~until; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=0, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#t~short12|=true] [?] assume #t~short12;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647;#t~short12 := 0 != #t~nondet11; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=0, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#t~nondet11|=1, |_get_nondet_int_#t~short12|=true] [?] assume !!#t~short12;havoc #t~nondet11;havoc #t~short12;#t~post13 := ~len~1;~len~1 := 1 + #t~post13;havoc #t~post13; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1] [?] #t~short12 := ~len~1 < ~until; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#t~short12|=false] [?] assume !#t~short12; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#t~short12|=false] [?] assume !#t~short12;havoc #t~nondet11;havoc #t~short12; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1] [?] #res := ~len~1; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#res|=1] [?] assume true; VAL [_get_nondet_int_~from=0, _get_nondet_int_~len~1=1, _get_nondet_int_~until=1, |#NULL.base|=0, |#NULL.offset|=0, |_get_nondet_int_#in~from|=0, |_get_nondet_int_#in~until|=1, |_get_nondet_int_#res|=1] [?] RET #162#return; VAL [main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~ret16|=1, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647;~k~0 := #t~ret16;havoc #t~ret16;~i~0 := 0; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] #t~short18 := ~i~0 < ~k~0; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~short18|=true, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume #t~short18;assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647;#t~short18 := 0 != #t~nondet17; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~nondet17|=0, |main_#t~short18|=false, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume !#t~short18;havoc #t~short18;havoc #t~nondet17; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4); VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~mem21.base|=9, |main_#t~mem21.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] CALL call #t~ret22 := sll_length(#t~mem21.base, #t~mem21.offset); VAL [|#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0] [?] ~head.base, ~head.offset := #in~head.base, #in~head.offset;~len~0 := 0; VAL [sll_length_~head.base=9, sll_length_~head.offset=0, sll_length_~len~0=0, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0] [?] assume !!(~head.base != 0 || ~head.offset != 0);#t~post4 := ~len~0;~len~0 := 1 + #t~post4;havoc #t~post4;call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4);~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset;havoc #t~mem5.base, #t~mem5.offset; VAL [sll_length_~head.base=6, sll_length_~head.offset=0, sll_length_~len~0=1, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0] [?] assume !!(~head.base != 0 || ~head.offset != 0);#t~post4 := ~len~0;~len~0 := 1 + #t~post4;havoc #t~post4;call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4);~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset;havoc #t~mem5.base, #t~mem5.offset; VAL [sll_length_~head.base=0, sll_length_~head.offset=0, sll_length_~len~0=2, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0] [?] assume !(~head.base != 0 || ~head.offset != 0); VAL [sll_length_~head.base=0, sll_length_~head.offset=0, sll_length_~len~0=2, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0] [?] #res := ~len~0; VAL [sll_length_~head.base=0, sll_length_~head.offset=0, sll_length_~len~0=2, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0, |sll_length_#res|=2] [?] assume true; VAL [sll_length_~head.base=0, sll_length_~head.offset=0, sll_length_~len~0=2, |#NULL.base|=0, |#NULL.offset|=0, |sll_length_#in~head.base|=9, |sll_length_#in~head.offset|=0, |sll_length_#res|=2] [?] RET #168#return; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~mem21.base|=9, |main_#t~mem21.offset|=0, |main_#t~ret22|=2, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_#t~mem21.base|=9, |main_#t~mem21.offset|=0, |main_#t~ret22|=2, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume ~k~0 + ~len~2 != #t~ret22;havoc #t~mem21.base, #t~mem21.offset;havoc #t~ret22; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] assume !false; VAL [main_~i~0=0, main_~k~0=1, main_~len~2=2, |#NULL.base|=0, |#NULL.offset|=0, |main_~#s~0.base|=7, |main_~#s~0.offset|=0] [?] CALL call ULTIMATE.init(); VAL [#NULL.base=8, #NULL.offset=5, old(#NULL.base)=8, old(#NULL.offset)=5] [?] #NULL.base, #NULL.offset := 0, 0; [?] #valid := #valid[0 := 0]; VAL [#NULL.base=0, #NULL.offset=0, old(#NULL.base)=8, old(#NULL.offset)=5] [?] ensures true; VAL [#NULL.base=0, #NULL.offset=0, old(#NULL.base)=8, old(#NULL.offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL.base=0, #NULL.offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL.base=0, #NULL.offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] assume #t~short12; [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] assume !#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L608-L614] ensures true; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL.base=0, #NULL.offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4); VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L617] CALL call #t~ret15.base, #t~ret15.offset := sll_create(~len~2); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0.base, ~head~0.offset := 0, 0; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~post2=2, ~head~0.base=0, ~head~0.offset=0, ~len=1] [L565-L572] assume !!(#t~post2 > 0); [L565] havoc #t~post2; [L566] call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4); [L566] ~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L567-L569] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L570] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4); [L571] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, #t~post2=1, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=6, ~new_head~0.offset=0] [L565-L572] assume !!(#t~post2 > 0); [L565] havoc #t~post2; [L566] call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4); [L566] ~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L567-L569] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L570] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4); [L571] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, #t~post2=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L565-L572] assume !(#t~post2 > 0); [L565] havoc #t~post2; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L573] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #res.base=9, #res.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L563-L574] ensures true; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #res.base=9, #res.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L617] RET call #t~ret15.base, #t~ret15.offset := sll_create(~len~2); VAL [#NULL.base=0, #NULL.offset=0, #t~ret15.base=9, #t~ret15.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L617] call write~init~$Pointer$(#t~ret15.base, #t~ret15.offset, ~#s~0.base, ~#s~0.offset, 4); [L617] havoc #t~ret15.base, #t~ret15.offset; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] assume #t~short12; [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] assume !!#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] assume !#t~short12; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] assume !#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L608-L614] ensures true; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL.base=0, #NULL.offset=0, #t~ret16=1, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL.base=0, #NULL.offset=0, #t~short18=true, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] assume #t~short18; [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL.base=0, #NULL.offset=0, #t~nondet17=0, #t~short18=false, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] assume !#t~short18; [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4); VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21.base, #t~mem21.offset); VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0] [L575-L582] ~head.base, ~head.offset := #in~head.base, #in~head.offset; [L576] ~len~0 := 0; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=9, ~head.offset=0, ~len~0=0] [L577-L580] assume !!(~head.base != 0 || ~head.offset != 0); [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4); [L579] ~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset; [L579] havoc #t~mem5.base, #t~mem5.offset; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=6, ~head.offset=0, ~len~0=1] [L577-L580] assume !!(~head.base != 0 || ~head.offset != 0); [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4); [L579] ~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset; [L579] havoc #t~mem5.base, #t~mem5.offset; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=0, ~head.offset=0, ~len~0=2] [L577-L580] assume !(~head.base != 0 || ~head.offset != 0); VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=0, ~head.offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, #res=2, ~head.base=0, ~head.offset=0, ~len~0=2] [L575-L582] ensures true; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, #res=2, ~head.base=0, ~head.offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21.base, #t~mem21.offset); VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, #t~ret22=2, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, #t~ret22=2, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625-L627] assume ~k~0 + ~len~2 != #t~ret22; [L625] havoc #t~mem21.base, #t~mem21.offset; [L625] havoc #t~ret22; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] ----- ----- class de.uni_freiburg.informatik.ultimate.boogie.preprocessor.BoogiePreprocessorBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL.base=8, #NULL.offset=5, old(#NULL.base)=8, old(#NULL.offset)=5] [?] #NULL.base, #NULL.offset := 0, 0; [?] #valid := #valid[0 := 0]; VAL [#NULL.base=0, #NULL.offset=0, old(#NULL.base)=8, old(#NULL.offset)=5] [?] ensures true; VAL [#NULL.base=0, #NULL.offset=0, old(#NULL.base)=8, old(#NULL.offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL.base=0, #NULL.offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL.base=0, #NULL.offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] assume #t~short12; [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] assume !#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L608-L614] ensures true; VAL [#in~from=2, #in~until=5, #NULL.base=0, #NULL.offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL.base=0, #NULL.offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] call ~#s~0.base, ~#s~0.offset := #Ultimate.alloc(4); VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L617] CALL call #t~ret15.base, #t~ret15.offset := sll_create(~len~2); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0.base, ~head~0.offset := 0, 0; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~post2=2, ~head~0.base=0, ~head~0.offset=0, ~len=1] [L565-L572] assume !!(#t~post2 > 0); [L565] havoc #t~post2; [L566] call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4); [L566] ~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L567-L569] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=0, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L570] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4); [L571] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=1, ~new_head~0.base=6, ~new_head~0.offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=6, #t~malloc3.offset=0, #t~post2=1, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=6, ~new_head~0.offset=0] [L565-L572] assume !!(#t~post2 > 0); [L565] havoc #t~post2; [L566] call #t~malloc3.base, #t~malloc3.offset := #Ultimate.alloc(4); [L566] ~new_head~0.base, ~new_head~0.offset := #t~malloc3.base, #t~malloc3.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L567-L569] assume !(0 == ~new_head~0.base && 0 == ~new_head~0.offset); VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=6, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L570] call write~$Pointer$(~head~0.base, ~head~0.offset, ~new_head~0.base, ~new_head~0.offset, 4); [L571] ~head~0.base, ~head~0.offset := ~new_head~0.base, ~new_head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=0, ~new_head~0.base=9, ~new_head~0.offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, #t~post2=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L565-L572] assume !(#t~post2 > 0); [L565] havoc #t~post2; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L573] #res.base, #res.offset := ~head~0.base, ~head~0.offset; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #res.base=9, #res.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L563-L574] ensures true; VAL [#in~len=2, #NULL.base=0, #NULL.offset=0, #res.base=9, #res.offset=0, #t~malloc3.base=9, #t~malloc3.offset=0, ~head~0.base=9, ~head~0.offset=0, ~len=-1, ~new_head~0.base=9, ~new_head~0.offset=0] [L617] RET call #t~ret15.base, #t~ret15.offset := sll_create(~len~2); VAL [#NULL.base=0, #NULL.offset=0, #t~ret15.base=9, #t~ret15.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L617] call write~init~$Pointer$(#t~ret15.base, #t~ret15.offset, ~#s~0.base, ~#s~0.offset, 4); [L617] havoc #t~ret15.base, #t~ret15.offset; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] assume #t~short12; [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] assume !!#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] assume !#t~short12; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] assume !#t~short12; [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L608-L614] ensures true; VAL [#in~from=0, #in~until=1, #NULL.base=0, #NULL.offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL.base=0, #NULL.offset=0, #t~ret16=1, ~#s~0.base=7, ~#s~0.offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL.base=0, #NULL.offset=0, #t~short18=true, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] assume #t~short18; [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL.base=0, #NULL.offset=0, #t~nondet17=0, #t~short18=false, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] assume !#t~short18; [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] call #t~mem21.base, #t~mem21.offset := read~$Pointer$(~#s~0.base, ~#s~0.offset, 4); VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21.base, #t~mem21.offset); VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0] [L575-L582] ~head.base, ~head.offset := #in~head.base, #in~head.offset; [L576] ~len~0 := 0; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=9, ~head.offset=0, ~len~0=0] [L577-L580] assume !!(~head.base != 0 || ~head.offset != 0); [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4); [L579] ~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset; [L579] havoc #t~mem5.base, #t~mem5.offset; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=6, ~head.offset=0, ~len~0=1] [L577-L580] assume !!(~head.base != 0 || ~head.offset != 0); [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] call #t~mem5.base, #t~mem5.offset := read~$Pointer$(~head.base, ~head.offset, 4); [L579] ~head.base, ~head.offset := #t~mem5.base, #t~mem5.offset; [L579] havoc #t~mem5.base, #t~mem5.offset; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=0, ~head.offset=0, ~len~0=2] [L577-L580] assume !(~head.base != 0 || ~head.offset != 0); VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, ~head.base=0, ~head.offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, #res=2, ~head.base=0, ~head.offset=0, ~len~0=2] [L575-L582] ensures true; VAL [#in~head.base=9, #in~head.offset=0, #NULL.base=0, #NULL.offset=0, #res=2, ~head.base=0, ~head.offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21.base, #t~mem21.offset); VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, #t~ret22=2, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL.base=0, #NULL.offset=0, #t~mem21.base=9, #t~mem21.offset=0, #t~ret22=2, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625-L627] assume ~k~0 + ~len~2 != #t~ret22; [L625] havoc #t~mem21.base, #t~mem21.offset; [L625] havoc #t~ret22; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL.base=0, #NULL.offset=0, ~#s~0.base=7, ~#s~0.offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [?] CALL call ULTIMATE.init(); VAL [#NULL!base=8, #NULL!offset=5, old(#NULL!base)=8, old(#NULL!offset)=5] [?] #NULL := { base: 0, offset: 0 }; [?] #valid[0] := 0; VAL [#NULL!base=0, #NULL!offset=0, old(#NULL!base)=8, old(#NULL!offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0, #NULL!offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL!base=0, #NULL!offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL!base=0, #NULL!offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] FCALL call ~#s~0 := #Ultimate.alloc(4); VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] CALL call #t~ret15 := sll_create(~len~2); VAL [#in~len=2, #NULL!base=0, #NULL!offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0 := { base: 0, offset: 0 }; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~post2=2, ~head~0!base=0, ~head~0!offset=0, ~len=1] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, #t~post2=1, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=6, ~new_head~0!offset=0] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, #t~post2=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L565-L572] COND TRUE !(#t~post2 > 0) [L565] havoc #t~post2; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L573] #res := ~head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #res!base=9, #res!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L617] RET call #t~ret15 := sll_create(~len~2); VAL [#NULL!base=0, #NULL!offset=0, #t~ret15!base=9, #t~ret15!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] FCALL call write~init~$Pointer$(#t~ret15, ~#s~0, 4); [L617] havoc #t~ret15; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] COND FALSE !(!#t~short12) [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] COND FALSE !(#t~short12) VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL!base=0, #NULL!offset=0, #t~ret16=1, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL!base=0, #NULL!offset=0, #t~short18=true, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] COND TRUE #t~short18 [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, #t~nondet17=0, #t~short18=false, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] COND TRUE !#t~short18 [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] FCALL call #t~mem21 := read~$Pointer$(~#s~0, 4); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21); VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0] [L575-L582] ~head := #in~head; [L576] ~len~0 := 0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=9, ~head!offset=0, ~len~0=0] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=6, ~head!offset=0, ~len~0=1] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L577-L580] COND TRUE !(~head != { base: 0, offset: 0 }) VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, #res=2, ~head!base=0, ~head!offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] COND TRUE ~k~0 + ~len~2 != #t~ret22 [L625] havoc #t~mem21; [L625] havoc #t~ret22; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] ----- ----- class de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL!base=8, #NULL!offset=5, old(#NULL!base)=8, old(#NULL!offset)=5] [?] #NULL := { base: 0, offset: 0 }; [?] #valid[0] := 0; VAL [#NULL!base=0, #NULL!offset=0, old(#NULL!base)=8, old(#NULL!offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0, #NULL!offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL!base=0, #NULL!offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL!base=0, #NULL!offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] FCALL call ~#s~0 := #Ultimate.alloc(4); VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] CALL call #t~ret15 := sll_create(~len~2); VAL [#in~len=2, #NULL!base=0, #NULL!offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0 := { base: 0, offset: 0 }; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~post2=2, ~head~0!base=0, ~head~0!offset=0, ~len=1] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, #t~post2=1, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=6, ~new_head~0!offset=0] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, #t~post2=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L565-L572] COND TRUE !(#t~post2 > 0) [L565] havoc #t~post2; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L573] #res := ~head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #res!base=9, #res!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L617] RET call #t~ret15 := sll_create(~len~2); VAL [#NULL!base=0, #NULL!offset=0, #t~ret15!base=9, #t~ret15!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] FCALL call write~init~$Pointer$(#t~ret15, ~#s~0, 4); [L617] havoc #t~ret15; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] COND FALSE !(!#t~short12) [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] COND FALSE !(#t~short12) VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL!base=0, #NULL!offset=0, #t~ret16=1, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL!base=0, #NULL!offset=0, #t~short18=true, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] COND TRUE #t~short18 [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, #t~nondet17=0, #t~short18=false, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] COND TRUE !#t~short18 [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] FCALL call #t~mem21 := read~$Pointer$(~#s~0, 4); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21); VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0] [L575-L582] ~head := #in~head; [L576] ~len~0 := 0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=9, ~head!offset=0, ~len~0=0] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=6, ~head!offset=0, ~len~0=1] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L577-L580] COND TRUE !(~head != { base: 0, offset: 0 }) VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, #res=2, ~head!base=0, ~head!offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] COND TRUE ~k~0 + ~len~2 != #t~ret22 [L625] havoc #t~mem21; [L625] havoc #t~ret22; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [?] CALL call ULTIMATE.init(); VAL [#NULL!base=8, #NULL!offset=5, old(#NULL!base)=8, old(#NULL!offset)=5] [?] #NULL := { base: 0, offset: 0 }; [?] #valid[0] := 0; VAL [#NULL!base=0, #NULL!offset=0, old(#NULL!base)=8, old(#NULL!offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0, #NULL!offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL!base=0, #NULL!offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL!base=0, #NULL!offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] FCALL call ~#s~0 := #Ultimate.alloc(4); VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] CALL call #t~ret15 := sll_create(~len~2); VAL [#in~len=2, #NULL!base=0, #NULL!offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0 := { base: 0, offset: 0 }; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~post2=2, ~head~0!base=0, ~head~0!offset=0, ~len=1] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, #t~post2=1, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=6, ~new_head~0!offset=0] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, #t~post2=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L565-L572] COND TRUE !(#t~post2 > 0) [L565] havoc #t~post2; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L573] #res := ~head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #res!base=9, #res!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L617] RET call #t~ret15 := sll_create(~len~2); VAL [#NULL!base=0, #NULL!offset=0, #t~ret15!base=9, #t~ret15!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] FCALL call write~init~$Pointer$(#t~ret15, ~#s~0, 4); [L617] havoc #t~ret15; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] COND FALSE !(!#t~short12) [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] COND FALSE !(#t~short12) VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL!base=0, #NULL!offset=0, #t~ret16=1, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL!base=0, #NULL!offset=0, #t~short18=true, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] COND TRUE #t~short18 [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, #t~nondet17=0, #t~short18=false, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] COND TRUE !#t~short18 [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] FCALL call #t~mem21 := read~$Pointer$(~#s~0, 4); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21); VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0] [L575-L582] ~head := #in~head; [L576] ~len~0 := 0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=9, ~head!offset=0, ~len~0=0] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=6, ~head!offset=0, ~len~0=1] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L577-L580] COND TRUE !(~head != { base: 0, offset: 0 }) VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, #res=2, ~head!base=0, ~head!offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] COND TRUE ~k~0 + ~len~2 != #t~ret22 [L625] havoc #t~mem21; [L625] havoc #t~ret22; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] ----- ----- class de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieBacktranslator [?] CALL call ULTIMATE.init(); VAL [#NULL!base=8, #NULL!offset=5, old(#NULL!base)=8, old(#NULL!offset)=5] [?] #NULL := { base: 0, offset: 0 }; [?] #valid[0] := 0; VAL [#NULL!base=0, #NULL!offset=0, old(#NULL!base)=8, old(#NULL!offset)=5] [?] RET call ULTIMATE.init(); VAL [#NULL!base=0, #NULL!offset=0] [?] CALL call #t~ret24 := main(); VAL [#NULL!base=0, #NULL!offset=0] [L616] CALL call #t~ret14 := _get_nondet_int(2, 5); VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=2, ~len~1=2, ~until=5] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #t~nondet11=0, #t~short12=false, ~from=2, ~len~1=2, ~until=5] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, ~from=2, ~len~1=2, ~until=5] [L613] #res := ~len~1; VAL [#in~from=2, #in~until=5, #NULL!base=0, #NULL!offset=0, #res=2, ~from=2, ~len~1=2, ~until=5] [L616] RET call #t~ret14 := _get_nondet_int(2, 5); VAL [#NULL!base=0, #NULL!offset=0, #t~ret14=2] [L616] assume -2147483648 <= #t~ret14 && #t~ret14 <= 2147483647; [L616] ~len~2 := #t~ret14; [L616] havoc #t~ret14; [L617] FCALL call ~#s~0 := #Ultimate.alloc(4); VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] CALL call #t~ret15 := sll_create(~len~2); VAL [#in~len=2, #NULL!base=0, #NULL!offset=0] [L563-L574] ~len := #in~len; [L564] ~head~0 := { base: 0, offset: 0 }; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=2] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~post2=2, ~head~0!base=0, ~head~0!offset=0, ~len=1] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=0, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=1, ~new_head~0!base=6, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=6, #t~malloc3!offset=0, #t~post2=1, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=6, ~new_head~0!offset=0] [L565-L572] COND FALSE !(!(#t~post2 > 0)) [L565] havoc #t~post2; [L566] FCALL call #t~malloc3 := #Ultimate.alloc(4); [L566] ~new_head~0 := #t~malloc3; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L567] COND FALSE !({ base: 0, offset: 0 } == ~new_head~0) VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=6, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L570] FCALL call write~$Pointer$(~head~0, { base: ~new_head~0!base, offset: ~new_head~0!offset }, 4); [L571] ~head~0 := ~new_head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=0, ~new_head~0!base=9, ~new_head~0!offset=0] [L565] #t~post2 := ~len; [L565] ~len := #t~post2 - 1; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, #t~post2=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L565-L572] COND TRUE !(#t~post2 > 0) [L565] havoc #t~post2; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L573] #res := ~head~0; VAL [#in~len=2, #NULL!base=0, #NULL!offset=0, #res!base=9, #res!offset=0, #t~malloc3!base=9, #t~malloc3!offset=0, ~head~0!base=9, ~head~0!offset=0, ~len=-1, ~new_head~0!base=9, ~new_head~0!offset=0] [L617] RET call #t~ret15 := sll_create(~len~2); VAL [#NULL!base=0, #NULL!offset=0, #t~ret15!base=9, #t~ret15!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L617] FCALL call write~init~$Pointer$(#t~ret15, ~#s~0, 4); [L617] havoc #t~ret15; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] CALL call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0] [L608-L614] ~from := #in~from; [L608-L614] ~until := #in~until; [L609] ~len~1 := ~from; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=0, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610] COND TRUE #t~short12 [L610] assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; [L610] #t~short12 := 0 != #t~nondet11; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~nondet11=1, #t~short12=true, ~from=0, ~len~1=0, ~until=1] [L610-L612] COND FALSE !(!#t~short12) [L610] havoc #t~nondet11; [L610] havoc #t~short12; [L611] #t~post13 := ~len~1; [L611] ~len~1 := 1 + #t~post13; [L611] havoc #t~post13; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L610] #t~short12 := ~len~1 < ~until; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610] COND FALSE !(#t~short12) VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #t~short12=false, ~from=0, ~len~1=1, ~until=1] [L610-L612] COND TRUE !#t~short12 [L610] havoc #t~nondet11; [L610] havoc #t~short12; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, ~from=0, ~len~1=1, ~until=1] [L613] #res := ~len~1; VAL [#in~from=0, #in~until=1, #NULL!base=0, #NULL!offset=0, #res=1, ~from=0, ~len~1=1, ~until=1] [L618] RET call #t~ret16 := _get_nondet_int(0, ~len~2 - 1); VAL [#NULL!base=0, #NULL!offset=0, #t~ret16=1, ~#s~0!base=7, ~#s~0!offset=0, ~len~2=2] [L618] assume -2147483648 <= #t~ret16 && #t~ret16 <= 2147483647; [L618] ~k~0 := #t~ret16; [L618] havoc #t~ret16; [L619] ~i~0 := 0; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] #t~short18 := ~i~0 < ~k~0; VAL [#NULL!base=0, #NULL!offset=0, #t~short18=true, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620] COND TRUE #t~short18 [L620] assume -2147483648 <= #t~nondet17 && #t~nondet17 <= 2147483647; [L620] #t~short18 := 0 != #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, #t~nondet17=0, #t~short18=false, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L620-L624] COND TRUE !#t~short18 [L620] havoc #t~short18; [L620] havoc #t~nondet17; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] FCALL call #t~mem21 := read~$Pointer$(~#s~0, 4); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] CALL call #t~ret22 := sll_length(#t~mem21); VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0] [L575-L582] ~head := #in~head; [L576] ~len~0 := 0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=9, ~head!offset=0, ~len~0=0] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=6, ~head!offset=0, ~len~0=1] [L577-L580] COND FALSE !(!(~head != { base: 0, offset: 0 })) [L578] #t~post4 := ~len~0; [L578] ~len~0 := 1 + #t~post4; [L578] havoc #t~post4; [L579] FCALL call #t~mem5 := read~$Pointer$({ base: ~head!base, offset: ~head!offset }, 4); [L579] ~head := #t~mem5; [L579] havoc #t~mem5; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L577-L580] COND TRUE !(~head != { base: 0, offset: 0 }) VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, ~head!base=0, ~head!offset=0, ~len~0=2] [L581] #res := ~len~0; VAL [#in~head!base=9, #in~head!offset=0, #NULL!base=0, #NULL!offset=0, #res=2, ~head!base=0, ~head!offset=0, ~len~0=2] [L625] RET call #t~ret22 := sll_length(#t~mem21); VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] assume -2147483648 <= #t~ret22 && #t~ret22 <= 2147483647; VAL [#NULL!base=0, #NULL!offset=0, #t~mem21!base=9, #t~mem21!offset=0, #t~ret22=2, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L625] COND TRUE ~k~0 + ~len~2 != #t~ret22 [L625] havoc #t~mem21; [L625] havoc #t~ret22; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L630] assert false; VAL [#NULL!base=0, #NULL!offset=0, ~#s~0!base=7, ~#s~0!offset=0, ~i~0=0, ~k~0=1, ~len~2=2] [L616] CALL, EXPR _get_nondet_int(2, 5) VAL [\old(from)=2, \old(until)=5] [L609] int len = from; VAL [\old(from)=2, \old(until)=5, from=2, len=2, until=5] [L610] len < until && __VERIFIER_nondet_int() [L610] len < until && __VERIFIER_nondet_int() VAL [\old(from)=2, \old(until)=5, __VERIFIER_nondet_int()=0, from=2, len=2, len < until && __VERIFIER_nondet_int()=0, until=5] [L610] COND FALSE !(len < until && __VERIFIER_nondet_int()) [L613] return len; VAL [\old(from)=2, \old(until)=5, \result=2, from=2, len=2, until=5] [L616] RET, EXPR _get_nondet_int(2, 5) VAL [_get_nondet_int(2, 5)=2] [L616] const int len = _get_nondet_int(2, 5); [L617] SLL s = sll_create(len); VAL [len=2, s={7:0}] [L617] CALL, EXPR sll_create(len) VAL [\old(len)=2] [L564] SLL head = ((void *)0); VAL [\old(len)=2, head={0:0}, len=2] [L565] EXPR len-- VAL [\old(len)=2, head={0:0}, len=1, len--=2] [L565] COND TRUE len-- > 0 [L566] SLL new_head = (SLL) malloc(sizeof(struct node)); VAL [\old(len)=2, head={0:0}, len=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L567] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=2, head={0:0}, len=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L570] new_head->next = head [L571] head = new_head VAL [\old(len)=2, head={6:0}, len=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L565] EXPR len-- VAL [\old(len)=2, head={6:0}, len=0, len--=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L565] COND TRUE len-- > 0 [L566] SLL new_head = (SLL) malloc(sizeof(struct node)); VAL [\old(len)=2, head={6:0}, len=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L567] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=2, head={6:0}, len=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L570] new_head->next = head [L571] head = new_head VAL [\old(len)=2, head={9:0}, len=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L565] EXPR len-- VAL [\old(len)=2, head={9:0}, len=-1, len--=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L565] COND FALSE !(len-- > 0) [L573] return head; VAL [\old(len)=2, \result={9:0}, head={9:0}, len=-1, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L617] RET, EXPR sll_create(len) VAL [len=2, s={7:0}, sll_create(len)={9:0}] [L617] SLL s = sll_create(len); [L618] CALL, EXPR _get_nondet_int(0, len - 1) VAL [\old(from)=0, \old(until)=1] [L609] int len = from; VAL [\old(from)=0, \old(until)=1, from=0, len=0, until=1] [L610] len < until && __VERIFIER_nondet_int() [L610] len < until && __VERIFIER_nondet_int() VAL [\old(from)=0, \old(until)=1, __VERIFIER_nondet_int()=1, from=0, len=0, len < until && __VERIFIER_nondet_int()=1, until=1] [L610] COND TRUE len < until && __VERIFIER_nondet_int() [L611] len++ VAL [\old(from)=0, \old(until)=1, from=0, len=1, until=1] [L610] len < until && __VERIFIER_nondet_int() VAL [\old(from)=0, \old(until)=1, from=0, len=1, len < until && __VERIFIER_nondet_int()=0, until=1] [L610] COND FALSE !(len < until && __VERIFIER_nondet_int()) [L613] return len; VAL [\old(from)=0, \old(until)=1, \result=1, from=0, len=1, until=1] [L618] RET, EXPR _get_nondet_int(0, len - 1) VAL [_get_nondet_int(0, len - 1)=1, len=2, s={7:0}] [L618] const int k = _get_nondet_int(0, len - 1); [L619] int i = 0; VAL [i=0, k=1, len=2, s={7:0}] [L620] i < k && __VERIFIER_nondet_int() [L620] i < k && __VERIFIER_nondet_int() VAL [__VERIFIER_nondet_int()=0, i=0, i < k && __VERIFIER_nondet_int()=0, k=1, len=2, s={7:0}] [L620] COND FALSE !(i < k && __VERIFIER_nondet_int()) [L625] EXPR \read(s) VAL [\read(s)={9:0}, i=0, k=1, len=2, s={7:0}] [L625] CALL, EXPR sll_length(s) VAL [head={9:0}] [L576] int len = 0; VAL [head={9:0}, head={9:0}, len=0] [L577] COND TRUE \read(head) [L578] len++ [L579] EXPR head->next [L579] head = head->next [L577] COND TRUE \read(head) [L578] len++ [L579] EXPR head->next [L579] head = head->next [L577] COND FALSE !(\read(head)) VAL [head={0:0}, head={9:0}, len=2] [L581] return len; VAL [\result=2, head={9:0}, head={0:0}, len=2] [L625] RET, EXPR sll_length(s) VAL [\read(s)={9:0}, i=0, k=1, len=2, s={7:0}, sll_length(s)=2] [L625] COND TRUE k + len != sll_length(s) [L630] __VERIFIER_error() VAL [i=0, k=1, len=2, s={7:0}] ----- [2018-11-23 11:59:09,326 INFO L145 WitnessManager]: Wrote witness to /tmp/vcloud-vcloud-master/worker/working_dir_ee782f42-47e1-40f8-8e62-b0a8ad7a7abe/bin-2019/uautomizer/witness.graphml [2018-11-23 11:59:09,326 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2018-11-23 11:59:09,327 INFO L168 Benchmark]: Toolchain (without parser) took 6510.54 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 173.5 MB). Free memory was 957.6 MB in the beginning and 1.1 GB in the end (delta: -186.0 MB). There was no memory consumed. Max. memory is 11.5 GB. [2018-11-23 11:59:09,328 INFO L168 Benchmark]: CDTParser took 0.15 ms. Allocated memory is still 1.0 GB. Free memory is still 985.6 MB. There was no memory consumed. Max. memory is 11.5 GB. [2018-11-23 11:59:09,328 INFO L168 Benchmark]: CACSL2BoogieTranslator took 376.77 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 123.2 MB). Free memory was 957.6 MB in the beginning and 1.1 GB in the end (delta: -151.7 MB). Peak memory consumption was 32.9 MB. Max. memory is 11.5 GB. [2018-11-23 11:59:09,328 INFO L168 Benchmark]: Boogie Procedure Inliner took 21.92 ms. Allocated memory is still 1.2 GB. Free memory is still 1.1 GB. There was no memory consumed. Max. memory is 11.5 GB. [2018-11-23 11:59:09,328 INFO L168 Benchmark]: Boogie Preprocessor took 26.02 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 2.7 MB). Peak memory consumption was 2.7 MB. Max. memory is 11.5 GB. [2018-11-23 11:59:09,329 INFO L168 Benchmark]: RCFGBuilder took 314.94 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 28.3 MB). Peak memory consumption was 28.3 MB. Max. memory is 11.5 GB. [2018-11-23 11:59:09,329 INFO L168 Benchmark]: TraceAbstraction took 5451.67 ms. Allocated memory was 1.2 GB in the beginning and 1.2 GB in the end (delta: 50.3 MB). Free memory was 1.1 GB in the beginning and 1.2 GB in the end (delta: -75.9 MB). There was no memory consumed. Max. memory is 11.5 GB. [2018-11-23 11:59:09,329 INFO L168 Benchmark]: Witness Printer took 315.90 ms. Allocated memory is still 1.2 GB. Free memory was 1.2 GB in the beginning and 1.1 GB in the end (delta: 10.6 MB). Peak memory consumption was 10.6 MB. Max. memory is 11.5 GB. [2018-11-23 11:59:09,331 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.15 ms. Allocated memory is still 1.0 GB. Free memory is still 985.6 MB. There was no memory consumed. Max. memory is 11.5 GB. * CACSL2BoogieTranslator took 376.77 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 123.2 MB). Free memory was 957.6 MB in the beginning and 1.1 GB in the end (delta: -151.7 MB). Peak memory consumption was 32.9 MB. Max. memory is 11.5 GB. * Boogie Procedure Inliner took 21.92 ms. Allocated memory is still 1.2 GB. Free memory is still 1.1 GB. There was no memory consumed. Max. memory is 11.5 GB. * Boogie Preprocessor took 26.02 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 2.7 MB). Peak memory consumption was 2.7 MB. Max. memory is 11.5 GB. * RCFGBuilder took 314.94 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 28.3 MB). Peak memory consumption was 28.3 MB. Max. memory is 11.5 GB. * TraceAbstraction took 5451.67 ms. Allocated memory was 1.2 GB in the beginning and 1.2 GB in the end (delta: 50.3 MB). Free memory was 1.1 GB in the beginning and 1.2 GB in the end (delta: -75.9 MB). There was no memory consumed. Max. memory is 11.5 GB. * Witness Printer took 315.90 ms. Allocated memory is still 1.2 GB. Free memory was 1.2 GB in the beginning and 1.1 GB in the end (delta: 10.6 MB). Peak memory consumption was 10.6 MB. Max. memory is 11.5 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - CounterExampleResult [Line: 630]: a call of __VERIFIER_error() is reachable a call of __VERIFIER_error() is reachable We found a FailurePath: [L616] CALL, EXPR _get_nondet_int(2, 5) VAL [\old(from)=2, \old(until)=5] [L609] int len = from; VAL [\old(from)=2, \old(until)=5, from=2, len=2, until=5] [L610] len < until && __VERIFIER_nondet_int() [L610] len < until && __VERIFIER_nondet_int() VAL [\old(from)=2, \old(until)=5, __VERIFIER_nondet_int()=0, from=2, len=2, len < until && __VERIFIER_nondet_int()=0, until=5] [L610] COND FALSE !(len < until && __VERIFIER_nondet_int()) [L613] return len; VAL [\old(from)=2, \old(until)=5, \result=2, from=2, len=2, until=5] [L616] RET, EXPR _get_nondet_int(2, 5) VAL [_get_nondet_int(2, 5)=2] [L616] const int len = _get_nondet_int(2, 5); [L617] SLL s = sll_create(len); VAL [len=2, s={7:0}] [L617] CALL, EXPR sll_create(len) VAL [\old(len)=2] [L564] SLL head = ((void *)0); VAL [\old(len)=2, head={0:0}, len=2] [L565] EXPR len-- VAL [\old(len)=2, head={0:0}, len=1, len--=2] [L565] COND TRUE len-- > 0 [L566] SLL new_head = (SLL) malloc(sizeof(struct node)); VAL [\old(len)=2, head={0:0}, len=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L567] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=2, head={0:0}, len=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L570] new_head->next = head [L571] head = new_head VAL [\old(len)=2, head={6:0}, len=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L565] EXPR len-- VAL [\old(len)=2, head={6:0}, len=0, len--=1, malloc(sizeof(struct node))={6:0}, new_head={6:0}] [L565] COND TRUE len-- > 0 [L566] SLL new_head = (SLL) malloc(sizeof(struct node)); VAL [\old(len)=2, head={6:0}, len=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L567] COND FALSE !(((void *)0) == new_head) VAL [\old(len)=2, head={6:0}, len=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L570] new_head->next = head [L571] head = new_head VAL [\old(len)=2, head={9:0}, len=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L565] EXPR len-- VAL [\old(len)=2, head={9:0}, len=-1, len--=0, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L565] COND FALSE !(len-- > 0) [L573] return head; VAL [\old(len)=2, \result={9:0}, head={9:0}, len=-1, malloc(sizeof(struct node))={9:0}, new_head={9:0}] [L617] RET, EXPR sll_create(len) VAL [len=2, s={7:0}, sll_create(len)={9:0}] [L617] SLL s = sll_create(len); [L618] CALL, EXPR _get_nondet_int(0, len - 1) VAL [\old(from)=0, \old(until)=1] [L609] int len = from; VAL [\old(from)=0, \old(until)=1, from=0, len=0, until=1] [L610] len < until && __VERIFIER_nondet_int() [L610] len < until && __VERIFIER_nondet_int() VAL [\old(from)=0, \old(until)=1, __VERIFIER_nondet_int()=1, from=0, len=0, len < until && __VERIFIER_nondet_int()=1, until=1] [L610] COND TRUE len < until && __VERIFIER_nondet_int() [L611] len++ VAL [\old(from)=0, \old(until)=1, from=0, len=1, until=1] [L610] len < until && __VERIFIER_nondet_int() VAL [\old(from)=0, \old(until)=1, from=0, len=1, len < until && __VERIFIER_nondet_int()=0, until=1] [L610] COND FALSE !(len < until && __VERIFIER_nondet_int()) [L613] return len; VAL [\old(from)=0, \old(until)=1, \result=1, from=0, len=1, until=1] [L618] RET, EXPR _get_nondet_int(0, len - 1) VAL [_get_nondet_int(0, len - 1)=1, len=2, s={7:0}] [L618] const int k = _get_nondet_int(0, len - 1); [L619] int i = 0; VAL [i=0, k=1, len=2, s={7:0}] [L620] i < k && __VERIFIER_nondet_int() [L620] i < k && __VERIFIER_nondet_int() VAL [__VERIFIER_nondet_int()=0, i=0, i < k && __VERIFIER_nondet_int()=0, k=1, len=2, s={7:0}] [L620] COND FALSE !(i < k && __VERIFIER_nondet_int()) [L625] EXPR \read(s) VAL [\read(s)={9:0}, i=0, k=1, len=2, s={7:0}] [L625] CALL, EXPR sll_length(s) VAL [head={9:0}] [L576] int len = 0; VAL [head={9:0}, head={9:0}, len=0] [L577] COND TRUE \read(head) [L578] len++ [L579] EXPR head->next [L579] head = head->next [L577] COND TRUE \read(head) [L578] len++ [L579] EXPR head->next [L579] head = head->next [L577] COND FALSE !(\read(head)) VAL [head={0:0}, head={9:0}, len=2] [L581] return len; VAL [\result=2, head={0:0}, head={9:0}, len=2] [L625] RET, EXPR sll_length(s) VAL [\read(s)={9:0}, i=0, k=1, len=2, s={7:0}, sll_length(s)=2] [L625] COND TRUE k + len != sll_length(s) [L630] __VERIFIER_error() VAL [i=0, k=1, len=2, s={7:0}] - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 69 locations, 1 error locations. UNSAFE Result, 5.4s OverallTime, 9 OverallIterations, 3 TraceHistogramMax, 1.8s AutomataDifference, 0.0s DeadEndRemovalTime, 0.0s HoareAnnotationTime, HoareTripleCheckerStatistics: 487 SDtfs, 264 SDslu, 3991 SDs, 0 SdLazy, 1786 SolverSat, 70 SolverUnsat, 6 SolverUnknown, 0 SolverNotchecked, 1.0s Time, PredicateUnifierStatistics: 0 DeclaredPredicates, 457 GetRequests, 326 SyntacticMatches, 14 SemanticMatches, 117 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 278 ImplicationChecksByTransitivity, 2.6s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=157occurred in iteration=8, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s AbstIntTime, 0 AbstIntIterations, 0 AbstIntStrong, NaN AbsIntWeakeningRatio, NaN AbsIntAvgWeakeningVarsNumRemoved, NaN AbsIntAvgWeakenedConjuncts, 0.0s DumpTime, AutomataMinimizationStatistics: 0.1s AutomataMinimizationTime, 8 MinimizatonAttempts, 102 StatesRemovedByMinimization, 5 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TraceCheckStatistics: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 2.6s InterpolantComputationTime, 803 NumberOfCodeBlocks, 803 NumberOfCodeBlocksAsserted, 18 NumberOfCheckSat, 731 ConstructedInterpolants, 16 QuantifiedInterpolants, 283074 SizeOfPredicates, 38 NumberOfNonLiveVariables, 1380 ConjunctsInSsa, 137 ConjunctsInUnsatCore, 15 InterpolantComputations, 4 PerfectInterpolantSequences, 130/211 InterpolantCoveringCapability, InvariantSynthesisStatistics: No data available, InterpolantConsolidationStatistics: No data available, ReuseStatistics: No data available RESULT: Ultimate proved your program to be incorrect! Received shutdown request...