./Ultimate.py --spec ../sv-benchmarks/c/properties/valid-memsafety.prp --file ../sv-benchmarks/c/list-ext-properties/960521-1_1-3.i --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version 8bd4bc60 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx12G -Xms1G -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/list-ext-properties/960521-1_1-3.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1ea2dc862d4e5ac3143824817093a58b58ef1480 .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... Execution finished normally Writing output log to file Ultimate.log Writing human readable error path to file UltimateCounterExample.errorpath Result: FALSE(valid-free) --- Real Ultimate output --- This is Ultimate 0.1.25-8bd4bc6 [2020-07-29 00:58:22,661 INFO L177 SettingsManager]: Resetting all preferences to default values... [2020-07-29 00:58:22,663 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2020-07-29 00:58:22,676 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2020-07-29 00:58:22,677 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2020-07-29 00:58:22,678 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2020-07-29 00:58:22,680 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2020-07-29 00:58:22,682 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2020-07-29 00:58:22,684 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2020-07-29 00:58:22,685 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2020-07-29 00:58:22,686 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2020-07-29 00:58:22,688 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2020-07-29 00:58:22,688 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2020-07-29 00:58:22,689 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2020-07-29 00:58:22,690 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2020-07-29 00:58:22,692 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2020-07-29 00:58:22,693 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2020-07-29 00:58:22,694 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2020-07-29 00:58:22,696 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2020-07-29 00:58:22,698 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2020-07-29 00:58:22,700 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2020-07-29 00:58:22,701 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2020-07-29 00:58:22,702 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2020-07-29 00:58:22,703 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2020-07-29 00:58:22,706 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2020-07-29 00:58:22,707 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2020-07-29 00:58:22,707 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2020-07-29 00:58:22,708 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2020-07-29 00:58:22,708 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2020-07-29 00:58:22,709 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2020-07-29 00:58:22,710 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2020-07-29 00:58:22,711 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2020-07-29 00:58:22,712 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2020-07-29 00:58:22,713 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2020-07-29 00:58:22,714 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2020-07-29 00:58:22,714 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2020-07-29 00:58:22,715 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2020-07-29 00:58:22,715 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2020-07-29 00:58:22,715 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2020-07-29 00:58:22,716 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2020-07-29 00:58:22,717 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2020-07-29 00:58:22,718 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2020-07-29 00:58:22,732 INFO L113 SettingsManager]: Loading preferences was successful [2020-07-29 00:58:22,733 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2020-07-29 00:58:22,734 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2020-07-29 00:58:22,735 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2020-07-29 00:58:22,735 INFO L138 SettingsManager]: * Use SBE=true [2020-07-29 00:58:22,735 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2020-07-29 00:58:22,736 INFO L138 SettingsManager]: * sizeof long=4 [2020-07-29 00:58:22,736 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2020-07-29 00:58:22,736 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2020-07-29 00:58:22,736 INFO L138 SettingsManager]: * sizeof POINTER=4 [2020-07-29 00:58:22,737 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2020-07-29 00:58:22,738 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2020-07-29 00:58:22,738 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2020-07-29 00:58:22,739 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2020-07-29 00:58:22,739 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2020-07-29 00:58:22,739 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2020-07-29 00:58:22,739 INFO L138 SettingsManager]: * sizeof long double=12 [2020-07-29 00:58:22,740 INFO L138 SettingsManager]: * Use constant arrays=true [2020-07-29 00:58:22,740 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2020-07-29 00:58:22,740 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2020-07-29 00:58:22,741 INFO L138 SettingsManager]: * To the following directory=./dump/ [2020-07-29 00:58:22,741 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2020-07-29 00:58:22,741 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-29 00:58:22,742 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2020-07-29 00:58:22,742 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2020-07-29 00:58:22,742 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2020-07-29 00:58:22,742 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2020-07-29 00:58:22,743 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2020-07-29 00:58:22,743 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1ea2dc862d4e5ac3143824817093a58b58ef1480 [2020-07-29 00:58:23,114 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2020-07-29 00:58:23,135 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2020-07-29 00:58:23,138 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2020-07-29 00:58:23,140 INFO L271 PluginConnector]: Initializing CDTParser... [2020-07-29 00:58:23,143 INFO L275 PluginConnector]: CDTParser initialized [2020-07-29 00:58:23,144 INFO L429 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/list-ext-properties/960521-1_1-3.i [2020-07-29 00:58:23,223 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d6b2e8658/d67c48fcabb24a4a89aa5f501f4bc0d3/FLAG7435294fb [2020-07-29 00:58:23,762 INFO L306 CDTParser]: Found 1 translation units. [2020-07-29 00:58:23,763 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/list-ext-properties/960521-1_1-3.i [2020-07-29 00:58:23,775 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d6b2e8658/d67c48fcabb24a4a89aa5f501f4bc0d3/FLAG7435294fb [2020-07-29 00:58:24,063 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d6b2e8658/d67c48fcabb24a4a89aa5f501f4bc0d3 [2020-07-29 00:58:24,067 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2020-07-29 00:58:24,071 INFO L131 ToolchainWalker]: Walking toolchain with 5 elements. [2020-07-29 00:58:24,072 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2020-07-29 00:58:24,072 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2020-07-29 00:58:24,076 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2020-07-29 00:58:24,077 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 29.07 12:58:24" (1/1) ... [2020-07-29 00:58:24,080 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@1e64d722 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:58:24, skipping insertion in model container [2020-07-29 00:58:24,081 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 29.07 12:58:24" (1/1) ... [2020-07-29 00:58:24,088 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2020-07-29 00:58:24,143 INFO L178 MainTranslator]: Built tables and reachable declarations [2020-07-29 00:58:24,557 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-29 00:58:24,572 INFO L203 MainTranslator]: Completed pre-run [2020-07-29 00:58:24,621 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-29 00:58:24,691 INFO L208 MainTranslator]: Completed translation [2020-07-29 00:58:24,692 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:58:24 WrapperNode [2020-07-29 00:58:24,693 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2020-07-29 00:58:24,694 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2020-07-29 00:58:24,694 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2020-07-29 00:58:24,694 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2020-07-29 00:58:24,708 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:58:24" (1/1) ... [2020-07-29 00:58:24,708 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:58:24" (1/1) ... [2020-07-29 00:58:24,727 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:58:24" (1/1) ... [2020-07-29 00:58:24,727 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:58:24" (1/1) ... [2020-07-29 00:58:24,752 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:58:24" (1/1) ... [2020-07-29 00:58:24,758 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:58:24" (1/1) ... [2020-07-29 00:58:24,761 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:58:24" (1/1) ... [2020-07-29 00:58:24,768 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2020-07-29 00:58:24,769 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2020-07-29 00:58:24,769 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2020-07-29 00:58:24,769 INFO L275 PluginConnector]: RCFGBuilder initialized [2020-07-29 00:58:24,770 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:58:24" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-29 00:58:24,843 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2020-07-29 00:58:24,844 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2020-07-29 00:58:24,844 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_32 [2020-07-29 00:58:24,844 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_64 [2020-07-29 00:58:24,844 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint16_identity [2020-07-29 00:58:24,845 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint32_identity [2020-07-29 00:58:24,845 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint64_identity [2020-07-29 00:58:24,845 INFO L138 BoogieDeclarations]: Found implementation of procedure foo [2020-07-29 00:58:24,845 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2020-07-29 00:58:24,846 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_error [2020-07-29 00:58:24,846 INFO L130 BoogieDeclarations]: Found specification of procedure __ctype_get_mb_cur_max [2020-07-29 00:58:24,846 INFO L130 BoogieDeclarations]: Found specification of procedure atof [2020-07-29 00:58:24,846 INFO L130 BoogieDeclarations]: Found specification of procedure atoi [2020-07-29 00:58:24,846 INFO L130 BoogieDeclarations]: Found specification of procedure atol [2020-07-29 00:58:24,847 INFO L130 BoogieDeclarations]: Found specification of procedure atoll [2020-07-29 00:58:24,847 INFO L130 BoogieDeclarations]: Found specification of procedure strtod [2020-07-29 00:58:24,847 INFO L130 BoogieDeclarations]: Found specification of procedure strtof [2020-07-29 00:58:24,847 INFO L130 BoogieDeclarations]: Found specification of procedure strtold [2020-07-29 00:58:24,848 INFO L130 BoogieDeclarations]: Found specification of procedure strtol [2020-07-29 00:58:24,848 INFO L130 BoogieDeclarations]: Found specification of procedure strtoul [2020-07-29 00:58:24,848 INFO L130 BoogieDeclarations]: Found specification of procedure strtoq [2020-07-29 00:58:24,848 INFO L130 BoogieDeclarations]: Found specification of procedure strtouq [2020-07-29 00:58:24,848 INFO L130 BoogieDeclarations]: Found specification of procedure strtoll [2020-07-29 00:58:24,849 INFO L130 BoogieDeclarations]: Found specification of procedure strtoull [2020-07-29 00:58:24,849 INFO L130 BoogieDeclarations]: Found specification of procedure l64a [2020-07-29 00:58:24,849 INFO L130 BoogieDeclarations]: Found specification of procedure a64l [2020-07-29 00:58:24,849 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_32 [2020-07-29 00:58:24,850 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_64 [2020-07-29 00:58:24,850 INFO L130 BoogieDeclarations]: Found specification of procedure __uint16_identity [2020-07-29 00:58:24,850 INFO L130 BoogieDeclarations]: Found specification of procedure __uint32_identity [2020-07-29 00:58:24,850 INFO L130 BoogieDeclarations]: Found specification of procedure __uint64_identity [2020-07-29 00:58:24,850 INFO L130 BoogieDeclarations]: Found specification of procedure select [2020-07-29 00:58:24,851 INFO L130 BoogieDeclarations]: Found specification of procedure pselect [2020-07-29 00:58:24,851 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_major [2020-07-29 00:58:24,851 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_minor [2020-07-29 00:58:24,851 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_makedev [2020-07-29 00:58:24,852 INFO L130 BoogieDeclarations]: Found specification of procedure random [2020-07-29 00:58:24,852 INFO L130 BoogieDeclarations]: Found specification of procedure srandom [2020-07-29 00:58:24,852 INFO L130 BoogieDeclarations]: Found specification of procedure initstate [2020-07-29 00:58:24,852 INFO L130 BoogieDeclarations]: Found specification of procedure setstate [2020-07-29 00:58:24,853 INFO L130 BoogieDeclarations]: Found specification of procedure random_r [2020-07-29 00:58:24,853 INFO L130 BoogieDeclarations]: Found specification of procedure srandom_r [2020-07-29 00:58:24,853 INFO L130 BoogieDeclarations]: Found specification of procedure initstate_r [2020-07-29 00:58:24,853 INFO L130 BoogieDeclarations]: Found specification of procedure setstate_r [2020-07-29 00:58:24,853 INFO L130 BoogieDeclarations]: Found specification of procedure rand [2020-07-29 00:58:24,854 INFO L130 BoogieDeclarations]: Found specification of procedure srand [2020-07-29 00:58:24,854 INFO L130 BoogieDeclarations]: Found specification of procedure rand_r [2020-07-29 00:58:24,854 INFO L130 BoogieDeclarations]: Found specification of procedure drand48 [2020-07-29 00:58:24,854 INFO L130 BoogieDeclarations]: Found specification of procedure erand48 [2020-07-29 00:58:24,855 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48 [2020-07-29 00:58:24,855 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48 [2020-07-29 00:58:24,855 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48 [2020-07-29 00:58:24,855 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48 [2020-07-29 00:58:24,856 INFO L130 BoogieDeclarations]: Found specification of procedure srand48 [2020-07-29 00:58:24,856 INFO L130 BoogieDeclarations]: Found specification of procedure seed48 [2020-07-29 00:58:24,856 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48 [2020-07-29 00:58:24,856 INFO L130 BoogieDeclarations]: Found specification of procedure drand48_r [2020-07-29 00:58:24,859 INFO L130 BoogieDeclarations]: Found specification of procedure erand48_r [2020-07-29 00:58:24,859 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48_r [2020-07-29 00:58:24,859 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48_r [2020-07-29 00:58:24,859 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48_r [2020-07-29 00:58:24,860 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48_r [2020-07-29 00:58:24,861 INFO L130 BoogieDeclarations]: Found specification of procedure srand48_r [2020-07-29 00:58:24,861 INFO L130 BoogieDeclarations]: Found specification of procedure seed48_r [2020-07-29 00:58:24,861 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48_r [2020-07-29 00:58:24,861 INFO L130 BoogieDeclarations]: Found specification of procedure malloc [2020-07-29 00:58:24,861 INFO L130 BoogieDeclarations]: Found specification of procedure calloc [2020-07-29 00:58:24,862 INFO L130 BoogieDeclarations]: Found specification of procedure realloc [2020-07-29 00:58:24,863 INFO L130 BoogieDeclarations]: Found specification of procedure free [2020-07-29 00:58:24,863 INFO L130 BoogieDeclarations]: Found specification of procedure alloca [2020-07-29 00:58:24,863 INFO L130 BoogieDeclarations]: Found specification of procedure valloc [2020-07-29 00:58:24,864 INFO L130 BoogieDeclarations]: Found specification of procedure posix_memalign [2020-07-29 00:58:24,864 INFO L130 BoogieDeclarations]: Found specification of procedure aligned_alloc [2020-07-29 00:58:24,865 INFO L130 BoogieDeclarations]: Found specification of procedure abort [2020-07-29 00:58:24,866 INFO L130 BoogieDeclarations]: Found specification of procedure atexit [2020-07-29 00:58:24,866 INFO L130 BoogieDeclarations]: Found specification of procedure at_quick_exit [2020-07-29 00:58:24,867 INFO L130 BoogieDeclarations]: Found specification of procedure on_exit [2020-07-29 00:58:24,867 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2020-07-29 00:58:24,868 INFO L130 BoogieDeclarations]: Found specification of procedure quick_exit [2020-07-29 00:58:24,868 INFO L130 BoogieDeclarations]: Found specification of procedure _Exit [2020-07-29 00:58:24,868 INFO L130 BoogieDeclarations]: Found specification of procedure getenv [2020-07-29 00:58:24,868 INFO L130 BoogieDeclarations]: Found specification of procedure putenv [2020-07-29 00:58:24,869 INFO L130 BoogieDeclarations]: Found specification of procedure setenv [2020-07-29 00:58:24,869 INFO L130 BoogieDeclarations]: Found specification of procedure unsetenv [2020-07-29 00:58:24,869 INFO L130 BoogieDeclarations]: Found specification of procedure clearenv [2020-07-29 00:58:24,870 INFO L130 BoogieDeclarations]: Found specification of procedure mktemp [2020-07-29 00:58:24,870 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemp [2020-07-29 00:58:24,870 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemps [2020-07-29 00:58:24,870 INFO L130 BoogieDeclarations]: Found specification of procedure mkdtemp [2020-07-29 00:58:24,871 INFO L130 BoogieDeclarations]: Found specification of procedure system [2020-07-29 00:58:24,871 INFO L130 BoogieDeclarations]: Found specification of procedure realpath [2020-07-29 00:58:24,872 INFO L130 BoogieDeclarations]: Found specification of procedure bsearch [2020-07-29 00:58:24,873 INFO L130 BoogieDeclarations]: Found specification of procedure qsort [2020-07-29 00:58:24,873 INFO L130 BoogieDeclarations]: Found specification of procedure abs [2020-07-29 00:58:24,873 INFO L130 BoogieDeclarations]: Found specification of procedure labs [2020-07-29 00:58:24,873 INFO L130 BoogieDeclarations]: Found specification of procedure llabs [2020-07-29 00:58:24,873 INFO L130 BoogieDeclarations]: Found specification of procedure div [2020-07-29 00:58:24,874 INFO L130 BoogieDeclarations]: Found specification of procedure ldiv [2020-07-29 00:58:24,874 INFO L130 BoogieDeclarations]: Found specification of procedure lldiv [2020-07-29 00:58:24,874 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt [2020-07-29 00:58:24,874 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt [2020-07-29 00:58:24,874 INFO L130 BoogieDeclarations]: Found specification of procedure gcvt [2020-07-29 00:58:24,875 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt [2020-07-29 00:58:24,875 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt [2020-07-29 00:58:24,875 INFO L130 BoogieDeclarations]: Found specification of procedure qgcvt [2020-07-29 00:58:24,875 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt_r [2020-07-29 00:58:24,875 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt_r [2020-07-29 00:58:24,876 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt_r [2020-07-29 00:58:24,876 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt_r [2020-07-29 00:58:24,876 INFO L130 BoogieDeclarations]: Found specification of procedure mblen [2020-07-29 00:58:24,876 INFO L130 BoogieDeclarations]: Found specification of procedure mbtowc [2020-07-29 00:58:24,876 INFO L130 BoogieDeclarations]: Found specification of procedure wctomb [2020-07-29 00:58:24,877 INFO L130 BoogieDeclarations]: Found specification of procedure mbstowcs [2020-07-29 00:58:24,877 INFO L130 BoogieDeclarations]: Found specification of procedure wcstombs [2020-07-29 00:58:24,877 INFO L130 BoogieDeclarations]: Found specification of procedure rpmatch [2020-07-29 00:58:24,877 INFO L130 BoogieDeclarations]: Found specification of procedure getsubopt [2020-07-29 00:58:24,878 INFO L130 BoogieDeclarations]: Found specification of procedure getloadavg [2020-07-29 00:58:24,878 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_int [2020-07-29 00:58:24,878 INFO L130 BoogieDeclarations]: Found specification of procedure foo [2020-07-29 00:58:24,879 INFO L130 BoogieDeclarations]: Found specification of procedure write~int [2020-07-29 00:58:24,879 INFO L130 BoogieDeclarations]: Found specification of procedure main [2020-07-29 00:58:24,879 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2020-07-29 00:58:24,879 INFO L130 BoogieDeclarations]: Found specification of procedure read~int [2020-07-29 00:58:24,880 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2020-07-29 00:58:24,880 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2020-07-29 00:58:24,880 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2020-07-29 00:58:25,558 INFO L290 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2020-07-29 00:58:25,558 INFO L295 CfgBuilder]: Removed 3 assume(true) statements. [2020-07-29 00:58:25,563 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 12:58:25 BoogieIcfgContainer [2020-07-29 00:58:25,563 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2020-07-29 00:58:25,565 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2020-07-29 00:58:25,565 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2020-07-29 00:58:25,569 INFO L275 PluginConnector]: TraceAbstraction initialized [2020-07-29 00:58:25,569 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 29.07 12:58:24" (1/3) ... [2020-07-29 00:58:25,570 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1e660fb0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 29.07 12:58:25, skipping insertion in model container [2020-07-29 00:58:25,571 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:58:24" (2/3) ... [2020-07-29 00:58:25,571 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1e660fb0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 29.07 12:58:25, skipping insertion in model container [2020-07-29 00:58:25,572 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 12:58:25" (3/3) ... [2020-07-29 00:58:25,574 INFO L109 eAbstractionObserver]: Analyzing ICFG 960521-1_1-3.i [2020-07-29 00:58:25,585 INFO L157 ceAbstractionStarter]: Automizer settings: Hoare:false NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2020-07-29 00:58:25,595 INFO L169 ceAbstractionStarter]: Appying trace abstraction to program that has 21 error locations. [2020-07-29 00:58:25,611 INFO L251 AbstractCegarLoop]: Starting to check reachability of 21 error locations. [2020-07-29 00:58:25,634 INFO L375 AbstractCegarLoop]: Interprodecural is true [2020-07-29 00:58:25,635 INFO L376 AbstractCegarLoop]: Hoare is false [2020-07-29 00:58:25,635 INFO L377 AbstractCegarLoop]: Compute interpolants for FPandBP [2020-07-29 00:58:25,635 INFO L378 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2020-07-29 00:58:25,636 INFO L379 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2020-07-29 00:58:25,636 INFO L380 AbstractCegarLoop]: Difference is false [2020-07-29 00:58:25,636 INFO L381 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2020-07-29 00:58:25,637 INFO L385 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2020-07-29 00:58:25,656 INFO L276 IsEmpty]: Start isEmpty. Operand 62 states. [2020-07-29 00:58:25,666 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 10 [2020-07-29 00:58:25,667 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:25,668 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:25,669 INFO L427 AbstractCegarLoop]: === Iteration 1 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:25,675 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:25,676 INFO L82 PathProgramCache]: Analyzing trace with hash 583874427, now seen corresponding path program 1 times [2020-07-29 00:58:25,686 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:25,687 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1467403636] [2020-07-29 00:58:25,688 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:25,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:25,924 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:25,931 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:25,964 INFO L280 TraceCheckUtils]: 0: Hoare triple {70#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {65#true} is VALID [2020-07-29 00:58:25,965 INFO L280 TraceCheckUtils]: 1: Hoare triple {65#true} assume true; {65#true} is VALID [2020-07-29 00:58:25,966 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {65#true} {65#true} #109#return; {65#true} is VALID [2020-07-29 00:58:25,970 INFO L263 TraceCheckUtils]: 0: Hoare triple {65#true} call ULTIMATE.init(); {70#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:25,971 INFO L280 TraceCheckUtils]: 1: Hoare triple {70#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {65#true} is VALID [2020-07-29 00:58:25,971 INFO L280 TraceCheckUtils]: 2: Hoare triple {65#true} assume true; {65#true} is VALID [2020-07-29 00:58:25,972 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {65#true} {65#true} #109#return; {65#true} is VALID [2020-07-29 00:58:25,972 INFO L263 TraceCheckUtils]: 4: Hoare triple {65#true} call #t~ret10 := main(); {65#true} is VALID [2020-07-29 00:58:25,972 INFO L280 TraceCheckUtils]: 5: Hoare triple {65#true} ~n~0 := 1; {65#true} is VALID [2020-07-29 00:58:25,975 INFO L280 TraceCheckUtils]: 6: Hoare triple {65#true} assume !true; {66#false} is VALID [2020-07-29 00:58:25,975 INFO L280 TraceCheckUtils]: 7: Hoare triple {66#false} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {66#false} is VALID [2020-07-29 00:58:25,976 INFO L280 TraceCheckUtils]: 8: Hoare triple {66#false} assume !(1 == #valid[#t~post8.base]); {66#false} is VALID [2020-07-29 00:58:25,977 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:25,978 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1467403636] [2020-07-29 00:58:25,979 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:58:25,980 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2020-07-29 00:58:25,981 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2013040037] [2020-07-29 00:58:25,988 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 9 [2020-07-29 00:58:25,991 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:25,995 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2020-07-29 00:58:26,016 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 9 edges. 9 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:26,017 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2020-07-29 00:58:26,017 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:26,028 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2020-07-29 00:58:26,029 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2020-07-29 00:58:26,032 INFO L87 Difference]: Start difference. First operand 62 states. Second operand 3 states. [2020-07-29 00:58:26,345 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:26,346 INFO L93 Difference]: Finished difference Result 62 states and 65 transitions. [2020-07-29 00:58:26,346 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2020-07-29 00:58:26,347 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 9 [2020-07-29 00:58:26,347 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:26,349 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2020-07-29 00:58:26,381 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 68 transitions. [2020-07-29 00:58:26,381 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2020-07-29 00:58:26,384 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 68 transitions. [2020-07-29 00:58:26,385 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 68 transitions. [2020-07-29 00:58:26,491 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 68 edges. 68 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:26,506 INFO L225 Difference]: With dead ends: 62 [2020-07-29 00:58:26,506 INFO L226 Difference]: Without dead ends: 59 [2020-07-29 00:58:26,509 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2020-07-29 00:58:26,530 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 59 states. [2020-07-29 00:58:26,547 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 59 to 59. [2020-07-29 00:58:26,548 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:26,549 INFO L82 GeneralOperation]: Start isEquivalent. First operand 59 states. Second operand 59 states. [2020-07-29 00:58:26,550 INFO L74 IsIncluded]: Start isIncluded. First operand 59 states. Second operand 59 states. [2020-07-29 00:58:26,550 INFO L87 Difference]: Start difference. First operand 59 states. Second operand 59 states. [2020-07-29 00:58:26,557 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:26,557 INFO L93 Difference]: Finished difference Result 59 states and 62 transitions. [2020-07-29 00:58:26,558 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 62 transitions. [2020-07-29 00:58:26,559 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:26,559 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:26,560 INFO L74 IsIncluded]: Start isIncluded. First operand 59 states. Second operand 59 states. [2020-07-29 00:58:26,560 INFO L87 Difference]: Start difference. First operand 59 states. Second operand 59 states. [2020-07-29 00:58:26,567 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:26,567 INFO L93 Difference]: Finished difference Result 59 states and 62 transitions. [2020-07-29 00:58:26,567 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 62 transitions. [2020-07-29 00:58:26,568 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:26,569 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:26,569 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:26,569 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:26,570 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 59 states. [2020-07-29 00:58:26,574 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 59 states to 59 states and 62 transitions. [2020-07-29 00:58:26,576 INFO L78 Accepts]: Start accepts. Automaton has 59 states and 62 transitions. Word has length 9 [2020-07-29 00:58:26,577 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:26,577 INFO L479 AbstractCegarLoop]: Abstraction has 59 states and 62 transitions. [2020-07-29 00:58:26,577 INFO L480 AbstractCegarLoop]: Interpolant automaton has 3 states. [2020-07-29 00:58:26,578 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 62 transitions. [2020-07-29 00:58:26,578 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 11 [2020-07-29 00:58:26,578 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:26,579 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:26,579 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2020-07-29 00:58:26,580 INFO L427 AbstractCegarLoop]: === Iteration 2 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:26,580 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:26,580 INFO L82 PathProgramCache]: Analyzing trace with hash 920023712, now seen corresponding path program 1 times [2020-07-29 00:58:26,581 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:26,581 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1655952730] [2020-07-29 00:58:26,582 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:26,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:26,756 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:26,759 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:26,769 INFO L280 TraceCheckUtils]: 0: Hoare triple {318#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {312#true} is VALID [2020-07-29 00:58:26,769 INFO L280 TraceCheckUtils]: 1: Hoare triple {312#true} assume true; {312#true} is VALID [2020-07-29 00:58:26,769 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {312#true} {312#true} #109#return; {312#true} is VALID [2020-07-29 00:58:26,772 INFO L263 TraceCheckUtils]: 0: Hoare triple {312#true} call ULTIMATE.init(); {318#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:26,772 INFO L280 TraceCheckUtils]: 1: Hoare triple {318#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {312#true} is VALID [2020-07-29 00:58:26,772 INFO L280 TraceCheckUtils]: 2: Hoare triple {312#true} assume true; {312#true} is VALID [2020-07-29 00:58:26,773 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {312#true} {312#true} #109#return; {312#true} is VALID [2020-07-29 00:58:26,773 INFO L263 TraceCheckUtils]: 4: Hoare triple {312#true} call #t~ret10 := main(); {312#true} is VALID [2020-07-29 00:58:26,774 INFO L280 TraceCheckUtils]: 5: Hoare triple {312#true} ~n~0 := 1; {312#true} is VALID [2020-07-29 00:58:26,774 INFO L280 TraceCheckUtils]: 6: Hoare triple {312#true} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {312#true} is VALID [2020-07-29 00:58:26,774 INFO L280 TraceCheckUtils]: 7: Hoare triple {312#true} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {312#true} is VALID [2020-07-29 00:58:26,777 INFO L280 TraceCheckUtils]: 8: Hoare triple {312#true} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {317#(= 1 (select |#valid| |main_#t~post8.base|))} is VALID [2020-07-29 00:58:26,778 INFO L280 TraceCheckUtils]: 9: Hoare triple {317#(= 1 (select |#valid| |main_#t~post8.base|))} assume !(1 == #valid[#t~post8.base]); {313#false} is VALID [2020-07-29 00:58:26,780 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:26,780 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1655952730] [2020-07-29 00:58:26,781 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:58:26,781 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2020-07-29 00:58:26,781 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [394285014] [2020-07-29 00:58:26,783 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 10 [2020-07-29 00:58:26,784 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:26,784 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2020-07-29 00:58:26,804 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 10 edges. 10 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:26,804 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2020-07-29 00:58:26,804 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:26,805 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2020-07-29 00:58:26,805 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-29 00:58:26,806 INFO L87 Difference]: Start difference. First operand 59 states and 62 transitions. Second operand 4 states. [2020-07-29 00:58:27,170 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:27,171 INFO L93 Difference]: Finished difference Result 58 states and 61 transitions. [2020-07-29 00:58:27,171 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2020-07-29 00:58:27,173 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 10 [2020-07-29 00:58:27,173 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:27,173 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-29 00:58:27,179 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 62 transitions. [2020-07-29 00:58:27,179 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-29 00:58:27,184 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 62 transitions. [2020-07-29 00:58:27,184 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 62 transitions. [2020-07-29 00:58:27,299 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 62 edges. 62 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:27,303 INFO L225 Difference]: With dead ends: 58 [2020-07-29 00:58:27,305 INFO L226 Difference]: Without dead ends: 58 [2020-07-29 00:58:27,306 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-29 00:58:27,307 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 58 states. [2020-07-29 00:58:27,317 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 58 to 58. [2020-07-29 00:58:27,317 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:27,319 INFO L82 GeneralOperation]: Start isEquivalent. First operand 58 states. Second operand 58 states. [2020-07-29 00:58:27,320 INFO L74 IsIncluded]: Start isIncluded. First operand 58 states. Second operand 58 states. [2020-07-29 00:58:27,320 INFO L87 Difference]: Start difference. First operand 58 states. Second operand 58 states. [2020-07-29 00:58:27,327 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:27,327 INFO L93 Difference]: Finished difference Result 58 states and 61 transitions. [2020-07-29 00:58:27,327 INFO L276 IsEmpty]: Start isEmpty. Operand 58 states and 61 transitions. [2020-07-29 00:58:27,328 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:27,329 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:27,330 INFO L74 IsIncluded]: Start isIncluded. First operand 58 states. Second operand 58 states. [2020-07-29 00:58:27,330 INFO L87 Difference]: Start difference. First operand 58 states. Second operand 58 states. [2020-07-29 00:58:27,337 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:27,338 INFO L93 Difference]: Finished difference Result 58 states and 61 transitions. [2020-07-29 00:58:27,338 INFO L276 IsEmpty]: Start isEmpty. Operand 58 states and 61 transitions. [2020-07-29 00:58:27,339 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:27,340 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:27,341 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:27,341 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:27,341 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 58 states. [2020-07-29 00:58:27,345 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 58 states to 58 states and 61 transitions. [2020-07-29 00:58:27,345 INFO L78 Accepts]: Start accepts. Automaton has 58 states and 61 transitions. Word has length 10 [2020-07-29 00:58:27,345 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:27,346 INFO L479 AbstractCegarLoop]: Abstraction has 58 states and 61 transitions. [2020-07-29 00:58:27,346 INFO L480 AbstractCegarLoop]: Interpolant automaton has 4 states. [2020-07-29 00:58:27,346 INFO L276 IsEmpty]: Start isEmpty. Operand 58 states and 61 transitions. [2020-07-29 00:58:27,347 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 11 [2020-07-29 00:58:27,347 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:27,347 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:27,348 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2020-07-29 00:58:27,348 INFO L427 AbstractCegarLoop]: === Iteration 3 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:27,349 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:27,349 INFO L82 PathProgramCache]: Analyzing trace with hash 920023713, now seen corresponding path program 1 times [2020-07-29 00:58:27,349 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:27,350 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1645813342] [2020-07-29 00:58:27,350 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:27,384 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:27,471 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:27,474 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:27,480 INFO L280 TraceCheckUtils]: 0: Hoare triple {560#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {553#true} is VALID [2020-07-29 00:58:27,480 INFO L280 TraceCheckUtils]: 1: Hoare triple {553#true} assume true; {553#true} is VALID [2020-07-29 00:58:27,481 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {553#true} {553#true} #109#return; {553#true} is VALID [2020-07-29 00:58:27,482 INFO L263 TraceCheckUtils]: 0: Hoare triple {553#true} call ULTIMATE.init(); {560#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:27,483 INFO L280 TraceCheckUtils]: 1: Hoare triple {560#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {553#true} is VALID [2020-07-29 00:58:27,483 INFO L280 TraceCheckUtils]: 2: Hoare triple {553#true} assume true; {553#true} is VALID [2020-07-29 00:58:27,483 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {553#true} {553#true} #109#return; {553#true} is VALID [2020-07-29 00:58:27,483 INFO L263 TraceCheckUtils]: 4: Hoare triple {553#true} call #t~ret10 := main(); {553#true} is VALID [2020-07-29 00:58:27,484 INFO L280 TraceCheckUtils]: 5: Hoare triple {553#true} ~n~0 := 1; {558#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:27,485 INFO L280 TraceCheckUtils]: 6: Hoare triple {558#(<= 1 ~n~0)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {558#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:27,485 INFO L280 TraceCheckUtils]: 7: Hoare triple {558#(<= 1 ~n~0)} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {558#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:27,487 INFO L280 TraceCheckUtils]: 8: Hoare triple {558#(<= 1 ~n~0)} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {559#(and (= 0 |main_#t~post8.offset|) (<= 4 (select |#length| |main_#t~post8.base|)))} is VALID [2020-07-29 00:58:27,488 INFO L280 TraceCheckUtils]: 9: Hoare triple {559#(and (= 0 |main_#t~post8.offset|) (<= 4 (select |#length| |main_#t~post8.base|)))} assume !(4 + #t~post8.offset <= #length[#t~post8.base] && 0 <= #t~post8.offset); {554#false} is VALID [2020-07-29 00:58:27,489 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:27,489 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1645813342] [2020-07-29 00:58:27,490 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:58:27,490 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2020-07-29 00:58:27,490 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [679067506] [2020-07-29 00:58:27,490 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 10 [2020-07-29 00:58:27,491 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:27,491 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2020-07-29 00:58:27,505 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 10 edges. 10 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:27,505 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2020-07-29 00:58:27,505 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:27,505 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2020-07-29 00:58:27,506 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2020-07-29 00:58:27,506 INFO L87 Difference]: Start difference. First operand 58 states and 61 transitions. Second operand 5 states. [2020-07-29 00:58:27,944 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:27,945 INFO L93 Difference]: Finished difference Result 57 states and 60 transitions. [2020-07-29 00:58:27,945 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2020-07-29 00:58:27,945 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 10 [2020-07-29 00:58:27,945 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:27,946 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:58:27,949 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 61 transitions. [2020-07-29 00:58:27,949 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:58:27,952 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 61 transitions. [2020-07-29 00:58:27,952 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 61 transitions. [2020-07-29 00:58:28,068 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 61 edges. 61 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:28,071 INFO L225 Difference]: With dead ends: 57 [2020-07-29 00:58:28,071 INFO L226 Difference]: Without dead ends: 57 [2020-07-29 00:58:28,071 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2020-07-29 00:58:28,072 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 57 states. [2020-07-29 00:58:28,076 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 57 to 57. [2020-07-29 00:58:28,077 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:28,077 INFO L82 GeneralOperation]: Start isEquivalent. First operand 57 states. Second operand 57 states. [2020-07-29 00:58:28,077 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand 57 states. [2020-07-29 00:58:28,077 INFO L87 Difference]: Start difference. First operand 57 states. Second operand 57 states. [2020-07-29 00:58:28,080 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:28,081 INFO L93 Difference]: Finished difference Result 57 states and 60 transitions. [2020-07-29 00:58:28,081 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 60 transitions. [2020-07-29 00:58:28,081 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:28,082 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:28,082 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand 57 states. [2020-07-29 00:58:28,082 INFO L87 Difference]: Start difference. First operand 57 states. Second operand 57 states. [2020-07-29 00:58:28,085 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:28,086 INFO L93 Difference]: Finished difference Result 57 states and 60 transitions. [2020-07-29 00:58:28,086 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 60 transitions. [2020-07-29 00:58:28,086 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:28,087 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:28,087 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:28,087 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:28,087 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 57 states. [2020-07-29 00:58:28,090 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 57 states to 57 states and 60 transitions. [2020-07-29 00:58:28,090 INFO L78 Accepts]: Start accepts. Automaton has 57 states and 60 transitions. Word has length 10 [2020-07-29 00:58:28,090 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:28,090 INFO L479 AbstractCegarLoop]: Abstraction has 57 states and 60 transitions. [2020-07-29 00:58:28,090 INFO L480 AbstractCegarLoop]: Interpolant automaton has 5 states. [2020-07-29 00:58:28,091 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 60 transitions. [2020-07-29 00:58:28,091 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 16 [2020-07-29 00:58:28,091 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:28,091 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:28,091 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2020-07-29 00:58:28,092 INFO L427 AbstractCegarLoop]: === Iteration 4 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:28,092 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:28,092 INFO L82 PathProgramCache]: Analyzing trace with hash 944956531, now seen corresponding path program 1 times [2020-07-29 00:58:28,092 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:28,093 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1625684715] [2020-07-29 00:58:28,093 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:28,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:28,181 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:28,183 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:28,189 INFO L280 TraceCheckUtils]: 0: Hoare triple {801#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {795#true} is VALID [2020-07-29 00:58:28,190 INFO L280 TraceCheckUtils]: 1: Hoare triple {795#true} assume true; {795#true} is VALID [2020-07-29 00:58:28,190 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {795#true} {795#true} #109#return; {795#true} is VALID [2020-07-29 00:58:28,192 INFO L263 TraceCheckUtils]: 0: Hoare triple {795#true} call ULTIMATE.init(); {801#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:28,192 INFO L280 TraceCheckUtils]: 1: Hoare triple {801#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {795#true} is VALID [2020-07-29 00:58:28,192 INFO L280 TraceCheckUtils]: 2: Hoare triple {795#true} assume true; {795#true} is VALID [2020-07-29 00:58:28,193 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {795#true} {795#true} #109#return; {795#true} is VALID [2020-07-29 00:58:28,193 INFO L263 TraceCheckUtils]: 4: Hoare triple {795#true} call #t~ret10 := main(); {795#true} is VALID [2020-07-29 00:58:28,193 INFO L280 TraceCheckUtils]: 5: Hoare triple {795#true} ~n~0 := 1; {795#true} is VALID [2020-07-29 00:58:28,193 INFO L280 TraceCheckUtils]: 6: Hoare triple {795#true} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {795#true} is VALID [2020-07-29 00:58:28,194 INFO L280 TraceCheckUtils]: 7: Hoare triple {795#true} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {795#true} is VALID [2020-07-29 00:58:28,195 INFO L280 TraceCheckUtils]: 8: Hoare triple {795#true} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {800#(= 1 (select |#valid| ~a~0.base))} is VALID [2020-07-29 00:58:28,196 INFO L280 TraceCheckUtils]: 9: Hoare triple {800#(= 1 (select |#valid| ~a~0.base))} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {800#(= 1 (select |#valid| ~a~0.base))} is VALID [2020-07-29 00:58:28,197 INFO L280 TraceCheckUtils]: 10: Hoare triple {800#(= 1 (select |#valid| ~a~0.base))} havoc #t~post8.base, #t~post8.offset; {800#(= 1 (select |#valid| ~a~0.base))} is VALID [2020-07-29 00:58:28,198 INFO L263 TraceCheckUtils]: 11: Hoare triple {800#(= 1 (select |#valid| ~a~0.base))} call foo(); {800#(= 1 (select |#valid| ~a~0.base))} is VALID [2020-07-29 00:58:28,199 INFO L280 TraceCheckUtils]: 12: Hoare triple {800#(= 1 (select |#valid| ~a~0.base))} havoc ~i~0;~i~0 := 0; {800#(= 1 (select |#valid| ~a~0.base))} is VALID [2020-07-29 00:58:28,199 INFO L280 TraceCheckUtils]: 13: Hoare triple {800#(= 1 (select |#valid| ~a~0.base))} assume !!(~i~0 < ~n~0); {800#(= 1 (select |#valid| ~a~0.base))} is VALID [2020-07-29 00:58:28,200 INFO L280 TraceCheckUtils]: 14: Hoare triple {800#(= 1 (select |#valid| ~a~0.base))} assume !(1 == #valid[~a~0.base]); {796#false} is VALID [2020-07-29 00:58:28,201 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:28,202 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1625684715] [2020-07-29 00:58:28,202 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:58:28,202 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2020-07-29 00:58:28,202 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [938538398] [2020-07-29 00:58:28,203 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 15 [2020-07-29 00:58:28,203 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:28,203 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2020-07-29 00:58:28,235 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 15 edges. 15 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:28,235 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2020-07-29 00:58:28,235 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:28,236 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2020-07-29 00:58:28,236 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-29 00:58:28,236 INFO L87 Difference]: Start difference. First operand 57 states and 60 transitions. Second operand 4 states. [2020-07-29 00:58:28,518 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:28,518 INFO L93 Difference]: Finished difference Result 54 states and 57 transitions. [2020-07-29 00:58:28,518 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2020-07-29 00:58:28,518 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 15 [2020-07-29 00:58:28,519 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:28,519 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-29 00:58:28,522 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 60 transitions. [2020-07-29 00:58:28,522 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-29 00:58:28,524 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 60 transitions. [2020-07-29 00:58:28,525 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 60 transitions. [2020-07-29 00:58:28,627 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 60 edges. 60 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:28,629 INFO L225 Difference]: With dead ends: 54 [2020-07-29 00:58:28,630 INFO L226 Difference]: Without dead ends: 54 [2020-07-29 00:58:28,630 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2020-07-29 00:58:28,631 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 54 states. [2020-07-29 00:58:28,634 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 54 to 54. [2020-07-29 00:58:28,635 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:28,635 INFO L82 GeneralOperation]: Start isEquivalent. First operand 54 states. Second operand 54 states. [2020-07-29 00:58:28,635 INFO L74 IsIncluded]: Start isIncluded. First operand 54 states. Second operand 54 states. [2020-07-29 00:58:28,635 INFO L87 Difference]: Start difference. First operand 54 states. Second operand 54 states. [2020-07-29 00:58:28,638 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:28,638 INFO L93 Difference]: Finished difference Result 54 states and 57 transitions. [2020-07-29 00:58:28,638 INFO L276 IsEmpty]: Start isEmpty. Operand 54 states and 57 transitions. [2020-07-29 00:58:28,639 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:28,639 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:28,639 INFO L74 IsIncluded]: Start isIncluded. First operand 54 states. Second operand 54 states. [2020-07-29 00:58:28,639 INFO L87 Difference]: Start difference. First operand 54 states. Second operand 54 states. [2020-07-29 00:58:28,641 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:28,642 INFO L93 Difference]: Finished difference Result 54 states and 57 transitions. [2020-07-29 00:58:28,642 INFO L276 IsEmpty]: Start isEmpty. Operand 54 states and 57 transitions. [2020-07-29 00:58:28,642 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:28,643 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:28,643 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:28,643 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:28,643 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 54 states. [2020-07-29 00:58:28,645 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 54 states to 54 states and 57 transitions. [2020-07-29 00:58:28,646 INFO L78 Accepts]: Start accepts. Automaton has 54 states and 57 transitions. Word has length 15 [2020-07-29 00:58:28,646 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:28,646 INFO L479 AbstractCegarLoop]: Abstraction has 54 states and 57 transitions. [2020-07-29 00:58:28,646 INFO L480 AbstractCegarLoop]: Interpolant automaton has 4 states. [2020-07-29 00:58:28,646 INFO L276 IsEmpty]: Start isEmpty. Operand 54 states and 57 transitions. [2020-07-29 00:58:28,647 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 16 [2020-07-29 00:58:28,647 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:28,647 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:28,647 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2020-07-29 00:58:28,647 INFO L427 AbstractCegarLoop]: === Iteration 5 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:28,648 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:28,648 INFO L82 PathProgramCache]: Analyzing trace with hash 944956532, now seen corresponding path program 1 times [2020-07-29 00:58:28,648 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:28,648 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [64147472] [2020-07-29 00:58:28,649 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:28,682 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:28,782 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:28,784 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:28,800 INFO L280 TraceCheckUtils]: 0: Hoare triple {1030#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {1022#true} is VALID [2020-07-29 00:58:28,801 INFO L280 TraceCheckUtils]: 1: Hoare triple {1022#true} assume true; {1022#true} is VALID [2020-07-29 00:58:28,801 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1022#true} {1022#true} #109#return; {1022#true} is VALID [2020-07-29 00:58:28,802 INFO L263 TraceCheckUtils]: 0: Hoare triple {1022#true} call ULTIMATE.init(); {1030#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:28,803 INFO L280 TraceCheckUtils]: 1: Hoare triple {1030#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {1022#true} is VALID [2020-07-29 00:58:28,803 INFO L280 TraceCheckUtils]: 2: Hoare triple {1022#true} assume true; {1022#true} is VALID [2020-07-29 00:58:28,803 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1022#true} {1022#true} #109#return; {1022#true} is VALID [2020-07-29 00:58:28,804 INFO L263 TraceCheckUtils]: 4: Hoare triple {1022#true} call #t~ret10 := main(); {1022#true} is VALID [2020-07-29 00:58:28,806 INFO L280 TraceCheckUtils]: 5: Hoare triple {1022#true} ~n~0 := 1; {1027#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:28,806 INFO L280 TraceCheckUtils]: 6: Hoare triple {1027#(<= 1 ~n~0)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {1027#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:28,807 INFO L280 TraceCheckUtils]: 7: Hoare triple {1027#(<= 1 ~n~0)} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {1027#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:28,809 INFO L280 TraceCheckUtils]: 8: Hoare triple {1027#(<= 1 ~n~0)} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {1028#(and (<= 4 (select |#length| ~a~0.base)) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:28,810 INFO L280 TraceCheckUtils]: 9: Hoare triple {1028#(and (<= 4 (select |#length| ~a~0.base)) (= ~a~0.offset 0))} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {1028#(and (<= 4 (select |#length| ~a~0.base)) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:28,811 INFO L280 TraceCheckUtils]: 10: Hoare triple {1028#(and (<= 4 (select |#length| ~a~0.base)) (= ~a~0.offset 0))} havoc #t~post8.base, #t~post8.offset; {1028#(and (<= 4 (select |#length| ~a~0.base)) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:28,812 INFO L263 TraceCheckUtils]: 11: Hoare triple {1028#(and (<= 4 (select |#length| ~a~0.base)) (= ~a~0.offset 0))} call foo(); {1028#(and (<= 4 (select |#length| ~a~0.base)) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:28,812 INFO L280 TraceCheckUtils]: 12: Hoare triple {1028#(and (<= 4 (select |#length| ~a~0.base)) (= ~a~0.offset 0))} havoc ~i~0;~i~0 := 0; {1029#(and (<= 4 (select |#length| ~a~0.base)) (= 0 foo_~i~0) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:28,813 INFO L280 TraceCheckUtils]: 13: Hoare triple {1029#(and (<= 4 (select |#length| ~a~0.base)) (= 0 foo_~i~0) (= ~a~0.offset 0))} assume !!(~i~0 < ~n~0); {1029#(and (<= 4 (select |#length| ~a~0.base)) (= 0 foo_~i~0) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:28,814 INFO L280 TraceCheckUtils]: 14: Hoare triple {1029#(and (<= 4 (select |#length| ~a~0.base)) (= 0 foo_~i~0) (= ~a~0.offset 0))} assume !(4 + (~a~0.offset + 4 * ~i~0) <= #length[~a~0.base] && 0 <= ~a~0.offset + 4 * ~i~0); {1023#false} is VALID [2020-07-29 00:58:28,815 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:28,815 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [64147472] [2020-07-29 00:58:28,815 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:58:28,816 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2020-07-29 00:58:28,816 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1076302035] [2020-07-29 00:58:28,816 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 15 [2020-07-29 00:58:28,816 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:28,817 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2020-07-29 00:58:28,835 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 15 edges. 15 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:28,835 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2020-07-29 00:58:28,836 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:28,836 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2020-07-29 00:58:28,836 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2020-07-29 00:58:28,836 INFO L87 Difference]: Start difference. First operand 54 states and 57 transitions. Second operand 6 states. [2020-07-29 00:58:29,373 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:29,373 INFO L93 Difference]: Finished difference Result 62 states and 66 transitions. [2020-07-29 00:58:29,373 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2020-07-29 00:58:29,373 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 15 [2020-07-29 00:58:29,373 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:29,374 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-29 00:58:29,379 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 70 transitions. [2020-07-29 00:58:29,380 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-29 00:58:29,383 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 70 transitions. [2020-07-29 00:58:29,384 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 70 transitions. [2020-07-29 00:58:29,486 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 70 edges. 70 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:29,488 INFO L225 Difference]: With dead ends: 62 [2020-07-29 00:58:29,488 INFO L226 Difference]: Without dead ends: 62 [2020-07-29 00:58:29,489 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=44, Unknown=0, NotChecked=0, Total=72 [2020-07-29 00:58:29,491 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 62 states. [2020-07-29 00:58:29,495 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 62 to 54. [2020-07-29 00:58:29,495 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:29,496 INFO L82 GeneralOperation]: Start isEquivalent. First operand 62 states. Second operand 54 states. [2020-07-29 00:58:29,496 INFO L74 IsIncluded]: Start isIncluded. First operand 62 states. Second operand 54 states. [2020-07-29 00:58:29,496 INFO L87 Difference]: Start difference. First operand 62 states. Second operand 54 states. [2020-07-29 00:58:29,499 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:29,500 INFO L93 Difference]: Finished difference Result 62 states and 66 transitions. [2020-07-29 00:58:29,500 INFO L276 IsEmpty]: Start isEmpty. Operand 62 states and 66 transitions. [2020-07-29 00:58:29,501 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:29,501 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:29,501 INFO L74 IsIncluded]: Start isIncluded. First operand 54 states. Second operand 62 states. [2020-07-29 00:58:29,501 INFO L87 Difference]: Start difference. First operand 54 states. Second operand 62 states. [2020-07-29 00:58:29,504 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:29,504 INFO L93 Difference]: Finished difference Result 62 states and 66 transitions. [2020-07-29 00:58:29,504 INFO L276 IsEmpty]: Start isEmpty. Operand 62 states and 66 transitions. [2020-07-29 00:58:29,505 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:29,505 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:29,505 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:29,510 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:29,510 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 54 states. [2020-07-29 00:58:29,512 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 54 states to 54 states and 57 transitions. [2020-07-29 00:58:29,512 INFO L78 Accepts]: Start accepts. Automaton has 54 states and 57 transitions. Word has length 15 [2020-07-29 00:58:29,512 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:29,512 INFO L479 AbstractCegarLoop]: Abstraction has 54 states and 57 transitions. [2020-07-29 00:58:29,512 INFO L480 AbstractCegarLoop]: Interpolant automaton has 6 states. [2020-07-29 00:58:29,512 INFO L276 IsEmpty]: Start isEmpty. Operand 54 states and 57 transitions. [2020-07-29 00:58:29,513 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 19 [2020-07-29 00:58:29,513 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:29,514 INFO L422 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:29,515 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2020-07-29 00:58:29,515 INFO L427 AbstractCegarLoop]: === Iteration 6 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:29,515 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:29,516 INFO L82 PathProgramCache]: Analyzing trace with hash 1984403550, now seen corresponding path program 1 times [2020-07-29 00:58:29,516 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:29,516 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1849188756] [2020-07-29 00:58:29,517 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:29,548 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:29,627 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:29,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:29,636 INFO L280 TraceCheckUtils]: 0: Hoare triple {1287#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {1279#true} is VALID [2020-07-29 00:58:29,637 INFO L280 TraceCheckUtils]: 1: Hoare triple {1279#true} assume true; {1279#true} is VALID [2020-07-29 00:58:29,637 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1279#true} {1279#true} #109#return; {1279#true} is VALID [2020-07-29 00:58:29,639 INFO L263 TraceCheckUtils]: 0: Hoare triple {1279#true} call ULTIMATE.init(); {1287#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:29,639 INFO L280 TraceCheckUtils]: 1: Hoare triple {1287#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {1279#true} is VALID [2020-07-29 00:58:29,640 INFO L280 TraceCheckUtils]: 2: Hoare triple {1279#true} assume true; {1279#true} is VALID [2020-07-29 00:58:29,640 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1279#true} {1279#true} #109#return; {1279#true} is VALID [2020-07-29 00:58:29,641 INFO L263 TraceCheckUtils]: 4: Hoare triple {1279#true} call #t~ret10 := main(); {1279#true} is VALID [2020-07-29 00:58:29,642 INFO L280 TraceCheckUtils]: 5: Hoare triple {1279#true} ~n~0 := 1; {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,643 INFO L280 TraceCheckUtils]: 6: Hoare triple {1284#(<= ~n~0 1)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,644 INFO L280 TraceCheckUtils]: 7: Hoare triple {1284#(<= ~n~0 1)} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,644 INFO L280 TraceCheckUtils]: 8: Hoare triple {1284#(<= ~n~0 1)} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,645 INFO L280 TraceCheckUtils]: 9: Hoare triple {1284#(<= ~n~0 1)} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,646 INFO L280 TraceCheckUtils]: 10: Hoare triple {1284#(<= ~n~0 1)} havoc #t~post8.base, #t~post8.offset; {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,647 INFO L263 TraceCheckUtils]: 11: Hoare triple {1284#(<= ~n~0 1)} call foo(); {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,648 INFO L280 TraceCheckUtils]: 12: Hoare triple {1284#(<= ~n~0 1)} havoc ~i~0;~i~0 := 0; {1285#(and (= 0 foo_~i~0) (<= ~n~0 1))} is VALID [2020-07-29 00:58:29,650 INFO L280 TraceCheckUtils]: 13: Hoare triple {1285#(and (= 0 foo_~i~0) (<= ~n~0 1))} assume !!(~i~0 < ~n~0); {1285#(and (= 0 foo_~i~0) (<= ~n~0 1))} is VALID [2020-07-29 00:58:29,651 INFO L280 TraceCheckUtils]: 14: Hoare triple {1285#(and (= 0 foo_~i~0) (<= ~n~0 1))} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {1285#(and (= 0 foo_~i~0) (<= ~n~0 1))} is VALID [2020-07-29 00:58:29,652 INFO L280 TraceCheckUtils]: 15: Hoare triple {1285#(and (= 0 foo_~i~0) (<= ~n~0 1))} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {1286#(<= ~n~0 foo_~i~0)} is VALID [2020-07-29 00:58:29,653 INFO L280 TraceCheckUtils]: 16: Hoare triple {1286#(<= ~n~0 foo_~i~0)} assume !!(~i~0 < ~n~0); {1280#false} is VALID [2020-07-29 00:58:29,654 INFO L280 TraceCheckUtils]: 17: Hoare triple {1280#false} assume !(4 + (~a~0.offset + 4 * ~i~0) <= #length[~a~0.base] && 0 <= ~a~0.offset + 4 * ~i~0); {1280#false} is VALID [2020-07-29 00:58:29,655 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:29,655 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1849188756] [2020-07-29 00:58:29,656 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1647910616] [2020-07-29 00:58:29,656 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:58:29,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:29,773 INFO L263 TraceCheckSpWp]: Trace formula consists of 130 conjuncts, 4 conjunts are in the unsatisfiable core [2020-07-29 00:58:29,783 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:29,789 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 00:58:29,948 INFO L263 TraceCheckUtils]: 0: Hoare triple {1279#true} call ULTIMATE.init(); {1279#true} is VALID [2020-07-29 00:58:29,949 INFO L280 TraceCheckUtils]: 1: Hoare triple {1279#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {1279#true} is VALID [2020-07-29 00:58:29,949 INFO L280 TraceCheckUtils]: 2: Hoare triple {1279#true} assume true; {1279#true} is VALID [2020-07-29 00:58:29,949 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1279#true} {1279#true} #109#return; {1279#true} is VALID [2020-07-29 00:58:29,950 INFO L263 TraceCheckUtils]: 4: Hoare triple {1279#true} call #t~ret10 := main(); {1279#true} is VALID [2020-07-29 00:58:29,951 INFO L280 TraceCheckUtils]: 5: Hoare triple {1279#true} ~n~0 := 1; {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,952 INFO L280 TraceCheckUtils]: 6: Hoare triple {1284#(<= ~n~0 1)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,952 INFO L280 TraceCheckUtils]: 7: Hoare triple {1284#(<= ~n~0 1)} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,953 INFO L280 TraceCheckUtils]: 8: Hoare triple {1284#(<= ~n~0 1)} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,954 INFO L280 TraceCheckUtils]: 9: Hoare triple {1284#(<= ~n~0 1)} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,955 INFO L280 TraceCheckUtils]: 10: Hoare triple {1284#(<= ~n~0 1)} havoc #t~post8.base, #t~post8.offset; {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,956 INFO L263 TraceCheckUtils]: 11: Hoare triple {1284#(<= ~n~0 1)} call foo(); {1284#(<= ~n~0 1)} is VALID [2020-07-29 00:58:29,957 INFO L280 TraceCheckUtils]: 12: Hoare triple {1284#(<= ~n~0 1)} havoc ~i~0;~i~0 := 0; {1327#(and (<= 0 foo_~i~0) (<= ~n~0 1))} is VALID [2020-07-29 00:58:29,958 INFO L280 TraceCheckUtils]: 13: Hoare triple {1327#(and (<= 0 foo_~i~0) (<= ~n~0 1))} assume !!(~i~0 < ~n~0); {1327#(and (<= 0 foo_~i~0) (<= ~n~0 1))} is VALID [2020-07-29 00:58:29,959 INFO L280 TraceCheckUtils]: 14: Hoare triple {1327#(and (<= 0 foo_~i~0) (<= ~n~0 1))} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {1327#(and (<= 0 foo_~i~0) (<= ~n~0 1))} is VALID [2020-07-29 00:58:29,960 INFO L280 TraceCheckUtils]: 15: Hoare triple {1327#(and (<= 0 foo_~i~0) (<= ~n~0 1))} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {1337#(and (<= 1 foo_~i~0) (<= ~n~0 1))} is VALID [2020-07-29 00:58:29,962 INFO L280 TraceCheckUtils]: 16: Hoare triple {1337#(and (<= 1 foo_~i~0) (<= ~n~0 1))} assume !!(~i~0 < ~n~0); {1280#false} is VALID [2020-07-29 00:58:29,962 INFO L280 TraceCheckUtils]: 17: Hoare triple {1280#false} assume !(4 + (~a~0.offset + 4 * ~i~0) <= #length[~a~0.base] && 0 <= ~a~0.offset + 4 * ~i~0); {1280#false} is VALID [2020-07-29 00:58:29,963 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:29,964 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 1 imperfect interpolant sequences. [2020-07-29 00:58:29,964 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [6] total 8 [2020-07-29 00:58:29,964 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1169305642] [2020-07-29 00:58:29,965 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 18 [2020-07-29 00:58:29,965 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:29,965 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2020-07-29 00:58:29,989 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 18 edges. 18 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:29,989 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2020-07-29 00:58:29,989 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:29,990 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2020-07-29 00:58:29,990 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2020-07-29 00:58:29,990 INFO L87 Difference]: Start difference. First operand 54 states and 57 transitions. Second operand 5 states. [2020-07-29 00:58:30,208 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:30,208 INFO L93 Difference]: Finished difference Result 96 states and 100 transitions. [2020-07-29 00:58:30,208 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2020-07-29 00:58:30,208 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 18 [2020-07-29 00:58:30,209 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:30,209 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:58:30,212 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 100 transitions. [2020-07-29 00:58:30,212 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:58:30,215 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 100 transitions. [2020-07-29 00:58:30,215 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 100 transitions. [2020-07-29 00:58:30,340 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 100 edges. 100 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:30,342 INFO L225 Difference]: With dead ends: 96 [2020-07-29 00:58:30,342 INFO L226 Difference]: Without dead ends: 96 [2020-07-29 00:58:30,343 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 24 GetRequests, 18 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2020-07-29 00:58:30,344 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 96 states. [2020-07-29 00:58:30,348 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 96 to 69. [2020-07-29 00:58:30,349 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:30,349 INFO L82 GeneralOperation]: Start isEquivalent. First operand 96 states. Second operand 69 states. [2020-07-29 00:58:30,349 INFO L74 IsIncluded]: Start isIncluded. First operand 96 states. Second operand 69 states. [2020-07-29 00:58:30,349 INFO L87 Difference]: Start difference. First operand 96 states. Second operand 69 states. [2020-07-29 00:58:30,353 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:30,353 INFO L93 Difference]: Finished difference Result 96 states and 100 transitions. [2020-07-29 00:58:30,353 INFO L276 IsEmpty]: Start isEmpty. Operand 96 states and 100 transitions. [2020-07-29 00:58:30,354 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:30,354 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:30,354 INFO L74 IsIncluded]: Start isIncluded. First operand 69 states. Second operand 96 states. [2020-07-29 00:58:30,354 INFO L87 Difference]: Start difference. First operand 69 states. Second operand 96 states. [2020-07-29 00:58:30,358 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:30,358 INFO L93 Difference]: Finished difference Result 96 states and 100 transitions. [2020-07-29 00:58:30,358 INFO L276 IsEmpty]: Start isEmpty. Operand 96 states and 100 transitions. [2020-07-29 00:58:30,359 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:30,359 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:30,359 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:30,359 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:30,359 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 69 states. [2020-07-29 00:58:30,362 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 69 states to 69 states and 73 transitions. [2020-07-29 00:58:30,362 INFO L78 Accepts]: Start accepts. Automaton has 69 states and 73 transitions. Word has length 18 [2020-07-29 00:58:30,362 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:30,362 INFO L479 AbstractCegarLoop]: Abstraction has 69 states and 73 transitions. [2020-07-29 00:58:30,362 INFO L480 AbstractCegarLoop]: Interpolant automaton has 5 states. [2020-07-29 00:58:30,363 INFO L276 IsEmpty]: Start isEmpty. Operand 69 states and 73 transitions. [2020-07-29 00:58:30,363 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2020-07-29 00:58:30,363 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:30,363 INFO L422 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:30,578 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable5 [2020-07-29 00:58:30,579 INFO L427 AbstractCegarLoop]: === Iteration 7 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:30,580 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:30,580 INFO L82 PathProgramCache]: Analyzing trace with hash 813250499, now seen corresponding path program 1 times [2020-07-29 00:58:30,581 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:30,581 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1938251610] [2020-07-29 00:58:30,582 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:30,610 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:30,827 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:30,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:30,837 INFO L280 TraceCheckUtils]: 0: Hoare triple {1710#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {1700#true} is VALID [2020-07-29 00:58:30,838 INFO L280 TraceCheckUtils]: 1: Hoare triple {1700#true} assume true; {1700#true} is VALID [2020-07-29 00:58:30,838 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1700#true} {1700#true} #109#return; {1700#true} is VALID [2020-07-29 00:58:30,840 INFO L263 TraceCheckUtils]: 0: Hoare triple {1700#true} call ULTIMATE.init(); {1710#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:30,840 INFO L280 TraceCheckUtils]: 1: Hoare triple {1710#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {1700#true} is VALID [2020-07-29 00:58:30,840 INFO L280 TraceCheckUtils]: 2: Hoare triple {1700#true} assume true; {1700#true} is VALID [2020-07-29 00:58:30,841 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1700#true} {1700#true} #109#return; {1700#true} is VALID [2020-07-29 00:58:30,841 INFO L263 TraceCheckUtils]: 4: Hoare triple {1700#true} call #t~ret10 := main(); {1700#true} is VALID [2020-07-29 00:58:30,858 INFO L280 TraceCheckUtils]: 5: Hoare triple {1700#true} ~n~0 := 1; {1705#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:30,859 INFO L280 TraceCheckUtils]: 6: Hoare triple {1705#(<= 1 ~n~0)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {1705#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:30,861 INFO L280 TraceCheckUtils]: 7: Hoare triple {1705#(<= 1 ~n~0)} assume !!(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4;#t~post5 := ~n~0;~n~0 := 1 + #t~post5;havoc #t~post5; {1706#(<= 2 ~n~0)} is VALID [2020-07-29 00:58:30,862 INFO L280 TraceCheckUtils]: 8: Hoare triple {1706#(<= 2 ~n~0)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {1706#(<= 2 ~n~0)} is VALID [2020-07-29 00:58:30,862 INFO L280 TraceCheckUtils]: 9: Hoare triple {1706#(<= 2 ~n~0)} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {1706#(<= 2 ~n~0)} is VALID [2020-07-29 00:58:30,864 INFO L280 TraceCheckUtils]: 10: Hoare triple {1706#(<= 2 ~n~0)} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {1707#(and (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} is VALID [2020-07-29 00:58:30,867 INFO L280 TraceCheckUtils]: 11: Hoare triple {1707#(and (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {1707#(and (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} is VALID [2020-07-29 00:58:30,871 INFO L280 TraceCheckUtils]: 12: Hoare triple {1707#(and (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} havoc #t~post8.base, #t~post8.offset; {1707#(and (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} is VALID [2020-07-29 00:58:30,872 INFO L263 TraceCheckUtils]: 13: Hoare triple {1707#(and (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} call foo(); {1707#(and (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} is VALID [2020-07-29 00:58:30,873 INFO L280 TraceCheckUtils]: 14: Hoare triple {1707#(and (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} havoc ~i~0;~i~0 := 0; {1708#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} is VALID [2020-07-29 00:58:30,874 INFO L280 TraceCheckUtils]: 15: Hoare triple {1708#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} assume !!(~i~0 < ~n~0); {1708#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} is VALID [2020-07-29 00:58:30,876 INFO L280 TraceCheckUtils]: 16: Hoare triple {1708#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {1708#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} is VALID [2020-07-29 00:58:30,877 INFO L280 TraceCheckUtils]: 17: Hoare triple {1708#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (<= 8 (select |#length| ~a~0.base)))} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {1709#(and (<= (+ (* 4 foo_~i~0) 4) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 1 foo_~i~0))} is VALID [2020-07-29 00:58:30,877 INFO L280 TraceCheckUtils]: 18: Hoare triple {1709#(and (<= (+ (* 4 foo_~i~0) 4) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 1 foo_~i~0))} assume !!(~i~0 < ~n~0); {1709#(and (<= (+ (* 4 foo_~i~0) 4) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 1 foo_~i~0))} is VALID [2020-07-29 00:58:30,879 INFO L280 TraceCheckUtils]: 19: Hoare triple {1709#(and (<= (+ (* 4 foo_~i~0) 4) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 1 foo_~i~0))} assume !(4 + (~a~0.offset + 4 * ~i~0) <= #length[~a~0.base] && 0 <= ~a~0.offset + 4 * ~i~0); {1701#false} is VALID [2020-07-29 00:58:30,881 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:30,881 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1938251610] [2020-07-29 00:58:30,882 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1966236329] [2020-07-29 00:58:30,882 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:58:31,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:31,017 INFO L263 TraceCheckSpWp]: Trace formula consists of 136 conjuncts, 16 conjunts are in the unsatisfiable core [2020-07-29 00:58:31,027 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:31,028 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 00:58:31,150 INFO L350 Elim1Store]: treesize reduction 17, result has 29.2 percent of original size [2020-07-29 00:58:31,151 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 15 [2020-07-29 00:58:31,151 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:58:31,162 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:58:31,199 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2020-07-29 00:58:31,200 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:20, output treesize:29 [2020-07-29 00:58:31,208 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:58:31,208 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#length_14|, ~n~0, |main_#t~post8.base|]. (and (= ~a~0.offset 0) (= (let ((.cse0 (* ~n~0 4))) (store (store |v_#length_14| ~a~0.base .cse0) |main_#t~post8.base| .cse0)) |#length|) (<= 2 ~n~0)) [2020-07-29 00:58:31,209 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [|main_#t~post8.base|]. (let ((.cse0 (select |#length| |main_#t~post8.base|))) (let ((.cse1 (div .cse0 4))) (and (= 0 (mod .cse0 4)) (= ~a~0.offset 0) (<= 2 .cse1) (= (* .cse1 4) (select |#length| ~a~0.base))))) [2020-07-29 00:58:31,566 INFO L263 TraceCheckUtils]: 0: Hoare triple {1700#true} call ULTIMATE.init(); {1700#true} is VALID [2020-07-29 00:58:31,566 INFO L280 TraceCheckUtils]: 1: Hoare triple {1700#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {1700#true} is VALID [2020-07-29 00:58:31,566 INFO L280 TraceCheckUtils]: 2: Hoare triple {1700#true} assume true; {1700#true} is VALID [2020-07-29 00:58:31,567 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1700#true} {1700#true} #109#return; {1700#true} is VALID [2020-07-29 00:58:31,567 INFO L263 TraceCheckUtils]: 4: Hoare triple {1700#true} call #t~ret10 := main(); {1700#true} is VALID [2020-07-29 00:58:31,568 INFO L280 TraceCheckUtils]: 5: Hoare triple {1700#true} ~n~0 := 1; {1705#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:31,568 INFO L280 TraceCheckUtils]: 6: Hoare triple {1705#(<= 1 ~n~0)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {1705#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:31,569 INFO L280 TraceCheckUtils]: 7: Hoare triple {1705#(<= 1 ~n~0)} assume !!(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4;#t~post5 := ~n~0;~n~0 := 1 + #t~post5;havoc #t~post5; {1706#(<= 2 ~n~0)} is VALID [2020-07-29 00:58:31,570 INFO L280 TraceCheckUtils]: 8: Hoare triple {1706#(<= 2 ~n~0)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {1706#(<= 2 ~n~0)} is VALID [2020-07-29 00:58:31,571 INFO L280 TraceCheckUtils]: 9: Hoare triple {1706#(<= 2 ~n~0)} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {1706#(<= 2 ~n~0)} is VALID [2020-07-29 00:58:31,574 INFO L280 TraceCheckUtils]: 10: Hoare triple {1706#(<= 2 ~n~0)} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {1744#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} is VALID [2020-07-29 00:58:31,576 INFO L280 TraceCheckUtils]: 11: Hoare triple {1744#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {1744#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} is VALID [2020-07-29 00:58:31,577 INFO L280 TraceCheckUtils]: 12: Hoare triple {1744#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} havoc #t~post8.base, #t~post8.offset; {1744#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} is VALID [2020-07-29 00:58:31,578 INFO L263 TraceCheckUtils]: 13: Hoare triple {1744#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} call foo(); {1744#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} is VALID [2020-07-29 00:58:31,579 INFO L280 TraceCheckUtils]: 14: Hoare triple {1744#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} havoc ~i~0;~i~0 := 0; {1757#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} is VALID [2020-07-29 00:58:31,580 INFO L280 TraceCheckUtils]: 15: Hoare triple {1757#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} assume !!(~i~0 < ~n~0); {1757#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} is VALID [2020-07-29 00:58:31,581 INFO L280 TraceCheckUtils]: 16: Hoare triple {1757#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {1757#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} is VALID [2020-07-29 00:58:31,582 INFO L280 TraceCheckUtils]: 17: Hoare triple {1757#(and (= 0 foo_~i~0) (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))))} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {1767#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))) (= 1 foo_~i~0))} is VALID [2020-07-29 00:58:31,583 INFO L280 TraceCheckUtils]: 18: Hoare triple {1767#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))) (= 1 foo_~i~0))} assume !!(~i~0 < ~n~0); {1767#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))) (= 1 foo_~i~0))} is VALID [2020-07-29 00:58:31,585 INFO L280 TraceCheckUtils]: 19: Hoare triple {1767#(and (= ~a~0.offset 0) (exists ((|main_#t~post8.base| Int)) (and (= 0 (mod (select |#length| |main_#t~post8.base|) 4)) (<= 2 (div (select |#length| |main_#t~post8.base|) 4)) (= (* 4 (div (select |#length| |main_#t~post8.base|) 4)) (select |#length| ~a~0.base)))) (= 1 foo_~i~0))} assume !(4 + (~a~0.offset + 4 * ~i~0) <= #length[~a~0.base] && 0 <= ~a~0.offset + 4 * ~i~0); {1701#false} is VALID [2020-07-29 00:58:31,587 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:31,588 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-29 00:58:31,588 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 6] total 10 [2020-07-29 00:58:31,588 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1126498822] [2020-07-29 00:58:31,589 INFO L78 Accepts]: Start accepts. Automaton has 11 states. Word has length 20 [2020-07-29 00:58:31,589 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:31,589 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states. [2020-07-29 00:58:31,637 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 32 edges. 32 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:31,638 INFO L459 AbstractCegarLoop]: Interpolant automaton has 11 states [2020-07-29 00:58:31,638 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:31,638 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2020-07-29 00:58:31,638 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=29, Invalid=81, Unknown=0, NotChecked=0, Total=110 [2020-07-29 00:58:31,638 INFO L87 Difference]: Start difference. First operand 69 states and 73 transitions. Second operand 11 states. [2020-07-29 00:58:33,243 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:33,243 INFO L93 Difference]: Finished difference Result 112 states and 117 transitions. [2020-07-29 00:58:33,243 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2020-07-29 00:58:33,244 INFO L78 Accepts]: Start accepts. Automaton has 11 states. Word has length 20 [2020-07-29 00:58:33,244 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:33,244 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2020-07-29 00:58:33,248 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 120 transitions. [2020-07-29 00:58:33,248 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2020-07-29 00:58:33,251 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 120 transitions. [2020-07-29 00:58:33,252 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 120 transitions. [2020-07-29 00:58:33,524 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 120 edges. 120 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:33,527 INFO L225 Difference]: With dead ends: 112 [2020-07-29 00:58:33,527 INFO L226 Difference]: Without dead ends: 112 [2020-07-29 00:58:33,528 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 32 GetRequests, 18 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 23 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=72, Invalid=168, Unknown=0, NotChecked=0, Total=240 [2020-07-29 00:58:33,529 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 112 states. [2020-07-29 00:58:33,533 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 112 to 73. [2020-07-29 00:58:33,533 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:33,533 INFO L82 GeneralOperation]: Start isEquivalent. First operand 112 states. Second operand 73 states. [2020-07-29 00:58:33,533 INFO L74 IsIncluded]: Start isIncluded. First operand 112 states. Second operand 73 states. [2020-07-29 00:58:33,533 INFO L87 Difference]: Start difference. First operand 112 states. Second operand 73 states. [2020-07-29 00:58:33,538 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:33,538 INFO L93 Difference]: Finished difference Result 112 states and 117 transitions. [2020-07-29 00:58:33,538 INFO L276 IsEmpty]: Start isEmpty. Operand 112 states and 117 transitions. [2020-07-29 00:58:33,539 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:33,539 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:33,539 INFO L74 IsIncluded]: Start isIncluded. First operand 73 states. Second operand 112 states. [2020-07-29 00:58:33,539 INFO L87 Difference]: Start difference. First operand 73 states. Second operand 112 states. [2020-07-29 00:58:33,543 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:33,544 INFO L93 Difference]: Finished difference Result 112 states and 117 transitions. [2020-07-29 00:58:33,544 INFO L276 IsEmpty]: Start isEmpty. Operand 112 states and 117 transitions. [2020-07-29 00:58:33,544 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:33,544 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:33,544 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:33,544 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:33,545 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 73 states. [2020-07-29 00:58:33,547 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 73 states to 73 states and 77 transitions. [2020-07-29 00:58:33,547 INFO L78 Accepts]: Start accepts. Automaton has 73 states and 77 transitions. Word has length 20 [2020-07-29 00:58:33,548 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:33,548 INFO L479 AbstractCegarLoop]: Abstraction has 73 states and 77 transitions. [2020-07-29 00:58:33,548 INFO L480 AbstractCegarLoop]: Interpolant automaton has 11 states. [2020-07-29 00:58:33,548 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 77 transitions. [2020-07-29 00:58:33,548 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 23 [2020-07-29 00:58:33,549 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:33,549 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:33,762 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6,3 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:58:33,763 INFO L427 AbstractCegarLoop]: === Iteration 8 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:33,764 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:33,764 INFO L82 PathProgramCache]: Analyzing trace with hash 1526472291, now seen corresponding path program 1 times [2020-07-29 00:58:33,765 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:33,765 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [965312915] [2020-07-29 00:58:33,765 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:33,780 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:33,831 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:33,833 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:33,838 INFO L280 TraceCheckUtils]: 0: Hoare triple {2208#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {2192#true} is VALID [2020-07-29 00:58:33,838 INFO L280 TraceCheckUtils]: 1: Hoare triple {2192#true} assume true; {2192#true} is VALID [2020-07-29 00:58:33,839 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2192#true} {2192#true} #109#return; {2192#true} is VALID [2020-07-29 00:58:33,846 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2020-07-29 00:58:33,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:33,873 INFO L280 TraceCheckUtils]: 0: Hoare triple {2209#(= |#memory_int| |old(#memory_int)|)} havoc ~i~0;~i~0 := 0; {2192#true} is VALID [2020-07-29 00:58:33,873 INFO L280 TraceCheckUtils]: 1: Hoare triple {2192#true} assume !!(~i~0 < ~n~0); {2192#true} is VALID [2020-07-29 00:58:33,874 INFO L280 TraceCheckUtils]: 2: Hoare triple {2192#true} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {2192#true} is VALID [2020-07-29 00:58:33,874 INFO L280 TraceCheckUtils]: 3: Hoare triple {2192#true} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {2192#true} is VALID [2020-07-29 00:58:33,874 INFO L280 TraceCheckUtils]: 4: Hoare triple {2192#true} assume !(~i~0 < ~n~0); {2192#true} is VALID [2020-07-29 00:58:33,874 INFO L280 TraceCheckUtils]: 5: Hoare triple {2192#true} ~i~0 := 0; {2192#true} is VALID [2020-07-29 00:58:33,875 INFO L280 TraceCheckUtils]: 6: Hoare triple {2192#true} assume !(~i~0 < ~n~0 - 1); {2192#true} is VALID [2020-07-29 00:58:33,875 INFO L280 TraceCheckUtils]: 7: Hoare triple {2192#true} assume true; {2192#true} is VALID [2020-07-29 00:58:33,876 INFO L275 TraceCheckUtils]: 8: Hoare quadruple {2192#true} {2198#(= 1 (select |#valid| ~b~0.base))} #107#return; {2198#(= 1 (select |#valid| ~b~0.base))} is VALID [2020-07-29 00:58:33,878 INFO L263 TraceCheckUtils]: 0: Hoare triple {2192#true} call ULTIMATE.init(); {2208#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:33,878 INFO L280 TraceCheckUtils]: 1: Hoare triple {2208#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {2192#true} is VALID [2020-07-29 00:58:33,879 INFO L280 TraceCheckUtils]: 2: Hoare triple {2192#true} assume true; {2192#true} is VALID [2020-07-29 00:58:33,879 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2192#true} {2192#true} #109#return; {2192#true} is VALID [2020-07-29 00:58:33,879 INFO L263 TraceCheckUtils]: 4: Hoare triple {2192#true} call #t~ret10 := main(); {2192#true} is VALID [2020-07-29 00:58:33,879 INFO L280 TraceCheckUtils]: 5: Hoare triple {2192#true} ~n~0 := 1; {2192#true} is VALID [2020-07-29 00:58:33,880 INFO L280 TraceCheckUtils]: 6: Hoare triple {2192#true} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {2192#true} is VALID [2020-07-29 00:58:33,880 INFO L280 TraceCheckUtils]: 7: Hoare triple {2192#true} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {2192#true} is VALID [2020-07-29 00:58:33,882 INFO L280 TraceCheckUtils]: 8: Hoare triple {2192#true} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {2197#(= |main_#t~post8.base| ~b~0.base)} is VALID [2020-07-29 00:58:33,883 INFO L280 TraceCheckUtils]: 9: Hoare triple {2197#(= |main_#t~post8.base| ~b~0.base)} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {2198#(= 1 (select |#valid| ~b~0.base))} is VALID [2020-07-29 00:58:33,887 INFO L280 TraceCheckUtils]: 10: Hoare triple {2198#(= 1 (select |#valid| ~b~0.base))} havoc #t~post8.base, #t~post8.offset; {2198#(= 1 (select |#valid| ~b~0.base))} is VALID [2020-07-29 00:58:33,888 INFO L263 TraceCheckUtils]: 11: Hoare triple {2198#(= 1 (select |#valid| ~b~0.base))} call foo(); {2209#(= |#memory_int| |old(#memory_int)|)} is VALID [2020-07-29 00:58:33,888 INFO L280 TraceCheckUtils]: 12: Hoare triple {2209#(= |#memory_int| |old(#memory_int)|)} havoc ~i~0;~i~0 := 0; {2192#true} is VALID [2020-07-29 00:58:33,888 INFO L280 TraceCheckUtils]: 13: Hoare triple {2192#true} assume !!(~i~0 < ~n~0); {2192#true} is VALID [2020-07-29 00:58:33,889 INFO L280 TraceCheckUtils]: 14: Hoare triple {2192#true} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {2192#true} is VALID [2020-07-29 00:58:33,889 INFO L280 TraceCheckUtils]: 15: Hoare triple {2192#true} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {2192#true} is VALID [2020-07-29 00:58:33,889 INFO L280 TraceCheckUtils]: 16: Hoare triple {2192#true} assume !(~i~0 < ~n~0); {2192#true} is VALID [2020-07-29 00:58:33,890 INFO L280 TraceCheckUtils]: 17: Hoare triple {2192#true} ~i~0 := 0; {2192#true} is VALID [2020-07-29 00:58:33,890 INFO L280 TraceCheckUtils]: 18: Hoare triple {2192#true} assume !(~i~0 < ~n~0 - 1); {2192#true} is VALID [2020-07-29 00:58:33,890 INFO L280 TraceCheckUtils]: 19: Hoare triple {2192#true} assume true; {2192#true} is VALID [2020-07-29 00:58:33,891 INFO L275 TraceCheckUtils]: 20: Hoare quadruple {2192#true} {2198#(= 1 (select |#valid| ~b~0.base))} #107#return; {2198#(= 1 (select |#valid| ~b~0.base))} is VALID [2020-07-29 00:58:33,892 INFO L280 TraceCheckUtils]: 21: Hoare triple {2198#(= 1 (select |#valid| ~b~0.base))} assume !(1 == #valid[~b~0.base]); {2193#false} is VALID [2020-07-29 00:58:33,893 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-29 00:58:33,893 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [965312915] [2020-07-29 00:58:33,894 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:58:33,894 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2020-07-29 00:58:33,894 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [159523250] [2020-07-29 00:58:33,896 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 22 [2020-07-29 00:58:33,896 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:33,896 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2020-07-29 00:58:33,922 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 22 edges. 22 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:33,922 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2020-07-29 00:58:33,923 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:33,923 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2020-07-29 00:58:33,923 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2020-07-29 00:58:33,924 INFO L87 Difference]: Start difference. First operand 73 states and 77 transitions. Second operand 6 states. [2020-07-29 00:58:34,477 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:34,478 INFO L93 Difference]: Finished difference Result 71 states and 75 transitions. [2020-07-29 00:58:34,478 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2020-07-29 00:58:34,478 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 22 [2020-07-29 00:58:34,478 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:34,478 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-29 00:58:34,481 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 57 transitions. [2020-07-29 00:58:34,481 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-29 00:58:34,483 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 57 transitions. [2020-07-29 00:58:34,483 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 57 transitions. [2020-07-29 00:58:34,577 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 57 edges. 57 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:34,579 INFO L225 Difference]: With dead ends: 71 [2020-07-29 00:58:34,580 INFO L226 Difference]: Without dead ends: 71 [2020-07-29 00:58:34,580 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=76, Unknown=0, NotChecked=0, Total=110 [2020-07-29 00:58:34,581 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 71 states. [2020-07-29 00:58:34,585 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 71 to 71. [2020-07-29 00:58:34,585 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:34,585 INFO L82 GeneralOperation]: Start isEquivalent. First operand 71 states. Second operand 71 states. [2020-07-29 00:58:34,585 INFO L74 IsIncluded]: Start isIncluded. First operand 71 states. Second operand 71 states. [2020-07-29 00:58:34,585 INFO L87 Difference]: Start difference. First operand 71 states. Second operand 71 states. [2020-07-29 00:58:34,588 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:34,588 INFO L93 Difference]: Finished difference Result 71 states and 75 transitions. [2020-07-29 00:58:34,589 INFO L276 IsEmpty]: Start isEmpty. Operand 71 states and 75 transitions. [2020-07-29 00:58:34,589 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:34,589 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:34,589 INFO L74 IsIncluded]: Start isIncluded. First operand 71 states. Second operand 71 states. [2020-07-29 00:58:34,590 INFO L87 Difference]: Start difference. First operand 71 states. Second operand 71 states. [2020-07-29 00:58:34,592 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:34,592 INFO L93 Difference]: Finished difference Result 71 states and 75 transitions. [2020-07-29 00:58:34,593 INFO L276 IsEmpty]: Start isEmpty. Operand 71 states and 75 transitions. [2020-07-29 00:58:34,593 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:34,593 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:34,593 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:34,593 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:34,594 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 71 states. [2020-07-29 00:58:34,596 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 71 states to 71 states and 75 transitions. [2020-07-29 00:58:34,596 INFO L78 Accepts]: Start accepts. Automaton has 71 states and 75 transitions. Word has length 22 [2020-07-29 00:58:34,596 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:34,597 INFO L479 AbstractCegarLoop]: Abstraction has 71 states and 75 transitions. [2020-07-29 00:58:34,597 INFO L480 AbstractCegarLoop]: Interpolant automaton has 6 states. [2020-07-29 00:58:34,597 INFO L276 IsEmpty]: Start isEmpty. Operand 71 states and 75 transitions. [2020-07-29 00:58:34,597 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 23 [2020-07-29 00:58:34,598 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:34,598 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:34,598 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2020-07-29 00:58:34,598 INFO L427 AbstractCegarLoop]: === Iteration 9 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:34,599 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:34,599 INFO L82 PathProgramCache]: Analyzing trace with hash 1526472292, now seen corresponding path program 1 times [2020-07-29 00:58:34,599 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:34,599 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1951737222] [2020-07-29 00:58:34,600 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:34,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:34,712 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:34,714 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:34,719 INFO L280 TraceCheckUtils]: 0: Hoare triple {2525#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {2509#true} is VALID [2020-07-29 00:58:34,720 INFO L280 TraceCheckUtils]: 1: Hoare triple {2509#true} assume true; {2509#true} is VALID [2020-07-29 00:58:34,720 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2509#true} {2509#true} #109#return; {2509#true} is VALID [2020-07-29 00:58:34,728 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2020-07-29 00:58:34,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:34,756 INFO L280 TraceCheckUtils]: 0: Hoare triple {2526#(= |#memory_int| |old(#memory_int)|)} havoc ~i~0;~i~0 := 0; {2509#true} is VALID [2020-07-29 00:58:34,756 INFO L280 TraceCheckUtils]: 1: Hoare triple {2509#true} assume !!(~i~0 < ~n~0); {2509#true} is VALID [2020-07-29 00:58:34,756 INFO L280 TraceCheckUtils]: 2: Hoare triple {2509#true} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {2509#true} is VALID [2020-07-29 00:58:34,756 INFO L280 TraceCheckUtils]: 3: Hoare triple {2509#true} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {2509#true} is VALID [2020-07-29 00:58:34,756 INFO L280 TraceCheckUtils]: 4: Hoare triple {2509#true} assume !(~i~0 < ~n~0); {2509#true} is VALID [2020-07-29 00:58:34,757 INFO L280 TraceCheckUtils]: 5: Hoare triple {2509#true} ~i~0 := 0; {2509#true} is VALID [2020-07-29 00:58:34,757 INFO L280 TraceCheckUtils]: 6: Hoare triple {2509#true} assume !(~i~0 < ~n~0 - 1); {2509#true} is VALID [2020-07-29 00:58:34,757 INFO L280 TraceCheckUtils]: 7: Hoare triple {2509#true} assume true; {2509#true} is VALID [2020-07-29 00:58:34,759 INFO L275 TraceCheckUtils]: 8: Hoare quadruple {2509#true} {2515#(and (<= 4 ~b~0.offset) (<= ~b~0.offset (select |#length| ~b~0.base)))} #107#return; {2515#(and (<= 4 ~b~0.offset) (<= ~b~0.offset (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:34,760 INFO L263 TraceCheckUtils]: 0: Hoare triple {2509#true} call ULTIMATE.init(); {2525#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:34,760 INFO L280 TraceCheckUtils]: 1: Hoare triple {2525#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {2509#true} is VALID [2020-07-29 00:58:34,761 INFO L280 TraceCheckUtils]: 2: Hoare triple {2509#true} assume true; {2509#true} is VALID [2020-07-29 00:58:34,761 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2509#true} {2509#true} #109#return; {2509#true} is VALID [2020-07-29 00:58:34,762 INFO L263 TraceCheckUtils]: 4: Hoare triple {2509#true} call #t~ret10 := main(); {2509#true} is VALID [2020-07-29 00:58:34,762 INFO L280 TraceCheckUtils]: 5: Hoare triple {2509#true} ~n~0 := 1; {2514#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:34,763 INFO L280 TraceCheckUtils]: 6: Hoare triple {2514#(<= 1 ~n~0)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {2514#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:34,764 INFO L280 TraceCheckUtils]: 7: Hoare triple {2514#(<= 1 ~n~0)} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {2514#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:34,765 INFO L280 TraceCheckUtils]: 8: Hoare triple {2514#(<= 1 ~n~0)} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {2515#(and (<= 4 ~b~0.offset) (<= ~b~0.offset (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:34,766 INFO L280 TraceCheckUtils]: 9: Hoare triple {2515#(and (<= 4 ~b~0.offset) (<= ~b~0.offset (select |#length| ~b~0.base)))} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {2515#(and (<= 4 ~b~0.offset) (<= ~b~0.offset (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:34,766 INFO L280 TraceCheckUtils]: 10: Hoare triple {2515#(and (<= 4 ~b~0.offset) (<= ~b~0.offset (select |#length| ~b~0.base)))} havoc #t~post8.base, #t~post8.offset; {2515#(and (<= 4 ~b~0.offset) (<= ~b~0.offset (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:34,767 INFO L263 TraceCheckUtils]: 11: Hoare triple {2515#(and (<= 4 ~b~0.offset) (<= ~b~0.offset (select |#length| ~b~0.base)))} call foo(); {2526#(= |#memory_int| |old(#memory_int)|)} is VALID [2020-07-29 00:58:34,767 INFO L280 TraceCheckUtils]: 12: Hoare triple {2526#(= |#memory_int| |old(#memory_int)|)} havoc ~i~0;~i~0 := 0; {2509#true} is VALID [2020-07-29 00:58:34,767 INFO L280 TraceCheckUtils]: 13: Hoare triple {2509#true} assume !!(~i~0 < ~n~0); {2509#true} is VALID [2020-07-29 00:58:34,767 INFO L280 TraceCheckUtils]: 14: Hoare triple {2509#true} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {2509#true} is VALID [2020-07-29 00:58:34,768 INFO L280 TraceCheckUtils]: 15: Hoare triple {2509#true} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {2509#true} is VALID [2020-07-29 00:58:34,768 INFO L280 TraceCheckUtils]: 16: Hoare triple {2509#true} assume !(~i~0 < ~n~0); {2509#true} is VALID [2020-07-29 00:58:34,769 INFO L280 TraceCheckUtils]: 17: Hoare triple {2509#true} ~i~0 := 0; {2509#true} is VALID [2020-07-29 00:58:34,769 INFO L280 TraceCheckUtils]: 18: Hoare triple {2509#true} assume !(~i~0 < ~n~0 - 1); {2509#true} is VALID [2020-07-29 00:58:34,769 INFO L280 TraceCheckUtils]: 19: Hoare triple {2509#true} assume true; {2509#true} is VALID [2020-07-29 00:58:34,770 INFO L275 TraceCheckUtils]: 20: Hoare quadruple {2509#true} {2515#(and (<= 4 ~b~0.offset) (<= ~b~0.offset (select |#length| ~b~0.base)))} #107#return; {2515#(and (<= 4 ~b~0.offset) (<= ~b~0.offset (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:34,771 INFO L280 TraceCheckUtils]: 21: Hoare triple {2515#(and (<= 4 ~b~0.offset) (<= ~b~0.offset (select |#length| ~b~0.base)))} assume !(4 + (-4 + ~b~0.offset) <= #length[~b~0.base] && 0 <= -4 + ~b~0.offset); {2510#false} is VALID [2020-07-29 00:58:34,771 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-29 00:58:34,771 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1951737222] [2020-07-29 00:58:34,772 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:58:34,772 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2020-07-29 00:58:34,772 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [77056917] [2020-07-29 00:58:34,772 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 22 [2020-07-29 00:58:34,772 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:34,773 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2020-07-29 00:58:34,799 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 22 edges. 22 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:34,799 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2020-07-29 00:58:34,800 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:34,800 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2020-07-29 00:58:34,800 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2020-07-29 00:58:34,800 INFO L87 Difference]: Start difference. First operand 71 states and 75 transitions. Second operand 6 states. [2020-07-29 00:58:35,259 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:35,260 INFO L93 Difference]: Finished difference Result 59 states and 62 transitions. [2020-07-29 00:58:35,260 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2020-07-29 00:58:35,260 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 22 [2020-07-29 00:58:35,260 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:35,260 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-29 00:58:35,262 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 45 transitions. [2020-07-29 00:58:35,262 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-29 00:58:35,264 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 45 transitions. [2020-07-29 00:58:35,264 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 45 transitions. [2020-07-29 00:58:35,339 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 45 edges. 45 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:35,341 INFO L225 Difference]: With dead ends: 59 [2020-07-29 00:58:35,341 INFO L226 Difference]: Without dead ends: 59 [2020-07-29 00:58:35,341 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 10 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=45, Invalid=87, Unknown=0, NotChecked=0, Total=132 [2020-07-29 00:58:35,343 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 59 states. [2020-07-29 00:58:35,347 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 59 to 59. [2020-07-29 00:58:35,354 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:35,355 INFO L82 GeneralOperation]: Start isEquivalent. First operand 59 states. Second operand 59 states. [2020-07-29 00:58:35,355 INFO L74 IsIncluded]: Start isIncluded. First operand 59 states. Second operand 59 states. [2020-07-29 00:58:35,356 INFO L87 Difference]: Start difference. First operand 59 states. Second operand 59 states. [2020-07-29 00:58:35,361 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:35,363 INFO L93 Difference]: Finished difference Result 59 states and 62 transitions. [2020-07-29 00:58:35,363 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 62 transitions. [2020-07-29 00:58:35,364 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:35,364 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:35,364 INFO L74 IsIncluded]: Start isIncluded. First operand 59 states. Second operand 59 states. [2020-07-29 00:58:35,365 INFO L87 Difference]: Start difference. First operand 59 states. Second operand 59 states. [2020-07-29 00:58:35,368 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:35,374 INFO L93 Difference]: Finished difference Result 59 states and 62 transitions. [2020-07-29 00:58:35,376 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 62 transitions. [2020-07-29 00:58:35,377 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:35,377 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:35,378 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:35,378 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:35,378 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 59 states. [2020-07-29 00:58:35,383 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 59 states to 59 states and 62 transitions. [2020-07-29 00:58:35,384 INFO L78 Accepts]: Start accepts. Automaton has 59 states and 62 transitions. Word has length 22 [2020-07-29 00:58:35,384 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:35,384 INFO L479 AbstractCegarLoop]: Abstraction has 59 states and 62 transitions. [2020-07-29 00:58:35,384 INFO L480 AbstractCegarLoop]: Interpolant automaton has 6 states. [2020-07-29 00:58:35,384 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 62 transitions. [2020-07-29 00:58:35,385 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 24 [2020-07-29 00:58:35,385 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:35,385 INFO L422 BasicCegarLoop]: trace histogram [3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:35,385 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2020-07-29 00:58:35,388 INFO L427 AbstractCegarLoop]: === Iteration 10 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:35,388 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:35,389 INFO L82 PathProgramCache]: Analyzing trace with hash -364884305, now seen corresponding path program 2 times [2020-07-29 00:58:35,389 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:35,389 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2006185887] [2020-07-29 00:58:35,389 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:35,403 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:35,516 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:35,518 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:35,522 INFO L280 TraceCheckUtils]: 0: Hoare triple {2790#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {2780#true} is VALID [2020-07-29 00:58:35,523 INFO L280 TraceCheckUtils]: 1: Hoare triple {2780#true} assume true; {2780#true} is VALID [2020-07-29 00:58:35,523 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2780#true} {2780#true} #109#return; {2780#true} is VALID [2020-07-29 00:58:35,525 INFO L263 TraceCheckUtils]: 0: Hoare triple {2780#true} call ULTIMATE.init(); {2790#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:35,525 INFO L280 TraceCheckUtils]: 1: Hoare triple {2790#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {2780#true} is VALID [2020-07-29 00:58:35,525 INFO L280 TraceCheckUtils]: 2: Hoare triple {2780#true} assume true; {2780#true} is VALID [2020-07-29 00:58:35,526 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2780#true} {2780#true} #109#return; {2780#true} is VALID [2020-07-29 00:58:35,526 INFO L263 TraceCheckUtils]: 4: Hoare triple {2780#true} call #t~ret10 := main(); {2780#true} is VALID [2020-07-29 00:58:35,527 INFO L280 TraceCheckUtils]: 5: Hoare triple {2780#true} ~n~0 := 1; {2785#(<= ~n~0 1)} is VALID [2020-07-29 00:58:35,527 INFO L280 TraceCheckUtils]: 6: Hoare triple {2785#(<= ~n~0 1)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {2785#(<= ~n~0 1)} is VALID [2020-07-29 00:58:35,528 INFO L280 TraceCheckUtils]: 7: Hoare triple {2785#(<= ~n~0 1)} assume !!(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4;#t~post5 := ~n~0;~n~0 := 1 + #t~post5;havoc #t~post5; {2786#(<= ~n~0 2)} is VALID [2020-07-29 00:58:35,529 INFO L280 TraceCheckUtils]: 8: Hoare triple {2786#(<= ~n~0 2)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {2786#(<= ~n~0 2)} is VALID [2020-07-29 00:58:35,530 INFO L280 TraceCheckUtils]: 9: Hoare triple {2786#(<= ~n~0 2)} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {2786#(<= ~n~0 2)} is VALID [2020-07-29 00:58:35,531 INFO L280 TraceCheckUtils]: 10: Hoare triple {2786#(<= ~n~0 2)} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {2786#(<= ~n~0 2)} is VALID [2020-07-29 00:58:35,531 INFO L280 TraceCheckUtils]: 11: Hoare triple {2786#(<= ~n~0 2)} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {2786#(<= ~n~0 2)} is VALID [2020-07-29 00:58:35,532 INFO L280 TraceCheckUtils]: 12: Hoare triple {2786#(<= ~n~0 2)} havoc #t~post8.base, #t~post8.offset; {2786#(<= ~n~0 2)} is VALID [2020-07-29 00:58:35,533 INFO L263 TraceCheckUtils]: 13: Hoare triple {2786#(<= ~n~0 2)} call foo(); {2786#(<= ~n~0 2)} is VALID [2020-07-29 00:58:35,534 INFO L280 TraceCheckUtils]: 14: Hoare triple {2786#(<= ~n~0 2)} havoc ~i~0;~i~0 := 0; {2787#(and (= 0 foo_~i~0) (<= ~n~0 2))} is VALID [2020-07-29 00:58:35,535 INFO L280 TraceCheckUtils]: 15: Hoare triple {2787#(and (= 0 foo_~i~0) (<= ~n~0 2))} assume !!(~i~0 < ~n~0); {2787#(and (= 0 foo_~i~0) (<= ~n~0 2))} is VALID [2020-07-29 00:58:35,536 INFO L280 TraceCheckUtils]: 16: Hoare triple {2787#(and (= 0 foo_~i~0) (<= ~n~0 2))} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {2787#(and (= 0 foo_~i~0) (<= ~n~0 2))} is VALID [2020-07-29 00:58:35,538 INFO L280 TraceCheckUtils]: 17: Hoare triple {2787#(and (= 0 foo_~i~0) (<= ~n~0 2))} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {2788#(<= ~n~0 (+ foo_~i~0 1))} is VALID [2020-07-29 00:58:35,538 INFO L280 TraceCheckUtils]: 18: Hoare triple {2788#(<= ~n~0 (+ foo_~i~0 1))} assume !!(~i~0 < ~n~0); {2788#(<= ~n~0 (+ foo_~i~0 1))} is VALID [2020-07-29 00:58:35,539 INFO L280 TraceCheckUtils]: 19: Hoare triple {2788#(<= ~n~0 (+ foo_~i~0 1))} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {2788#(<= ~n~0 (+ foo_~i~0 1))} is VALID [2020-07-29 00:58:35,540 INFO L280 TraceCheckUtils]: 20: Hoare triple {2788#(<= ~n~0 (+ foo_~i~0 1))} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {2789#(<= ~n~0 foo_~i~0)} is VALID [2020-07-29 00:58:35,541 INFO L280 TraceCheckUtils]: 21: Hoare triple {2789#(<= ~n~0 foo_~i~0)} assume !!(~i~0 < ~n~0); {2781#false} is VALID [2020-07-29 00:58:35,541 INFO L280 TraceCheckUtils]: 22: Hoare triple {2781#false} assume !(4 + (~a~0.offset + 4 * ~i~0) <= #length[~a~0.base] && 0 <= ~a~0.offset + 4 * ~i~0); {2781#false} is VALID [2020-07-29 00:58:35,542 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 3 proven. 6 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:35,543 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2006185887] [2020-07-29 00:58:35,543 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [373062400] [2020-07-29 00:58:35,543 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:58:35,651 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2020-07-29 00:58:35,651 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2020-07-29 00:58:35,653 INFO L263 TraceCheckSpWp]: Trace formula consists of 144 conjuncts, 14 conjunts are in the unsatisfiable core [2020-07-29 00:58:35,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:35,668 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 00:58:35,704 INFO L350 Elim1Store]: treesize reduction 17, result has 29.2 percent of original size [2020-07-29 00:58:35,705 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 15 [2020-07-29 00:58:35,705 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:58:35,713 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:58:35,715 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-1 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2020-07-29 00:58:35,715 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 2 variables, input treesize:17, output treesize:18 [2020-07-29 00:58:35,719 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:58:35,719 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#length_15|, |main_#t~post8.base|]. (and (= ~a~0.offset 0) (= |#length| (let ((.cse0 (* ~n~0 4))) (store (store |v_#length_15| ~a~0.base .cse0) |main_#t~post8.base| .cse0)))) [2020-07-29 00:58:35,720 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [|main_#t~post8.base|]. (let ((.cse0 (* ~n~0 4))) (and (= ~a~0.offset 0) (= .cse0 (select |#length| |main_#t~post8.base|)) (= .cse0 (select |#length| ~a~0.base)))) [2020-07-29 00:58:35,921 INFO L263 TraceCheckUtils]: 0: Hoare triple {2780#true} call ULTIMATE.init(); {2780#true} is VALID [2020-07-29 00:58:35,922 INFO L280 TraceCheckUtils]: 1: Hoare triple {2780#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {2780#true} is VALID [2020-07-29 00:58:35,922 INFO L280 TraceCheckUtils]: 2: Hoare triple {2780#true} assume true; {2780#true} is VALID [2020-07-29 00:58:35,922 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2780#true} {2780#true} #109#return; {2780#true} is VALID [2020-07-29 00:58:35,923 INFO L263 TraceCheckUtils]: 4: Hoare triple {2780#true} call #t~ret10 := main(); {2780#true} is VALID [2020-07-29 00:58:35,923 INFO L280 TraceCheckUtils]: 5: Hoare triple {2780#true} ~n~0 := 1; {2780#true} is VALID [2020-07-29 00:58:35,923 INFO L280 TraceCheckUtils]: 6: Hoare triple {2780#true} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {2780#true} is VALID [2020-07-29 00:58:35,928 INFO L280 TraceCheckUtils]: 7: Hoare triple {2780#true} assume !!(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4;#t~post5 := ~n~0;~n~0 := 1 + #t~post5;havoc #t~post5; {2780#true} is VALID [2020-07-29 00:58:35,929 INFO L280 TraceCheckUtils]: 8: Hoare triple {2780#true} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {2780#true} is VALID [2020-07-29 00:58:35,929 INFO L280 TraceCheckUtils]: 9: Hoare triple {2780#true} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {2780#true} is VALID [2020-07-29 00:58:35,936 INFO L280 TraceCheckUtils]: 10: Hoare triple {2780#true} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {2824#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:35,937 INFO L280 TraceCheckUtils]: 11: Hoare triple {2824#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {2824#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:35,938 INFO L280 TraceCheckUtils]: 12: Hoare triple {2824#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} havoc #t~post8.base, #t~post8.offset; {2824#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:35,938 INFO L263 TraceCheckUtils]: 13: Hoare triple {2824#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} call foo(); {2824#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:35,939 INFO L280 TraceCheckUtils]: 14: Hoare triple {2824#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} havoc ~i~0;~i~0 := 0; {2837#(and (<= 0 foo_~i~0) (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:35,940 INFO L280 TraceCheckUtils]: 15: Hoare triple {2837#(and (<= 0 foo_~i~0) (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} assume !!(~i~0 < ~n~0); {2837#(and (<= 0 foo_~i~0) (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:35,941 INFO L280 TraceCheckUtils]: 16: Hoare triple {2837#(and (<= 0 foo_~i~0) (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {2837#(and (<= 0 foo_~i~0) (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} is VALID [2020-07-29 00:58:35,942 INFO L280 TraceCheckUtils]: 17: Hoare triple {2837#(and (<= 0 foo_~i~0) (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0))} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {2847#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 1 foo_~i~0))} is VALID [2020-07-29 00:58:35,943 INFO L280 TraceCheckUtils]: 18: Hoare triple {2847#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 1 foo_~i~0))} assume !!(~i~0 < ~n~0); {2847#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 1 foo_~i~0))} is VALID [2020-07-29 00:58:35,944 INFO L280 TraceCheckUtils]: 19: Hoare triple {2847#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 1 foo_~i~0))} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {2847#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 1 foo_~i~0))} is VALID [2020-07-29 00:58:35,945 INFO L280 TraceCheckUtils]: 20: Hoare triple {2847#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 1 foo_~i~0))} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {2857#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 2 foo_~i~0))} is VALID [2020-07-29 00:58:35,947 INFO L280 TraceCheckUtils]: 21: Hoare triple {2857#(and (= (* 4 ~n~0) (select |#length| ~a~0.base)) (= ~a~0.offset 0) (<= 2 foo_~i~0))} assume !!(~i~0 < ~n~0); {2861#(and (= ~a~0.offset 0) (<= 2 foo_~i~0) (< foo_~i~0 (div (select |#length| ~a~0.base) 4)) (= 0 (mod (select |#length| ~a~0.base) 4)))} is VALID [2020-07-29 00:58:35,949 INFO L280 TraceCheckUtils]: 22: Hoare triple {2861#(and (= ~a~0.offset 0) (<= 2 foo_~i~0) (< foo_~i~0 (div (select |#length| ~a~0.base) 4)) (= 0 (mod (select |#length| ~a~0.base) 4)))} assume !(4 + (~a~0.offset + 4 * ~i~0) <= #length[~a~0.base] && 0 <= ~a~0.offset + 4 * ~i~0); {2781#false} is VALID [2020-07-29 00:58:35,951 INFO L134 CoverageAnalysis]: Checked inductivity of 9 backedges. 5 proven. 2 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2020-07-29 00:58:35,951 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-29 00:58:35,951 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 6] total 13 [2020-07-29 00:58:35,952 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2141571002] [2020-07-29 00:58:35,952 INFO L78 Accepts]: Start accepts. Automaton has 13 states. Word has length 23 [2020-07-29 00:58:35,952 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:35,953 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states. [2020-07-29 00:58:36,006 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:36,007 INFO L459 AbstractCegarLoop]: Interpolant automaton has 13 states [2020-07-29 00:58:36,007 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:36,007 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 13 interpolants. [2020-07-29 00:58:36,008 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=32, Invalid=124, Unknown=0, NotChecked=0, Total=156 [2020-07-29 00:58:36,008 INFO L87 Difference]: Start difference. First operand 59 states and 62 transitions. Second operand 13 states. [2020-07-29 00:58:38,266 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:38,267 INFO L93 Difference]: Finished difference Result 118 states and 121 transitions. [2020-07-29 00:58:38,267 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 24 states. [2020-07-29 00:58:38,267 INFO L78 Accepts]: Start accepts. Automaton has 13 states. Word has length 23 [2020-07-29 00:58:38,268 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:38,268 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 13 states. [2020-07-29 00:58:38,270 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 24 states to 24 states and 124 transitions. [2020-07-29 00:58:38,271 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 13 states. [2020-07-29 00:58:38,273 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 24 states to 24 states and 124 transitions. [2020-07-29 00:58:38,274 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 24 states and 124 transitions. [2020-07-29 00:58:38,490 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:38,493 INFO L225 Difference]: With dead ends: 118 [2020-07-29 00:58:38,493 INFO L226 Difference]: Without dead ends: 118 [2020-07-29 00:58:38,493 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 29 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 179 ImplicationChecksByTransitivity, 1.0s TimeCoverageRelationStatistics Valid=225, Invalid=705, Unknown=0, NotChecked=0, Total=930 [2020-07-29 00:58:38,494 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 118 states. [2020-07-29 00:58:38,499 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 118 to 78. [2020-07-29 00:58:38,499 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:38,500 INFO L82 GeneralOperation]: Start isEquivalent. First operand 118 states. Second operand 78 states. [2020-07-29 00:58:38,500 INFO L74 IsIncluded]: Start isIncluded. First operand 118 states. Second operand 78 states. [2020-07-29 00:58:38,500 INFO L87 Difference]: Start difference. First operand 118 states. Second operand 78 states. [2020-07-29 00:58:38,503 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:38,503 INFO L93 Difference]: Finished difference Result 118 states and 121 transitions. [2020-07-29 00:58:38,504 INFO L276 IsEmpty]: Start isEmpty. Operand 118 states and 121 transitions. [2020-07-29 00:58:38,504 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:38,504 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:38,505 INFO L74 IsIncluded]: Start isIncluded. First operand 78 states. Second operand 118 states. [2020-07-29 00:58:38,505 INFO L87 Difference]: Start difference. First operand 78 states. Second operand 118 states. [2020-07-29 00:58:38,508 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:38,508 INFO L93 Difference]: Finished difference Result 118 states and 121 transitions. [2020-07-29 00:58:38,509 INFO L276 IsEmpty]: Start isEmpty. Operand 118 states and 121 transitions. [2020-07-29 00:58:38,509 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:38,509 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:38,509 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:38,510 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:38,510 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 78 states. [2020-07-29 00:58:38,512 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 78 states to 78 states and 83 transitions. [2020-07-29 00:58:38,512 INFO L78 Accepts]: Start accepts. Automaton has 78 states and 83 transitions. Word has length 23 [2020-07-29 00:58:38,512 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:38,512 INFO L479 AbstractCegarLoop]: Abstraction has 78 states and 83 transitions. [2020-07-29 00:58:38,512 INFO L480 AbstractCegarLoop]: Interpolant automaton has 13 states. [2020-07-29 00:58:38,512 INFO L276 IsEmpty]: Start isEmpty. Operand 78 states and 83 transitions. [2020-07-29 00:58:38,513 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2020-07-29 00:58:38,513 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:38,513 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:38,714 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2020-07-29 00:58:38,716 INFO L427 AbstractCegarLoop]: === Iteration 11 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:38,716 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:38,717 INFO L82 PathProgramCache]: Analyzing trace with hash 22294176, now seen corresponding path program 1 times [2020-07-29 00:58:38,717 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:38,718 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [184214488] [2020-07-29 00:58:38,718 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:38,730 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:38,779 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:38,780 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:38,784 INFO L280 TraceCheckUtils]: 0: Hoare triple {3347#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {3332#true} is VALID [2020-07-29 00:58:38,784 INFO L280 TraceCheckUtils]: 1: Hoare triple {3332#true} assume true; {3332#true} is VALID [2020-07-29 00:58:38,784 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {3332#true} {3332#true} #109#return; {3332#true} is VALID [2020-07-29 00:58:38,792 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2020-07-29 00:58:38,795 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:38,801 INFO L280 TraceCheckUtils]: 0: Hoare triple {3348#(= |#memory_int| |old(#memory_int)|)} havoc ~i~0;~i~0 := 0; {3332#true} is VALID [2020-07-29 00:58:38,801 INFO L280 TraceCheckUtils]: 1: Hoare triple {3332#true} assume !!(~i~0 < ~n~0); {3332#true} is VALID [2020-07-29 00:58:38,801 INFO L280 TraceCheckUtils]: 2: Hoare triple {3332#true} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {3332#true} is VALID [2020-07-29 00:58:38,801 INFO L280 TraceCheckUtils]: 3: Hoare triple {3332#true} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {3332#true} is VALID [2020-07-29 00:58:38,801 INFO L280 TraceCheckUtils]: 4: Hoare triple {3332#true} assume !(~i~0 < ~n~0); {3332#true} is VALID [2020-07-29 00:58:38,802 INFO L280 TraceCheckUtils]: 5: Hoare triple {3332#true} ~i~0 := 0; {3332#true} is VALID [2020-07-29 00:58:38,802 INFO L280 TraceCheckUtils]: 6: Hoare triple {3332#true} assume !(~i~0 < ~n~0 - 1); {3332#true} is VALID [2020-07-29 00:58:38,802 INFO L280 TraceCheckUtils]: 7: Hoare triple {3332#true} assume true; {3332#true} is VALID [2020-07-29 00:58:38,804 INFO L275 TraceCheckUtils]: 8: Hoare quadruple {3332#true} {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} #107#return; {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} is VALID [2020-07-29 00:58:38,811 INFO L263 TraceCheckUtils]: 0: Hoare triple {3332#true} call ULTIMATE.init(); {3347#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:38,811 INFO L280 TraceCheckUtils]: 1: Hoare triple {3347#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {3332#true} is VALID [2020-07-29 00:58:38,812 INFO L280 TraceCheckUtils]: 2: Hoare triple {3332#true} assume true; {3332#true} is VALID [2020-07-29 00:58:38,812 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {3332#true} {3332#true} #109#return; {3332#true} is VALID [2020-07-29 00:58:38,812 INFO L263 TraceCheckUtils]: 4: Hoare triple {3332#true} call #t~ret10 := main(); {3332#true} is VALID [2020-07-29 00:58:38,813 INFO L280 TraceCheckUtils]: 5: Hoare triple {3332#true} ~n~0 := 1; {3332#true} is VALID [2020-07-29 00:58:38,813 INFO L280 TraceCheckUtils]: 6: Hoare triple {3332#true} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {3332#true} is VALID [2020-07-29 00:58:38,813 INFO L280 TraceCheckUtils]: 7: Hoare triple {3332#true} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {3332#true} is VALID [2020-07-29 00:58:38,815 INFO L280 TraceCheckUtils]: 8: Hoare triple {3332#true} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} is VALID [2020-07-29 00:58:38,816 INFO L280 TraceCheckUtils]: 9: Hoare triple {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} is VALID [2020-07-29 00:58:38,816 INFO L280 TraceCheckUtils]: 10: Hoare triple {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} havoc #t~post8.base, #t~post8.offset; {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} is VALID [2020-07-29 00:58:38,817 INFO L263 TraceCheckUtils]: 11: Hoare triple {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} call foo(); {3348#(= |#memory_int| |old(#memory_int)|)} is VALID [2020-07-29 00:58:38,818 INFO L280 TraceCheckUtils]: 12: Hoare triple {3348#(= |#memory_int| |old(#memory_int)|)} havoc ~i~0;~i~0 := 0; {3332#true} is VALID [2020-07-29 00:58:38,818 INFO L280 TraceCheckUtils]: 13: Hoare triple {3332#true} assume !!(~i~0 < ~n~0); {3332#true} is VALID [2020-07-29 00:58:38,818 INFO L280 TraceCheckUtils]: 14: Hoare triple {3332#true} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {3332#true} is VALID [2020-07-29 00:58:38,818 INFO L280 TraceCheckUtils]: 15: Hoare triple {3332#true} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {3332#true} is VALID [2020-07-29 00:58:38,818 INFO L280 TraceCheckUtils]: 16: Hoare triple {3332#true} assume !(~i~0 < ~n~0); {3332#true} is VALID [2020-07-29 00:58:38,819 INFO L280 TraceCheckUtils]: 17: Hoare triple {3332#true} ~i~0 := 0; {3332#true} is VALID [2020-07-29 00:58:38,819 INFO L280 TraceCheckUtils]: 18: Hoare triple {3332#true} assume !(~i~0 < ~n~0 - 1); {3332#true} is VALID [2020-07-29 00:58:38,819 INFO L280 TraceCheckUtils]: 19: Hoare triple {3332#true} assume true; {3332#true} is VALID [2020-07-29 00:58:38,820 INFO L275 TraceCheckUtils]: 20: Hoare quadruple {3332#true} {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} #107#return; {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} is VALID [2020-07-29 00:58:38,820 INFO L280 TraceCheckUtils]: 21: Hoare triple {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} SUMMARY for call #t~mem9 := read~int(~b~0.base, -4 + ~b~0.offset, 4); srcloc: L532-1 {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} is VALID [2020-07-29 00:58:38,822 INFO L280 TraceCheckUtils]: 22: Hoare triple {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} assume 0 != #t~mem9;havoc #t~mem9; {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} is VALID [2020-07-29 00:58:38,823 INFO L280 TraceCheckUtils]: 23: Hoare triple {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} assume 0 == ~a~0.offset; {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} is VALID [2020-07-29 00:58:38,823 INFO L280 TraceCheckUtils]: 24: Hoare triple {3337#(<= (+ ~a~0.base 1) |#StackHeapBarrier|)} assume !(~a~0.base < #StackHeapBarrier); {3333#false} is VALID [2020-07-29 00:58:38,825 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2020-07-29 00:58:38,825 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [184214488] [2020-07-29 00:58:38,825 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:58:38,825 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2020-07-29 00:58:38,825 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1362345079] [2020-07-29 00:58:38,826 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 25 [2020-07-29 00:58:38,826 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:38,826 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2020-07-29 00:58:38,857 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:38,857 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2020-07-29 00:58:38,858 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:38,858 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2020-07-29 00:58:38,858 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2020-07-29 00:58:38,858 INFO L87 Difference]: Start difference. First operand 78 states and 83 transitions. Second operand 5 states. [2020-07-29 00:58:39,171 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:39,172 INFO L93 Difference]: Finished difference Result 76 states and 81 transitions. [2020-07-29 00:58:39,172 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2020-07-29 00:58:39,172 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 25 [2020-07-29 00:58:39,172 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:39,172 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:58:39,173 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 41 transitions. [2020-07-29 00:58:39,174 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:58:39,175 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 41 transitions. [2020-07-29 00:58:39,175 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 41 transitions. [2020-07-29 00:58:39,241 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:39,243 INFO L225 Difference]: With dead ends: 76 [2020-07-29 00:58:39,243 INFO L226 Difference]: Without dead ends: 76 [2020-07-29 00:58:39,244 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2020-07-29 00:58:39,244 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 76 states. [2020-07-29 00:58:39,248 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 76 to 76. [2020-07-29 00:58:39,248 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:39,248 INFO L82 GeneralOperation]: Start isEquivalent. First operand 76 states. Second operand 76 states. [2020-07-29 00:58:39,248 INFO L74 IsIncluded]: Start isIncluded. First operand 76 states. Second operand 76 states. [2020-07-29 00:58:39,249 INFO L87 Difference]: Start difference. First operand 76 states. Second operand 76 states. [2020-07-29 00:58:39,251 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:39,251 INFO L93 Difference]: Finished difference Result 76 states and 81 transitions. [2020-07-29 00:58:39,251 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 81 transitions. [2020-07-29 00:58:39,252 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:39,252 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:39,252 INFO L74 IsIncluded]: Start isIncluded. First operand 76 states. Second operand 76 states. [2020-07-29 00:58:39,253 INFO L87 Difference]: Start difference. First operand 76 states. Second operand 76 states. [2020-07-29 00:58:39,255 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:39,255 INFO L93 Difference]: Finished difference Result 76 states and 81 transitions. [2020-07-29 00:58:39,255 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 81 transitions. [2020-07-29 00:58:39,256 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:39,256 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:39,257 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:39,257 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:39,257 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 76 states. [2020-07-29 00:58:39,259 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 76 states to 76 states and 81 transitions. [2020-07-29 00:58:39,259 INFO L78 Accepts]: Start accepts. Automaton has 76 states and 81 transitions. Word has length 25 [2020-07-29 00:58:39,260 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:39,260 INFO L479 AbstractCegarLoop]: Abstraction has 76 states and 81 transitions. [2020-07-29 00:58:39,260 INFO L480 AbstractCegarLoop]: Interpolant automaton has 5 states. [2020-07-29 00:58:39,260 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 81 transitions. [2020-07-29 00:58:39,261 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2020-07-29 00:58:39,261 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:39,261 INFO L422 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:39,262 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2020-07-29 00:58:39,262 INFO L427 AbstractCegarLoop]: === Iteration 12 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:39,262 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:39,262 INFO L82 PathProgramCache]: Analyzing trace with hash 1533450202, now seen corresponding path program 1 times [2020-07-29 00:58:39,263 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:39,263 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1714830706] [2020-07-29 00:58:39,263 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:39,276 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:39,375 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:39,377 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:39,380 INFO L280 TraceCheckUtils]: 0: Hoare triple {3675#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {3666#true} is VALID [2020-07-29 00:58:39,380 INFO L280 TraceCheckUtils]: 1: Hoare triple {3666#true} assume true; {3666#true} is VALID [2020-07-29 00:58:39,380 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {3666#true} {3666#true} #109#return; {3666#true} is VALID [2020-07-29 00:58:39,382 INFO L263 TraceCheckUtils]: 0: Hoare triple {3666#true} call ULTIMATE.init(); {3675#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:39,382 INFO L280 TraceCheckUtils]: 1: Hoare triple {3675#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {3666#true} is VALID [2020-07-29 00:58:39,383 INFO L280 TraceCheckUtils]: 2: Hoare triple {3666#true} assume true; {3666#true} is VALID [2020-07-29 00:58:39,383 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {3666#true} {3666#true} #109#return; {3666#true} is VALID [2020-07-29 00:58:39,383 INFO L263 TraceCheckUtils]: 4: Hoare triple {3666#true} call #t~ret10 := main(); {3666#true} is VALID [2020-07-29 00:58:39,384 INFO L280 TraceCheckUtils]: 5: Hoare triple {3666#true} ~n~0 := 1; {3671#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:39,384 INFO L280 TraceCheckUtils]: 6: Hoare triple {3671#(<= 1 ~n~0)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {3671#(<= 1 ~n~0)} is VALID [2020-07-29 00:58:39,385 INFO L280 TraceCheckUtils]: 7: Hoare triple {3671#(<= 1 ~n~0)} assume !!(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4;#t~post5 := ~n~0;~n~0 := 1 + #t~post5;havoc #t~post5; {3672#(<= 2 ~n~0)} is VALID [2020-07-29 00:58:39,386 INFO L280 TraceCheckUtils]: 8: Hoare triple {3672#(<= 2 ~n~0)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {3672#(<= 2 ~n~0)} is VALID [2020-07-29 00:58:39,387 INFO L280 TraceCheckUtils]: 9: Hoare triple {3672#(<= 2 ~n~0)} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {3672#(<= 2 ~n~0)} is VALID [2020-07-29 00:58:39,388 INFO L280 TraceCheckUtils]: 10: Hoare triple {3672#(<= 2 ~n~0)} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,389 INFO L280 TraceCheckUtils]: 11: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,390 INFO L280 TraceCheckUtils]: 12: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} havoc #t~post8.base, #t~post8.offset; {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,391 INFO L263 TraceCheckUtils]: 13: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} call foo(); {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,392 INFO L280 TraceCheckUtils]: 14: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} havoc ~i~0;~i~0 := 0; {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,393 INFO L280 TraceCheckUtils]: 15: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} assume !!(~i~0 < ~n~0); {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,394 INFO L280 TraceCheckUtils]: 16: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,394 INFO L280 TraceCheckUtils]: 17: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,395 INFO L280 TraceCheckUtils]: 18: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} assume !!(~i~0 < ~n~0); {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,396 INFO L280 TraceCheckUtils]: 19: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,397 INFO L280 TraceCheckUtils]: 20: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,398 INFO L280 TraceCheckUtils]: 21: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} assume !(~i~0 < ~n~0); {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,399 INFO L280 TraceCheckUtils]: 22: Hoare triple {3673#(and (<= 4 ~b~0.offset) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} ~i~0 := 0; {3674#(and (<= 4 ~b~0.offset) (= 0 foo_~i~0) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,400 INFO L280 TraceCheckUtils]: 23: Hoare triple {3674#(and (<= 4 ~b~0.offset) (= 0 foo_~i~0) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} assume !!(~i~0 < ~n~0 - 1); {3674#(and (<= 4 ~b~0.offset) (= 0 foo_~i~0) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} is VALID [2020-07-29 00:58:39,401 INFO L280 TraceCheckUtils]: 24: Hoare triple {3674#(and (<= 4 ~b~0.offset) (= 0 foo_~i~0) (<= (+ ~b~0.offset 4) (select |#length| ~b~0.base)))} assume !(4 + (~b~0.offset + 4 * ~i~0) <= #length[~b~0.base] && 0 <= ~b~0.offset + 4 * ~i~0); {3667#false} is VALID [2020-07-29 00:58:39,403 INFO L134 CoverageAnalysis]: Checked inductivity of 7 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 5 trivial. 0 not checked. [2020-07-29 00:58:39,403 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1714830706] [2020-07-29 00:58:39,403 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:58:39,403 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2020-07-29 00:58:39,404 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [217000298] [2020-07-29 00:58:39,404 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 25 [2020-07-29 00:58:39,404 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:39,404 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states. [2020-07-29 00:58:39,433 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 22 edges. 22 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:39,433 INFO L459 AbstractCegarLoop]: Interpolant automaton has 7 states [2020-07-29 00:58:39,434 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:39,434 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2020-07-29 00:58:39,434 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2020-07-29 00:58:39,434 INFO L87 Difference]: Start difference. First operand 76 states and 81 transitions. Second operand 7 states. [2020-07-29 00:58:40,016 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:40,017 INFO L93 Difference]: Finished difference Result 90 states and 93 transitions. [2020-07-29 00:58:40,017 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2020-07-29 00:58:40,017 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 25 [2020-07-29 00:58:40,018 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:58:40,018 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 00:58:40,019 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 71 transitions. [2020-07-29 00:58:40,019 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 00:58:40,020 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 71 transitions. [2020-07-29 00:58:40,021 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 71 transitions. [2020-07-29 00:58:40,139 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 71 edges. 71 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:40,142 INFO L225 Difference]: With dead ends: 90 [2020-07-29 00:58:40,142 INFO L226 Difference]: Without dead ends: 90 [2020-07-29 00:58:40,143 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=40, Invalid=70, Unknown=0, NotChecked=0, Total=110 [2020-07-29 00:58:40,143 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 90 states. [2020-07-29 00:58:40,146 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 90 to 77. [2020-07-29 00:58:40,146 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:58:40,147 INFO L82 GeneralOperation]: Start isEquivalent. First operand 90 states. Second operand 77 states. [2020-07-29 00:58:40,147 INFO L74 IsIncluded]: Start isIncluded. First operand 90 states. Second operand 77 states. [2020-07-29 00:58:40,147 INFO L87 Difference]: Start difference. First operand 90 states. Second operand 77 states. [2020-07-29 00:58:40,149 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:40,149 INFO L93 Difference]: Finished difference Result 90 states and 93 transitions. [2020-07-29 00:58:40,149 INFO L276 IsEmpty]: Start isEmpty. Operand 90 states and 93 transitions. [2020-07-29 00:58:40,150 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:40,150 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:40,150 INFO L74 IsIncluded]: Start isIncluded. First operand 77 states. Second operand 90 states. [2020-07-29 00:58:40,150 INFO L87 Difference]: Start difference. First operand 77 states. Second operand 90 states. [2020-07-29 00:58:40,152 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:58:40,153 INFO L93 Difference]: Finished difference Result 90 states and 93 transitions. [2020-07-29 00:58:40,153 INFO L276 IsEmpty]: Start isEmpty. Operand 90 states and 93 transitions. [2020-07-29 00:58:40,153 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:58:40,153 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:58:40,153 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:58:40,154 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:58:40,154 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 77 states. [2020-07-29 00:58:40,155 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 77 states to 77 states and 81 transitions. [2020-07-29 00:58:40,156 INFO L78 Accepts]: Start accepts. Automaton has 77 states and 81 transitions. Word has length 25 [2020-07-29 00:58:40,156 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:58:40,156 INFO L479 AbstractCegarLoop]: Abstraction has 77 states and 81 transitions. [2020-07-29 00:58:40,156 INFO L480 AbstractCegarLoop]: Interpolant automaton has 7 states. [2020-07-29 00:58:40,156 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 81 transitions. [2020-07-29 00:58:40,157 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 28 [2020-07-29 00:58:40,157 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:58:40,157 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:58:40,157 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2020-07-29 00:58:40,157 INFO L427 AbstractCegarLoop]: === Iteration 13 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:58:40,158 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:58:40,158 INFO L82 PathProgramCache]: Analyzing trace with hash -50131134, now seen corresponding path program 1 times [2020-07-29 00:58:40,158 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:58:40,158 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [598603657] [2020-07-29 00:58:40,158 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:58:40,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:40,383 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:58:40,385 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:40,388 INFO L280 TraceCheckUtils]: 0: Hoare triple {4051#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {4033#true} is VALID [2020-07-29 00:58:40,389 INFO L280 TraceCheckUtils]: 1: Hoare triple {4033#true} assume true; {4033#true} is VALID [2020-07-29 00:58:40,389 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {4033#true} {4033#true} #109#return; {4033#true} is VALID [2020-07-29 00:58:40,402 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2020-07-29 00:58:40,406 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:40,433 INFO L280 TraceCheckUtils]: 0: Hoare triple {4052#(= |#memory_int| |old(#memory_int)|)} havoc ~i~0;~i~0 := 0; {4052#(= |#memory_int| |old(#memory_int)|)} is VALID [2020-07-29 00:58:40,434 INFO L280 TraceCheckUtils]: 1: Hoare triple {4052#(= |#memory_int| |old(#memory_int)|)} assume !!(~i~0 < ~n~0); {4052#(= |#memory_int| |old(#memory_int)|)} is VALID [2020-07-29 00:58:40,436 INFO L280 TraceCheckUtils]: 2: Hoare triple {4052#(= |#memory_int| |old(#memory_int)|)} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,437 INFO L280 TraceCheckUtils]: 3: Hoare triple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,437 INFO L280 TraceCheckUtils]: 4: Hoare triple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} assume !(~i~0 < ~n~0); {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,438 INFO L280 TraceCheckUtils]: 5: Hoare triple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} ~i~0 := 0; {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,439 INFO L280 TraceCheckUtils]: 6: Hoare triple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} assume !(~i~0 < ~n~0 - 1); {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,440 INFO L280 TraceCheckUtils]: 7: Hoare triple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} assume true; {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,442 INFO L275 TraceCheckUtils]: 8: Hoare quadruple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} {4039#(and (= ~b~0.offset 4) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base)))} #107#return; {4049#(and (= ~b~0.offset 4) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))))} is VALID [2020-07-29 00:58:40,444 INFO L263 TraceCheckUtils]: 0: Hoare triple {4033#true} call ULTIMATE.init(); {4051#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} is VALID [2020-07-29 00:58:40,444 INFO L280 TraceCheckUtils]: 1: Hoare triple {4051#(and (= ~a~0.offset |old(~a~0.offset)|) (= ~a~0.base |old(~a~0.base)|) (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= ~n~0 |old(~n~0)|) (= |#NULL.offset| |old(#NULL.offset)|) (= ~b~0.base |old(~b~0.base)|) (= ~b~0.offset |old(~b~0.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {4033#true} is VALID [2020-07-29 00:58:40,445 INFO L280 TraceCheckUtils]: 2: Hoare triple {4033#true} assume true; {4033#true} is VALID [2020-07-29 00:58:40,445 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {4033#true} {4033#true} #109#return; {4033#true} is VALID [2020-07-29 00:58:40,445 INFO L263 TraceCheckUtils]: 4: Hoare triple {4033#true} call #t~ret10 := main(); {4033#true} is VALID [2020-07-29 00:58:40,446 INFO L280 TraceCheckUtils]: 5: Hoare triple {4033#true} ~n~0 := 1; {4033#true} is VALID [2020-07-29 00:58:40,446 INFO L280 TraceCheckUtils]: 6: Hoare triple {4033#true} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {4033#true} is VALID [2020-07-29 00:58:40,446 INFO L280 TraceCheckUtils]: 7: Hoare triple {4033#true} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {4033#true} is VALID [2020-07-29 00:58:40,448 INFO L280 TraceCheckUtils]: 8: Hoare triple {4033#true} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {4038#(and (= 0 |main_#t~post8.offset|) (= ~b~0.offset 4) (= |main_#t~post8.base| ~b~0.base) (not (= ~a~0.base |main_#t~post8.base|)))} is VALID [2020-07-29 00:58:40,450 INFO L280 TraceCheckUtils]: 9: Hoare triple {4038#(and (= 0 |main_#t~post8.offset|) (= ~b~0.offset 4) (= |main_#t~post8.base| ~b~0.base) (not (= ~a~0.base |main_#t~post8.base|)))} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {4039#(and (= ~b~0.offset 4) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:40,451 INFO L280 TraceCheckUtils]: 10: Hoare triple {4039#(and (= ~b~0.offset 4) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base)))} havoc #t~post8.base, #t~post8.offset; {4039#(and (= ~b~0.offset 4) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:40,452 INFO L263 TraceCheckUtils]: 11: Hoare triple {4039#(and (= ~b~0.offset 4) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base)))} call foo(); {4052#(= |#memory_int| |old(#memory_int)|)} is VALID [2020-07-29 00:58:40,453 INFO L280 TraceCheckUtils]: 12: Hoare triple {4052#(= |#memory_int| |old(#memory_int)|)} havoc ~i~0;~i~0 := 0; {4052#(= |#memory_int| |old(#memory_int)|)} is VALID [2020-07-29 00:58:40,454 INFO L280 TraceCheckUtils]: 13: Hoare triple {4052#(= |#memory_int| |old(#memory_int)|)} assume !!(~i~0 < ~n~0); {4052#(= |#memory_int| |old(#memory_int)|)} is VALID [2020-07-29 00:58:40,455 INFO L280 TraceCheckUtils]: 14: Hoare triple {4052#(= |#memory_int| |old(#memory_int)|)} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,456 INFO L280 TraceCheckUtils]: 15: Hoare triple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,457 INFO L280 TraceCheckUtils]: 16: Hoare triple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} assume !(~i~0 < ~n~0); {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,457 INFO L280 TraceCheckUtils]: 17: Hoare triple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} ~i~0 := 0; {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,458 INFO L280 TraceCheckUtils]: 18: Hoare triple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} assume !(~i~0 < ~n~0 - 1); {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,459 INFO L280 TraceCheckUtils]: 19: Hoare triple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} assume true; {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} is VALID [2020-07-29 00:58:40,460 INFO L275 TraceCheckUtils]: 20: Hoare quadruple {4053#(= (store |old(#memory_int)| ~a~0.base (select |#memory_int| ~a~0.base)) |#memory_int|)} {4039#(and (= ~b~0.offset 4) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base)))} #107#return; {4049#(and (= ~b~0.offset 4) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))))} is VALID [2020-07-29 00:58:40,461 INFO L280 TraceCheckUtils]: 21: Hoare triple {4049#(and (= ~b~0.offset 4) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))))} SUMMARY for call #t~mem9 := read~int(~b~0.base, -4 + ~b~0.offset, 4); srcloc: L532-1 {4050#(= 0 |main_#t~mem9|)} is VALID [2020-07-29 00:58:40,462 INFO L280 TraceCheckUtils]: 22: Hoare triple {4050#(= 0 |main_#t~mem9|)} assume 0 != #t~mem9;havoc #t~mem9; {4034#false} is VALID [2020-07-29 00:58:40,462 INFO L280 TraceCheckUtils]: 23: Hoare triple {4034#false} assume 0 == ~a~0.offset; {4034#false} is VALID [2020-07-29 00:58:40,462 INFO L280 TraceCheckUtils]: 24: Hoare triple {4034#false} assume ~a~0.base < #StackHeapBarrier; {4034#false} is VALID [2020-07-29 00:58:40,462 INFO L280 TraceCheckUtils]: 25: Hoare triple {4034#false} assume 0 == ~a~0.base || 1 == #valid[~a~0.base];call ULTIMATE.dealloc(~a~0.base, ~a~0.offset); {4034#false} is VALID [2020-07-29 00:58:40,463 INFO L280 TraceCheckUtils]: 26: Hoare triple {4034#false} assume !(0 == ~b~0.offset); {4034#false} is VALID [2020-07-29 00:58:40,465 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:40,465 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [598603657] [2020-07-29 00:58:40,465 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1554787677] [2020-07-29 00:58:40,465 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:58:40,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:40,572 INFO L263 TraceCheckSpWp]: Trace formula consists of 147 conjuncts, 21 conjunts are in the unsatisfiable core [2020-07-29 00:58:40,585 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:58:40,587 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 00:58:40,637 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 8 [2020-07-29 00:58:40,639 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:58:40,649 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:58:40,650 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-29 00:58:40,650 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:17, output treesize:13 [2020-07-29 00:58:40,652 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:58:40,653 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_32|]. (and (= ~b~0.offset (+ |main_#t~post8.offset| 4)) (= 0 (select (store |v_#valid_32| ~a~0.base 1) |main_#t~post8.base|)) (= |main_#t~post8.base| ~b~0.base)) [2020-07-29 00:58:40,653 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= ~b~0.offset (+ |main_#t~post8.offset| 4)) (= |main_#t~post8.base| ~b~0.base) (not (= ~a~0.base |main_#t~post8.base|))) [2020-07-29 00:58:40,691 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 9 [2020-07-29 00:58:40,692 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:58:40,698 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:58:40,698 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-29 00:58:40,699 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:18, output treesize:14 [2020-07-29 00:58:40,742 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 9 treesize of output 3 [2020-07-29 00:58:40,743 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:58:40,749 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:58:40,749 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-29 00:58:40,750 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:17, output treesize:8 [2020-07-29 00:58:40,753 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:58:40,753 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_BEFORE_CALL_1|]. (and (= 0 (select (select |v_#memory_int_BEFORE_CALL_1| ~b~0.base) (+ ~b~0.offset (- 4)))) (= |#memory_int| |old(#memory_int)|) (not (= ~a~0.base ~b~0.base))) [2020-07-29 00:58:40,753 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= |#memory_int| |old(#memory_int)|) (not (= ~a~0.base ~b~0.base))) [2020-07-29 00:58:44,785 WARN L193 SmtUtils]: Spent 686.00 ms on a formula simplification that was a NOOP. DAG size: 18 [2020-07-29 00:58:44,871 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 25 treesize of output 24 [2020-07-29 00:58:44,872 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:58:44,882 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:58:44,895 INFO L544 ElimStorePlain]: Start of recursive call 1: 3 dim-0 vars, 1 dim-2 vars, End of recursive call: 3 dim-0 vars, and 1 xjuncts. [2020-07-29 00:58:44,895 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 4 variables, input treesize:29, output treesize:25 [2020-07-29 00:58:44,902 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:58:44,902 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_BEFORE_CALL_2|, ~a~0.base, ~a~0.offset, foo_~i~0]. (and (= (store |v_#memory_int_BEFORE_CALL_2| ~a~0.base (store (select |v_#memory_int_BEFORE_CALL_2| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))) |#memory_int|) (not (= ~a~0.base ~b~0.base)) (= 0 (select (select |v_#memory_int_BEFORE_CALL_2| ~b~0.base) (+ ~b~0.offset (- 4))))) [2020-07-29 00:58:44,902 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [~a~0.base, ~a~0.offset, foo_~i~0]. (and (= (- 1) (select (select |#memory_int| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)))) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base))) [2020-07-29 00:58:45,016 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 0 case distinctions, treesize of input 32 treesize of output 12 [2020-07-29 00:58:45,019 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:58:45,024 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:58:45,042 INFO L544 ElimStorePlain]: Start of recursive call 1: 5 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-29 00:58:45,042 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 6 variables, input treesize:36, output treesize:3 [2020-07-29 00:58:45,047 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:58:45,047 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, ~b~0.base, ~b~0.offset, ~a~0.base, ~a~0.offset, foo_~i~0]. (let ((.cse0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4))))) (and (= .cse0 |main_#t~mem9|) (= 0 (+ (select (select |#memory_int| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4))) 1)) (= 0 .cse0) (not (= ~a~0.base ~b~0.base)))) [2020-07-29 00:58:45,048 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= 0 |main_#t~mem9|) [2020-07-29 00:58:45,052 INFO L263 TraceCheckUtils]: 0: Hoare triple {4033#true} call ULTIMATE.init(); {4033#true} is VALID [2020-07-29 00:58:45,052 INFO L280 TraceCheckUtils]: 1: Hoare triple {4033#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier;~a~0.base, ~a~0.offset := 0, 0;~b~0.base, ~b~0.offset := 0, 0;~n~0 := 0; {4033#true} is VALID [2020-07-29 00:58:45,053 INFO L280 TraceCheckUtils]: 2: Hoare triple {4033#true} assume true; {4033#true} is VALID [2020-07-29 00:58:45,053 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {4033#true} {4033#true} #109#return; {4033#true} is VALID [2020-07-29 00:58:45,054 INFO L263 TraceCheckUtils]: 4: Hoare triple {4033#true} call #t~ret10 := main(); {4033#true} is VALID [2020-07-29 00:58:45,057 INFO L280 TraceCheckUtils]: 5: Hoare triple {4033#true} ~n~0 := 1; {4072#(<= ~n~0 1)} is VALID [2020-07-29 00:58:45,062 INFO L280 TraceCheckUtils]: 6: Hoare triple {4072#(<= ~n~0 1)} assume -2147483648 <= #t~nondet4 && #t~nondet4 <= 2147483647; {4072#(<= ~n~0 1)} is VALID [2020-07-29 00:58:45,062 INFO L280 TraceCheckUtils]: 7: Hoare triple {4072#(<= ~n~0 1)} assume !(0 != #t~nondet4 && ~n~0 < 30);havoc #t~nondet4; {4033#true} is VALID [2020-07-29 00:58:45,064 INFO L280 TraceCheckUtils]: 8: Hoare triple {4033#true} call #t~malloc6.base, #t~malloc6.offset := #Ultimate.allocOnHeap(4 * ~n~0);~a~0.base, ~a~0.offset := #t~malloc6.base, #t~malloc6.offset;call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnHeap(4 * ~n~0);~b~0.base, ~b~0.offset := #t~malloc7.base, #t~malloc7.offset;#t~post8.base, #t~post8.offset := ~b~0.base, ~b~0.offset;~b~0.base, ~b~0.offset := #t~post8.base, 4 + #t~post8.offset; {4082#(and (= ~b~0.offset (+ |main_#t~post8.offset| 4)) (= |main_#t~post8.base| ~b~0.base) (not (= ~a~0.base |main_#t~post8.base|)))} is VALID [2020-07-29 00:58:45,066 INFO L280 TraceCheckUtils]: 9: Hoare triple {4082#(and (= ~b~0.offset (+ |main_#t~post8.offset| 4)) (= |main_#t~post8.base| ~b~0.base) (not (= ~a~0.base |main_#t~post8.base|)))} SUMMARY for call write~int(0, #t~post8.base, #t~post8.offset, 4); srcloc: L531 {4086#(and (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:45,066 INFO L280 TraceCheckUtils]: 10: Hoare triple {4086#(and (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base)))} havoc #t~post8.base, #t~post8.offset; {4086#(and (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:45,067 INFO L263 TraceCheckUtils]: 11: Hoare triple {4086#(and (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base)))} call foo(); {4093#(and (= |#memory_int| |old(#memory_int)|) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:45,068 INFO L280 TraceCheckUtils]: 12: Hoare triple {4093#(and (= |#memory_int| |old(#memory_int)|) (not (= ~a~0.base ~b~0.base)))} havoc ~i~0;~i~0 := 0; {4093#(and (= |#memory_int| |old(#memory_int)|) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:45,069 INFO L280 TraceCheckUtils]: 13: Hoare triple {4093#(and (= |#memory_int| |old(#memory_int)|) (not (= ~a~0.base ~b~0.base)))} assume !!(~i~0 < ~n~0); {4093#(and (= |#memory_int| |old(#memory_int)|) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:45,071 INFO L280 TraceCheckUtils]: 14: Hoare triple {4093#(and (= |#memory_int| |old(#memory_int)|) (not (= ~a~0.base ~b~0.base)))} SUMMARY for call write~int(-1, ~a~0.base, ~a~0.offset + 4 * ~i~0, 4); srcloc: L519 {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:45,072 INFO L280 TraceCheckUtils]: 15: Hoare triple {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} #t~post2 := ~i~0;~i~0 := 1 + #t~post2;havoc #t~post2; {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:45,073 INFO L280 TraceCheckUtils]: 16: Hoare triple {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} assume !(~i~0 < ~n~0); {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:45,074 INFO L280 TraceCheckUtils]: 17: Hoare triple {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} ~i~0 := 0; {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:45,075 INFO L280 TraceCheckUtils]: 18: Hoare triple {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} assume !(~i~0 < ~n~0 - 1); {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:45,075 INFO L280 TraceCheckUtils]: 19: Hoare triple {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} assume true; {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} is VALID [2020-07-29 00:58:45,077 INFO L275 TraceCheckUtils]: 20: Hoare quadruple {4103#(and (exists ((foo_~i~0 Int)) (= |#memory_int| (store |old(#memory_int)| ~a~0.base (store (select |old(#memory_int)| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4)) (- 1))))) (not (= ~a~0.base ~b~0.base)))} {4086#(and (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))) (not (= ~a~0.base ~b~0.base)))} #107#return; {4122#(and (exists ((~a~0.offset Int) (foo_~i~0 Int) (~a~0.base Int)) (and (= 0 (+ (select (select |#memory_int| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4))) 1)) (not (= ~a~0.base ~b~0.base)))) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))))} is VALID [2020-07-29 00:58:45,078 INFO L280 TraceCheckUtils]: 21: Hoare triple {4122#(and (exists ((~a~0.offset Int) (foo_~i~0 Int) (~a~0.base Int)) (and (= 0 (+ (select (select |#memory_int| ~a~0.base) (+ ~a~0.offset (* foo_~i~0 4))) 1)) (not (= ~a~0.base ~b~0.base)))) (= 0 (select (select |#memory_int| ~b~0.base) (+ ~b~0.offset (- 4)))))} SUMMARY for call #t~mem9 := read~int(~b~0.base, -4 + ~b~0.offset, 4); srcloc: L532-1 {4050#(= 0 |main_#t~mem9|)} is VALID [2020-07-29 00:58:45,079 INFO L280 TraceCheckUtils]: 22: Hoare triple {4050#(= 0 |main_#t~mem9|)} assume 0 != #t~mem9;havoc #t~mem9; {4034#false} is VALID [2020-07-29 00:58:45,079 INFO L280 TraceCheckUtils]: 23: Hoare triple {4034#false} assume 0 == ~a~0.offset; {4034#false} is VALID [2020-07-29 00:58:45,079 INFO L280 TraceCheckUtils]: 24: Hoare triple {4034#false} assume ~a~0.base < #StackHeapBarrier; {4034#false} is VALID [2020-07-29 00:58:45,080 INFO L280 TraceCheckUtils]: 25: Hoare triple {4034#false} assume 0 == ~a~0.base || 1 == #valid[~a~0.base];call ULTIMATE.dealloc(~a~0.base, ~a~0.offset); {4034#false} is VALID [2020-07-29 00:58:45,080 INFO L280 TraceCheckUtils]: 26: Hoare triple {4034#false} assume !(0 == ~b~0.offset); {4034#false} is VALID [2020-07-29 00:58:45,084 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:58:45,084 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-29 00:58:45,085 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 15 [2020-07-29 00:58:45,087 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1572710121] [2020-07-29 00:58:45,088 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 27 [2020-07-29 00:58:45,089 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:58:45,089 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states. [2020-07-29 00:58:45,159 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 46 edges. 46 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:58:45,159 INFO L459 AbstractCegarLoop]: Interpolant automaton has 15 states [2020-07-29 00:58:45,160 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:58:45,160 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2020-07-29 00:58:45,161 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=34, Invalid=171, Unknown=5, NotChecked=0, Total=210 [2020-07-29 00:58:45,161 INFO L87 Difference]: Start difference. First operand 77 states and 81 transitions. Second operand 15 states. [2020-07-29 00:58:58,604 WARN L193 SmtUtils]: Spent 1.70 s on a formula simplification. DAG size of input: 54 DAG size of output: 48 [2020-07-29 00:59:00,531 WARN L193 SmtUtils]: Spent 1.83 s on a formula simplification. DAG size of input: 53 DAG size of output: 46 [2020-07-29 00:59:53,971 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:59:53,971 INFO L93 Difference]: Finished difference Result 85 states and 88 transitions. [2020-07-29 00:59:53,971 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2020-07-29 00:59:53,971 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 27 [2020-07-29 00:59:53,972 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:59:53,972 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2020-07-29 00:59:53,974 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 21 states to 21 states and 67 transitions. [2020-07-29 00:59:53,974 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2020-07-29 00:59:53,975 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 21 states to 21 states and 67 transitions. [2020-07-29 00:59:53,976 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 21 states and 67 transitions. [2020-07-29 00:59:54,145 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 67 edges. 67 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:59:54,147 INFO L225 Difference]: With dead ends: 85 [2020-07-29 00:59:54,148 INFO L226 Difference]: Without dead ends: 85 [2020-07-29 00:59:54,148 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 24 SyntacticMatches, 0 SemanticMatches, 28 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 130 ImplicationChecksByTransitivity, 10.6s TimeCoverageRelationStatistics Valid=166, Invalid=695, Unknown=9, NotChecked=0, Total=870 [2020-07-29 00:59:54,149 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 85 states. [2020-07-29 00:59:54,151 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 85 to 79. [2020-07-29 00:59:54,151 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:59:54,151 INFO L82 GeneralOperation]: Start isEquivalent. First operand 85 states. Second operand 79 states. [2020-07-29 00:59:54,152 INFO L74 IsIncluded]: Start isIncluded. First operand 85 states. Second operand 79 states. [2020-07-29 00:59:54,152 INFO L87 Difference]: Start difference. First operand 85 states. Second operand 79 states. [2020-07-29 00:59:54,154 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:59:54,154 INFO L93 Difference]: Finished difference Result 85 states and 88 transitions. [2020-07-29 00:59:54,154 INFO L276 IsEmpty]: Start isEmpty. Operand 85 states and 88 transitions. [2020-07-29 00:59:54,155 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:59:54,155 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:59:54,155 INFO L74 IsIncluded]: Start isIncluded. First operand 79 states. Second operand 85 states. [2020-07-29 00:59:54,155 INFO L87 Difference]: Start difference. First operand 79 states. Second operand 85 states. [2020-07-29 00:59:54,157 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:59:54,158 INFO L93 Difference]: Finished difference Result 85 states and 88 transitions. [2020-07-29 00:59:54,158 INFO L276 IsEmpty]: Start isEmpty. Operand 85 states and 88 transitions. [2020-07-29 00:59:54,158 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:59:54,158 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:59:54,158 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:59:54,159 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:59:54,159 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 79 states. [2020-07-29 00:59:54,160 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 83 transitions. [2020-07-29 00:59:54,160 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 83 transitions. Word has length 27 [2020-07-29 00:59:54,160 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:59:54,160 INFO L479 AbstractCegarLoop]: Abstraction has 79 states and 83 transitions. [2020-07-29 00:59:54,160 INFO L480 AbstractCegarLoop]: Interpolant automaton has 15 states. [2020-07-29 00:59:54,160 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 83 transitions. [2020-07-29 00:59:54,161 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 28 [2020-07-29 00:59:54,161 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:59:54,161 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:59:54,362 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12,5 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:59:54,362 INFO L427 AbstractCegarLoop]: === Iteration 14 === [fooErr1REQUIRES_VIOLATION, fooErr0REQUIRES_VIOLATION, fooErr2REQUIRES_VIOLATION, fooErr3REQUIRES_VIOLATION, mainErr14ASSERT_VIOLATIONMEMORY_FREE, mainErr13ASSERT_VIOLATIONMEMORY_FREE, mainErr12ASSERT_VIOLATIONMEMORY_FREE, mainErr15ASSERT_VIOLATIONMEMORY_FREE, mainErr2REQUIRES_VIOLATION, mainErr10ASSERT_VIOLATIONMEMORY_FREE, mainErr3REQUIRES_VIOLATION, mainErr11ASSERT_VIOLATIONMEMORY_FREE, mainErr5ASSERT_VIOLATIONMEMORY_FREE, mainErr8ASSERT_VIOLATIONMEMORY_FREE, mainErr16ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr9ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION, mainErr6ASSERT_VIOLATIONMEMORY_FREE, mainErr7ASSERT_VIOLATIONMEMORY_FREE]=== [2020-07-29 00:59:54,363 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:59:54,363 INFO L82 PathProgramCache]: Analyzing trace with hash -36770864, now seen corresponding path program 1 times [2020-07-29 00:59:54,364 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:59:54,365 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [524230306] [2020-07-29 00:59:54,366 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:59:54,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2020-07-29 00:59:54,390 INFO L221 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2020-07-29 00:59:54,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2020-07-29 00:59:54,403 INFO L221 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2020-07-29 00:59:54,428 INFO L174 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2020-07-29 00:59:54,428 INFO L520 BasicCegarLoop]: Counterexample might be feasible [2020-07-29 00:59:54,428 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable13 [2020-07-29 00:59:54,476 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 29.07 12:59:54 BoogieIcfgContainer [2020-07-29 00:59:54,476 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2020-07-29 00:59:54,477 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2020-07-29 00:59:54,477 INFO L271 PluginConnector]: Initializing Witness Printer... [2020-07-29 00:59:54,478 INFO L275 PluginConnector]: Witness Printer initialized [2020-07-29 00:59:54,478 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 12:58:25" (3/4) ... [2020-07-29 00:59:54,481 INFO L131 WitnessPrinter]: Generating witness for reachability counterexample [2020-07-29 00:59:54,540 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2020-07-29 00:59:54,541 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2020-07-29 00:59:54,543 INFO L168 Benchmark]: Toolchain (without parser) took 90474.91 ms. Allocated memory was 1.0 GB in the beginning and 1.4 GB in the end (delta: 360.2 MB). Free memory was 960.2 MB in the beginning and 1.0 GB in the end (delta: -72.4 MB). Peak memory consumption was 287.8 MB. Max. memory is 11.5 GB. [2020-07-29 00:59:54,543 INFO L168 Benchmark]: CDTParser took 0.69 ms. Allocated memory is still 1.0 GB. Free memory is still 987.1 MB. There was no memory consumed. Max. memory is 11.5 GB. [2020-07-29 00:59:54,544 INFO L168 Benchmark]: CACSL2BoogieTranslator took 621.65 ms. Allocated memory was 1.0 GB in the beginning and 1.1 GB in the end (delta: 109.6 MB). Free memory was 960.2 MB in the beginning and 1.1 GB in the end (delta: -131.5 MB). Peak memory consumption was 26.2 MB. Max. memory is 11.5 GB. [2020-07-29 00:59:54,544 INFO L168 Benchmark]: Boogie Preprocessor took 74.36 ms. Allocated memory is still 1.1 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 13.6 MB). Peak memory consumption was 13.6 MB. Max. memory is 11.5 GB. [2020-07-29 00:59:54,545 INFO L168 Benchmark]: RCFGBuilder took 795.09 ms. Allocated memory is still 1.1 GB. Free memory was 1.1 GB in the beginning and 1.0 GB in the end (delta: 59.8 MB). Peak memory consumption was 59.8 MB. Max. memory is 11.5 GB. [2020-07-29 00:59:54,546 INFO L168 Benchmark]: TraceAbstraction took 88911.45 ms. Allocated memory was 1.1 GB in the beginning and 1.4 GB in the end (delta: 250.6 MB). Free memory was 1.0 GB in the beginning and 1.0 GB in the end (delta: -21.0 MB). Peak memory consumption was 229.6 MB. Max. memory is 11.5 GB. [2020-07-29 00:59:54,546 INFO L168 Benchmark]: Witness Printer took 63.67 ms. Allocated memory is still 1.4 GB. Free memory is still 1.0 GB. There was no memory consumed. Max. memory is 11.5 GB. [2020-07-29 00:59:54,548 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.69 ms. Allocated memory is still 1.0 GB. Free memory is still 987.1 MB. There was no memory consumed. Max. memory is 11.5 GB. * CACSL2BoogieTranslator took 621.65 ms. Allocated memory was 1.0 GB in the beginning and 1.1 GB in the end (delta: 109.6 MB). Free memory was 960.2 MB in the beginning and 1.1 GB in the end (delta: -131.5 MB). Peak memory consumption was 26.2 MB. Max. memory is 11.5 GB. * Boogie Preprocessor took 74.36 ms. Allocated memory is still 1.1 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 13.6 MB). Peak memory consumption was 13.6 MB. Max. memory is 11.5 GB. * RCFGBuilder took 795.09 ms. Allocated memory is still 1.1 GB. Free memory was 1.1 GB in the beginning and 1.0 GB in the end (delta: 59.8 MB). Peak memory consumption was 59.8 MB. Max. memory is 11.5 GB. * TraceAbstraction took 88911.45 ms. Allocated memory was 1.1 GB in the beginning and 1.4 GB in the end (delta: 250.6 MB). Free memory was 1.0 GB in the beginning and 1.0 GB in the end (delta: -21.0 MB). Peak memory consumption was 229.6 MB. Max. memory is 11.5 GB. * Witness Printer took 63.67 ms. Allocated memory is still 1.4 GB. Free memory is still 1.0 GB. There was no memory consumed. Max. memory is 11.5 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - CounterExampleResult [Line: 536]: free of unallocated memory possible free of unallocated memory possible We found a FailurePath: [L512] int *a, *b; [L513] int n; VAL [\old(a)=9, \old(a)=7, \old(b)=5, \old(b)=10, \old(n)=8, a={0:0}, b={0:0}, n=0] [L525] n = 1 VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={0:0}, b={0:0}, n=1] [L526] COND FALSE !(__VERIFIER_nondet_int() && n < 30) [L529] a = malloc(n * sizeof(*a)) [L530] b = malloc(n * sizeof(*b)) [L531] EXPR b++ VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, b++={-2:0}, malloc(n * sizeof(*a))={2:0}, malloc(n * sizeof(*b))={-2:0}, n=1] [L531] *b++ = 0 VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, b++={-2:0}, malloc(n * sizeof(*a))={2:0}, malloc(n * sizeof(*b))={-2:0}, n=1] [L532] CALL foo() VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, n=1] [L517] int i; [L518] i = 0 VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, i=0, n=1] [L518] COND TRUE i < n VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, i=0, n=1] [L519] a[i] = -1 VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, i=0, n=1] [L518] i++ VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, i=1, n=1] [L518] COND FALSE !(i < n) VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, i=1, n=1] [L520] i = 0 VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, i=0, n=1] [L520] COND FALSE !(i < n - 1) VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, i=0, n=1] [L532] RET foo() VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, malloc(n * sizeof(*a))={2:0}, malloc(n * sizeof(*b))={-2:0}, n=1] [L533] b[-1] VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, b[-1]=0, malloc(n * sizeof(*a))={2:0}, malloc(n * sizeof(*b))={-2:0}, n=1] [L533] COND FALSE !(b[-1]) [L536] free(a) VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, malloc(n * sizeof(*a))={2:0}, malloc(n * sizeof(*b))={-2:0}, n=1] [L536] free(a) VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, malloc(n * sizeof(*a))={2:0}, malloc(n * sizeof(*b))={-2:0}, n=1] [L536] free(a) [L536] free(b) VAL [\old(a)=0, \old(a)=0, \old(b)=0, \old(b)=0, \old(n)=0, a={2:0}, b={-2:4}, malloc(n * sizeof(*a))={2:0}, malloc(n * sizeof(*b))={-2:0}, n=1] - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 77 locations, 21 error locations. Started 1 CEGAR loops. VerificationResult: UNSAFE, OverallTime: 88.7s, OverallIterations: 14, TraceHistogramMax: 3, AutomataDifference: 78.6s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 480 SDtfs, 1046 SDslu, 639 SDs, 0 SdLazy, 1667 SolverSat, 190 SolverUnsat, 22 SolverUnknown, 0 SolverNotchecked, 32.6s Time, PredicateUnifierStatistics: 0 DeclaredPredicates, 241 GetRequests, 111 SyntacticMatches, 0 SemanticMatches, 130 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 366 ImplicationChecksByTransitivity, 13.4s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=79occurred in iteration=13, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 13 MinimizatonAttempts, 133 StatesRemovedByMinimization, 6 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.3s SatisfiabilityAnalysisTime, 7.5s InterpolantComputationTime, 356 NumberOfCodeBlocks, 356 NumberOfCodeBlocksAsserted, 19 NumberOfCheckSat, 312 ConstructedInterpolants, 16 QuantifiedInterpolants, 40288 SizeOfPredicates, 25 NumberOfNonLiveVariables, 557 ConjunctsInSsa, 55 ConjunctsInUnsatCore, 17 InterpolantComputations, 10 PerfectInterpolantSequences, 27/42 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available RESULT: Ultimate proved your program to be incorrect! Received shutdown request...