./Ultimate.py --spec ../sv-benchmarks/c/properties/valid-memsafety.prp --file ../sv-benchmarks/c/array-memsafety/cstrchr_unsafe.i --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version 8bd4bc60 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx12G -Xms1G -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/array-memsafety/cstrchr_unsafe.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash efc45e5708d4a9b560055cd5abf7b168f9024833 ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... Execution finished normally Writing output log to file Ultimate.log Writing human readable error path to file UltimateCounterExample.errorpath Result: FALSE(valid-deref) --- Real Ultimate output --- This is Ultimate 0.1.25-8bd4bc6 [2020-07-29 00:48:00,728 INFO L177 SettingsManager]: Resetting all preferences to default values... [2020-07-29 00:48:00,731 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2020-07-29 00:48:00,747 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2020-07-29 00:48:00,747 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2020-07-29 00:48:00,748 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2020-07-29 00:48:00,750 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2020-07-29 00:48:00,751 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2020-07-29 00:48:00,753 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2020-07-29 00:48:00,754 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2020-07-29 00:48:00,755 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2020-07-29 00:48:00,757 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2020-07-29 00:48:00,757 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2020-07-29 00:48:00,758 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2020-07-29 00:48:00,759 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2020-07-29 00:48:00,761 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2020-07-29 00:48:00,761 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2020-07-29 00:48:00,763 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2020-07-29 00:48:00,764 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2020-07-29 00:48:00,767 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2020-07-29 00:48:00,769 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2020-07-29 00:48:00,770 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2020-07-29 00:48:00,772 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2020-07-29 00:48:00,773 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2020-07-29 00:48:00,776 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2020-07-29 00:48:00,777 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2020-07-29 00:48:00,777 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2020-07-29 00:48:00,778 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2020-07-29 00:48:00,778 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2020-07-29 00:48:00,779 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2020-07-29 00:48:00,780 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2020-07-29 00:48:00,781 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2020-07-29 00:48:00,781 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2020-07-29 00:48:00,782 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2020-07-29 00:48:00,784 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2020-07-29 00:48:00,784 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2020-07-29 00:48:00,785 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2020-07-29 00:48:00,785 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2020-07-29 00:48:00,786 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2020-07-29 00:48:00,787 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2020-07-29 00:48:00,787 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2020-07-29 00:48:00,788 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2020-07-29 00:48:00,819 INFO L113 SettingsManager]: Loading preferences was successful [2020-07-29 00:48:00,821 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2020-07-29 00:48:00,824 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2020-07-29 00:48:00,824 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2020-07-29 00:48:00,824 INFO L138 SettingsManager]: * Use SBE=true [2020-07-29 00:48:00,825 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2020-07-29 00:48:00,825 INFO L138 SettingsManager]: * sizeof long=4 [2020-07-29 00:48:00,825 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2020-07-29 00:48:00,826 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2020-07-29 00:48:00,826 INFO L138 SettingsManager]: * sizeof POINTER=4 [2020-07-29 00:48:00,827 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2020-07-29 00:48:00,828 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2020-07-29 00:48:00,828 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2020-07-29 00:48:00,828 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2020-07-29 00:48:00,829 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2020-07-29 00:48:00,829 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2020-07-29 00:48:00,829 INFO L138 SettingsManager]: * sizeof long double=12 [2020-07-29 00:48:00,830 INFO L138 SettingsManager]: * Use constant arrays=true [2020-07-29 00:48:00,830 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2020-07-29 00:48:00,830 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2020-07-29 00:48:00,831 INFO L138 SettingsManager]: * To the following directory=./dump/ [2020-07-29 00:48:00,831 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2020-07-29 00:48:00,831 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-29 00:48:00,832 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2020-07-29 00:48:00,832 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2020-07-29 00:48:00,832 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2020-07-29 00:48:00,833 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2020-07-29 00:48:00,833 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2020-07-29 00:48:00,833 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> efc45e5708d4a9b560055cd5abf7b168f9024833 [2020-07-29 00:48:01,191 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2020-07-29 00:48:01,212 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2020-07-29 00:48:01,216 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2020-07-29 00:48:01,220 INFO L271 PluginConnector]: Initializing CDTParser... [2020-07-29 00:48:01,221 INFO L275 PluginConnector]: CDTParser initialized [2020-07-29 00:48:01,222 INFO L429 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/array-memsafety/cstrchr_unsafe.i [2020-07-29 00:48:01,306 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d34086f5a/2b8770d7c7ec49b7aacb64c7a3934f94/FLAG7bd55c029 [2020-07-29 00:48:01,810 INFO L306 CDTParser]: Found 1 translation units. [2020-07-29 00:48:01,811 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/array-memsafety/cstrchr_unsafe.i [2020-07-29 00:48:01,824 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d34086f5a/2b8770d7c7ec49b7aacb64c7a3934f94/FLAG7bd55c029 [2020-07-29 00:48:02,123 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d34086f5a/2b8770d7c7ec49b7aacb64c7a3934f94 [2020-07-29 00:48:02,126 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2020-07-29 00:48:02,129 INFO L131 ToolchainWalker]: Walking toolchain with 5 elements. [2020-07-29 00:48:02,130 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2020-07-29 00:48:02,131 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2020-07-29 00:48:02,134 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2020-07-29 00:48:02,135 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 29.07 12:48:02" (1/1) ... [2020-07-29 00:48:02,138 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4bd4be28 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:48:02, skipping insertion in model container [2020-07-29 00:48:02,138 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 29.07 12:48:02" (1/1) ... [2020-07-29 00:48:02,145 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2020-07-29 00:48:02,202 INFO L178 MainTranslator]: Built tables and reachable declarations [2020-07-29 00:48:02,785 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-29 00:48:02,797 INFO L203 MainTranslator]: Completed pre-run [2020-07-29 00:48:02,853 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-29 00:48:02,927 INFO L208 MainTranslator]: Completed translation [2020-07-29 00:48:02,928 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:48:02 WrapperNode [2020-07-29 00:48:02,929 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2020-07-29 00:48:02,930 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2020-07-29 00:48:02,931 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2020-07-29 00:48:02,931 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2020-07-29 00:48:02,945 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:48:02" (1/1) ... [2020-07-29 00:48:02,946 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:48:02" (1/1) ... [2020-07-29 00:48:02,982 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:48:02" (1/1) ... [2020-07-29 00:48:02,983 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:48:02" (1/1) ... [2020-07-29 00:48:03,029 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:48:02" (1/1) ... [2020-07-29 00:48:03,039 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:48:02" (1/1) ... [2020-07-29 00:48:03,049 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:48:02" (1/1) ... [2020-07-29 00:48:03,062 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2020-07-29 00:48:03,063 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2020-07-29 00:48:03,065 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2020-07-29 00:48:03,065 INFO L275 PluginConnector]: RCFGBuilder initialized [2020-07-29 00:48:03,066 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:48:02" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-29 00:48:03,136 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2020-07-29 00:48:03,137 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2020-07-29 00:48:03,137 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_32 [2020-07-29 00:48:03,138 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_64 [2020-07-29 00:48:03,138 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint16_identity [2020-07-29 00:48:03,138 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint32_identity [2020-07-29 00:48:03,139 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint64_identity [2020-07-29 00:48:03,139 INFO L138 BoogieDeclarations]: Found implementation of procedure build_nondet_String [2020-07-29 00:48:03,139 INFO L138 BoogieDeclarations]: Found implementation of procedure cstrchr [2020-07-29 00:48:03,139 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2020-07-29 00:48:03,140 INFO L130 BoogieDeclarations]: Found specification of procedure __ctype_get_mb_cur_max [2020-07-29 00:48:03,140 INFO L130 BoogieDeclarations]: Found specification of procedure atof [2020-07-29 00:48:03,140 INFO L130 BoogieDeclarations]: Found specification of procedure atoi [2020-07-29 00:48:03,141 INFO L130 BoogieDeclarations]: Found specification of procedure atol [2020-07-29 00:48:03,141 INFO L130 BoogieDeclarations]: Found specification of procedure atoll [2020-07-29 00:48:03,141 INFO L130 BoogieDeclarations]: Found specification of procedure strtod [2020-07-29 00:48:03,141 INFO L130 BoogieDeclarations]: Found specification of procedure strtof [2020-07-29 00:48:03,142 INFO L130 BoogieDeclarations]: Found specification of procedure strtold [2020-07-29 00:48:03,142 INFO L130 BoogieDeclarations]: Found specification of procedure strtol [2020-07-29 00:48:03,142 INFO L130 BoogieDeclarations]: Found specification of procedure strtoul [2020-07-29 00:48:03,143 INFO L130 BoogieDeclarations]: Found specification of procedure strtoq [2020-07-29 00:48:03,143 INFO L130 BoogieDeclarations]: Found specification of procedure strtouq [2020-07-29 00:48:03,143 INFO L130 BoogieDeclarations]: Found specification of procedure strtoll [2020-07-29 00:48:03,144 INFO L130 BoogieDeclarations]: Found specification of procedure strtoull [2020-07-29 00:48:03,144 INFO L130 BoogieDeclarations]: Found specification of procedure l64a [2020-07-29 00:48:03,144 INFO L130 BoogieDeclarations]: Found specification of procedure a64l [2020-07-29 00:48:03,144 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_32 [2020-07-29 00:48:03,145 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_64 [2020-07-29 00:48:03,145 INFO L130 BoogieDeclarations]: Found specification of procedure __uint16_identity [2020-07-29 00:48:03,145 INFO L130 BoogieDeclarations]: Found specification of procedure __uint32_identity [2020-07-29 00:48:03,145 INFO L130 BoogieDeclarations]: Found specification of procedure __uint64_identity [2020-07-29 00:48:03,146 INFO L130 BoogieDeclarations]: Found specification of procedure select [2020-07-29 00:48:03,146 INFO L130 BoogieDeclarations]: Found specification of procedure pselect [2020-07-29 00:48:03,146 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_major [2020-07-29 00:48:03,146 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_minor [2020-07-29 00:48:03,146 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_makedev [2020-07-29 00:48:03,147 INFO L130 BoogieDeclarations]: Found specification of procedure random [2020-07-29 00:48:03,147 INFO L130 BoogieDeclarations]: Found specification of procedure srandom [2020-07-29 00:48:03,147 INFO L130 BoogieDeclarations]: Found specification of procedure initstate [2020-07-29 00:48:03,147 INFO L130 BoogieDeclarations]: Found specification of procedure setstate [2020-07-29 00:48:03,148 INFO L130 BoogieDeclarations]: Found specification of procedure random_r [2020-07-29 00:48:03,148 INFO L130 BoogieDeclarations]: Found specification of procedure srandom_r [2020-07-29 00:48:03,148 INFO L130 BoogieDeclarations]: Found specification of procedure initstate_r [2020-07-29 00:48:03,148 INFO L130 BoogieDeclarations]: Found specification of procedure setstate_r [2020-07-29 00:48:03,149 INFO L130 BoogieDeclarations]: Found specification of procedure rand [2020-07-29 00:48:03,149 INFO L130 BoogieDeclarations]: Found specification of procedure srand [2020-07-29 00:48:03,149 INFO L130 BoogieDeclarations]: Found specification of procedure rand_r [2020-07-29 00:48:03,149 INFO L130 BoogieDeclarations]: Found specification of procedure drand48 [2020-07-29 00:48:03,150 INFO L130 BoogieDeclarations]: Found specification of procedure erand48 [2020-07-29 00:48:03,150 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48 [2020-07-29 00:48:03,150 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48 [2020-07-29 00:48:03,150 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48 [2020-07-29 00:48:03,151 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48 [2020-07-29 00:48:03,151 INFO L130 BoogieDeclarations]: Found specification of procedure srand48 [2020-07-29 00:48:03,151 INFO L130 BoogieDeclarations]: Found specification of procedure seed48 [2020-07-29 00:48:03,151 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48 [2020-07-29 00:48:03,151 INFO L130 BoogieDeclarations]: Found specification of procedure drand48_r [2020-07-29 00:48:03,152 INFO L130 BoogieDeclarations]: Found specification of procedure erand48_r [2020-07-29 00:48:03,152 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48_r [2020-07-29 00:48:03,152 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48_r [2020-07-29 00:48:03,152 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48_r [2020-07-29 00:48:03,153 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48_r [2020-07-29 00:48:03,153 INFO L130 BoogieDeclarations]: Found specification of procedure srand48_r [2020-07-29 00:48:03,153 INFO L130 BoogieDeclarations]: Found specification of procedure seed48_r [2020-07-29 00:48:03,153 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48_r [2020-07-29 00:48:03,153 INFO L130 BoogieDeclarations]: Found specification of procedure malloc [2020-07-29 00:48:03,154 INFO L130 BoogieDeclarations]: Found specification of procedure calloc [2020-07-29 00:48:03,154 INFO L130 BoogieDeclarations]: Found specification of procedure realloc [2020-07-29 00:48:03,154 INFO L130 BoogieDeclarations]: Found specification of procedure free [2020-07-29 00:48:03,154 INFO L130 BoogieDeclarations]: Found specification of procedure alloca [2020-07-29 00:48:03,154 INFO L130 BoogieDeclarations]: Found specification of procedure valloc [2020-07-29 00:48:03,155 INFO L130 BoogieDeclarations]: Found specification of procedure posix_memalign [2020-07-29 00:48:03,155 INFO L130 BoogieDeclarations]: Found specification of procedure aligned_alloc [2020-07-29 00:48:03,155 INFO L130 BoogieDeclarations]: Found specification of procedure abort [2020-07-29 00:48:03,155 INFO L130 BoogieDeclarations]: Found specification of procedure atexit [2020-07-29 00:48:03,155 INFO L130 BoogieDeclarations]: Found specification of procedure at_quick_exit [2020-07-29 00:48:03,156 INFO L130 BoogieDeclarations]: Found specification of procedure on_exit [2020-07-29 00:48:03,156 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2020-07-29 00:48:03,156 INFO L130 BoogieDeclarations]: Found specification of procedure quick_exit [2020-07-29 00:48:03,156 INFO L130 BoogieDeclarations]: Found specification of procedure _Exit [2020-07-29 00:48:03,157 INFO L130 BoogieDeclarations]: Found specification of procedure getenv [2020-07-29 00:48:03,157 INFO L130 BoogieDeclarations]: Found specification of procedure putenv [2020-07-29 00:48:03,157 INFO L130 BoogieDeclarations]: Found specification of procedure setenv [2020-07-29 00:48:03,157 INFO L130 BoogieDeclarations]: Found specification of procedure unsetenv [2020-07-29 00:48:03,157 INFO L130 BoogieDeclarations]: Found specification of procedure clearenv [2020-07-29 00:48:03,158 INFO L130 BoogieDeclarations]: Found specification of procedure mktemp [2020-07-29 00:48:03,158 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemp [2020-07-29 00:48:03,158 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemps [2020-07-29 00:48:03,158 INFO L130 BoogieDeclarations]: Found specification of procedure mkdtemp [2020-07-29 00:48:03,158 INFO L130 BoogieDeclarations]: Found specification of procedure system [2020-07-29 00:48:03,159 INFO L130 BoogieDeclarations]: Found specification of procedure realpath [2020-07-29 00:48:03,159 INFO L130 BoogieDeclarations]: Found specification of procedure bsearch [2020-07-29 00:48:03,159 INFO L130 BoogieDeclarations]: Found specification of procedure qsort [2020-07-29 00:48:03,159 INFO L130 BoogieDeclarations]: Found specification of procedure abs [2020-07-29 00:48:03,159 INFO L130 BoogieDeclarations]: Found specification of procedure labs [2020-07-29 00:48:03,160 INFO L130 BoogieDeclarations]: Found specification of procedure llabs [2020-07-29 00:48:03,160 INFO L130 BoogieDeclarations]: Found specification of procedure div [2020-07-29 00:48:03,160 INFO L130 BoogieDeclarations]: Found specification of procedure ldiv [2020-07-29 00:48:03,160 INFO L130 BoogieDeclarations]: Found specification of procedure lldiv [2020-07-29 00:48:03,160 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt [2020-07-29 00:48:03,161 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt [2020-07-29 00:48:03,161 INFO L130 BoogieDeclarations]: Found specification of procedure gcvt [2020-07-29 00:48:03,161 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt [2020-07-29 00:48:03,161 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt [2020-07-29 00:48:03,161 INFO L130 BoogieDeclarations]: Found specification of procedure qgcvt [2020-07-29 00:48:03,162 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt_r [2020-07-29 00:48:03,162 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt_r [2020-07-29 00:48:03,162 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt_r [2020-07-29 00:48:03,162 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt_r [2020-07-29 00:48:03,162 INFO L130 BoogieDeclarations]: Found specification of procedure mblen [2020-07-29 00:48:03,163 INFO L130 BoogieDeclarations]: Found specification of procedure mbtowc [2020-07-29 00:48:03,163 INFO L130 BoogieDeclarations]: Found specification of procedure wctomb [2020-07-29 00:48:03,163 INFO L130 BoogieDeclarations]: Found specification of procedure mbstowcs [2020-07-29 00:48:03,163 INFO L130 BoogieDeclarations]: Found specification of procedure wcstombs [2020-07-29 00:48:03,163 INFO L130 BoogieDeclarations]: Found specification of procedure rpmatch [2020-07-29 00:48:03,164 INFO L130 BoogieDeclarations]: Found specification of procedure getsubopt [2020-07-29 00:48:03,164 INFO L130 BoogieDeclarations]: Found specification of procedure getloadavg [2020-07-29 00:48:03,164 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_int [2020-07-29 00:48:03,164 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_char [2020-07-29 00:48:03,164 INFO L130 BoogieDeclarations]: Found specification of procedure build_nondet_String [2020-07-29 00:48:03,165 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2020-07-29 00:48:03,165 INFO L130 BoogieDeclarations]: Found specification of procedure write~int [2020-07-29 00:48:03,165 INFO L130 BoogieDeclarations]: Found specification of procedure cstrchr [2020-07-29 00:48:03,165 INFO L130 BoogieDeclarations]: Found specification of procedure read~int [2020-07-29 00:48:03,165 INFO L130 BoogieDeclarations]: Found specification of procedure main [2020-07-29 00:48:03,166 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2020-07-29 00:48:03,166 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2020-07-29 00:48:03,166 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2020-07-29 00:48:03,917 INFO L290 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2020-07-29 00:48:03,918 INFO L295 CfgBuilder]: Removed 2 assume(true) statements. [2020-07-29 00:48:03,924 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 12:48:03 BoogieIcfgContainer [2020-07-29 00:48:03,925 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2020-07-29 00:48:03,930 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2020-07-29 00:48:03,930 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2020-07-29 00:48:03,934 INFO L275 PluginConnector]: TraceAbstraction initialized [2020-07-29 00:48:03,935 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 29.07 12:48:02" (1/3) ... [2020-07-29 00:48:03,936 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@64137fb4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 29.07 12:48:03, skipping insertion in model container [2020-07-29 00:48:03,936 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:48:02" (2/3) ... [2020-07-29 00:48:03,939 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@64137fb4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 29.07 12:48:03, skipping insertion in model container [2020-07-29 00:48:03,939 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 12:48:03" (3/3) ... [2020-07-29 00:48:03,941 INFO L109 eAbstractionObserver]: Analyzing ICFG cstrchr_unsafe.i [2020-07-29 00:48:03,954 INFO L157 ceAbstractionStarter]: Automizer settings: Hoare:false NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2020-07-29 00:48:03,968 INFO L169 ceAbstractionStarter]: Appying trace abstraction to program that has 16 error locations. [2020-07-29 00:48:03,985 INFO L251 AbstractCegarLoop]: Starting to check reachability of 16 error locations. [2020-07-29 00:48:04,018 INFO L375 AbstractCegarLoop]: Interprodecural is true [2020-07-29 00:48:04,019 INFO L376 AbstractCegarLoop]: Hoare is false [2020-07-29 00:48:04,019 INFO L377 AbstractCegarLoop]: Compute interpolants for FPandBP [2020-07-29 00:48:04,019 INFO L378 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2020-07-29 00:48:04,020 INFO L379 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2020-07-29 00:48:04,020 INFO L380 AbstractCegarLoop]: Difference is false [2020-07-29 00:48:04,020 INFO L381 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2020-07-29 00:48:04,020 INFO L385 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2020-07-29 00:48:04,038 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states. [2020-07-29 00:48:04,049 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2020-07-29 00:48:04,049 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:04,051 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:04,051 INFO L427 AbstractCegarLoop]: === Iteration 1 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:04,058 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:04,059 INFO L82 PathProgramCache]: Analyzing trace with hash 1524183926, now seen corresponding path program 1 times [2020-07-29 00:48:04,070 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:04,071 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [435905614] [2020-07-29 00:48:04,071 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:04,184 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:04,268 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:04,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:04,288 INFO L280 TraceCheckUtils]: 0: Hoare triple {64#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {59#true} is VALID [2020-07-29 00:48:04,289 INFO L280 TraceCheckUtils]: 1: Hoare triple {59#true} assume true; {59#true} is VALID [2020-07-29 00:48:04,290 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {59#true} {59#true} #103#return; {59#true} is VALID [2020-07-29 00:48:04,293 INFO L263 TraceCheckUtils]: 0: Hoare triple {59#true} call ULTIMATE.init(); {64#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:04,294 INFO L280 TraceCheckUtils]: 1: Hoare triple {64#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {59#true} is VALID [2020-07-29 00:48:04,294 INFO L280 TraceCheckUtils]: 2: Hoare triple {59#true} assume true; {59#true} is VALID [2020-07-29 00:48:04,295 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {59#true} {59#true} #103#return; {59#true} is VALID [2020-07-29 00:48:04,295 INFO L263 TraceCheckUtils]: 4: Hoare triple {59#true} call #t~ret16 := main(); {59#true} is VALID [2020-07-29 00:48:04,296 INFO L263 TraceCheckUtils]: 5: Hoare triple {59#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {59#true} is VALID [2020-07-29 00:48:04,296 INFO L280 TraceCheckUtils]: 6: Hoare triple {59#true} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {59#true} is VALID [2020-07-29 00:48:04,297 INFO L280 TraceCheckUtils]: 7: Hoare triple {59#true} assume ~length~0 < 1;~length~0 := 1; {59#true} is VALID [2020-07-29 00:48:04,297 INFO L280 TraceCheckUtils]: 8: Hoare triple {59#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {59#true} is VALID [2020-07-29 00:48:04,298 INFO L280 TraceCheckUtils]: 9: Hoare triple {59#true} assume !true; {60#false} is VALID [2020-07-29 00:48:04,299 INFO L280 TraceCheckUtils]: 10: Hoare triple {60#false} assume !(1 == #valid[~nondetString~0.base]); {60#false} is VALID [2020-07-29 00:48:04,300 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:04,301 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [435905614] [2020-07-29 00:48:04,303 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:04,303 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2020-07-29 00:48:04,304 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [182390523] [2020-07-29 00:48:04,312 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 11 [2020-07-29 00:48:04,315 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:04,320 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2020-07-29 00:48:04,345 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 11 edges. 11 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:04,345 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2020-07-29 00:48:04,346 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:04,356 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2020-07-29 00:48:04,357 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2020-07-29 00:48:04,359 INFO L87 Difference]: Start difference. First operand 56 states. Second operand 3 states. [2020-07-29 00:48:04,603 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:04,603 INFO L93 Difference]: Finished difference Result 56 states and 60 transitions. [2020-07-29 00:48:04,604 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2020-07-29 00:48:04,604 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 11 [2020-07-29 00:48:04,605 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:04,606 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2020-07-29 00:48:04,624 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 62 transitions. [2020-07-29 00:48:04,624 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2020-07-29 00:48:04,628 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 62 transitions. [2020-07-29 00:48:04,629 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 62 transitions. [2020-07-29 00:48:04,742 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 62 edges. 62 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:04,758 INFO L225 Difference]: With dead ends: 56 [2020-07-29 00:48:04,759 INFO L226 Difference]: Without dead ends: 53 [2020-07-29 00:48:04,761 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2020-07-29 00:48:04,781 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 53 states. [2020-07-29 00:48:04,798 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 53 to 53. [2020-07-29 00:48:04,798 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:04,799 INFO L82 GeneralOperation]: Start isEquivalent. First operand 53 states. Second operand 53 states. [2020-07-29 00:48:04,800 INFO L74 IsIncluded]: Start isIncluded. First operand 53 states. Second operand 53 states. [2020-07-29 00:48:04,800 INFO L87 Difference]: Start difference. First operand 53 states. Second operand 53 states. [2020-07-29 00:48:04,806 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:04,807 INFO L93 Difference]: Finished difference Result 53 states and 57 transitions. [2020-07-29 00:48:04,807 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 57 transitions. [2020-07-29 00:48:04,808 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:04,809 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:04,809 INFO L74 IsIncluded]: Start isIncluded. First operand 53 states. Second operand 53 states. [2020-07-29 00:48:04,809 INFO L87 Difference]: Start difference. First operand 53 states. Second operand 53 states. [2020-07-29 00:48:04,815 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:04,816 INFO L93 Difference]: Finished difference Result 53 states and 57 transitions. [2020-07-29 00:48:04,816 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 57 transitions. [2020-07-29 00:48:04,817 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:04,817 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:04,818 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:04,818 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:04,818 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 53 states. [2020-07-29 00:48:04,822 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 53 states to 53 states and 57 transitions. [2020-07-29 00:48:04,824 INFO L78 Accepts]: Start accepts. Automaton has 53 states and 57 transitions. Word has length 11 [2020-07-29 00:48:04,825 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:04,825 INFO L479 AbstractCegarLoop]: Abstraction has 53 states and 57 transitions. [2020-07-29 00:48:04,825 INFO L480 AbstractCegarLoop]: Interpolant automaton has 3 states. [2020-07-29 00:48:04,825 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 57 transitions. [2020-07-29 00:48:04,826 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2020-07-29 00:48:04,826 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:04,827 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:04,827 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2020-07-29 00:48:04,827 INFO L427 AbstractCegarLoop]: === Iteration 2 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:04,828 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:04,828 INFO L82 PathProgramCache]: Analyzing trace with hash 1524183616, now seen corresponding path program 1 times [2020-07-29 00:48:04,828 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:04,829 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [548601859] [2020-07-29 00:48:04,829 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:04,854 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:04,939 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:04,941 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:04,951 INFO L280 TraceCheckUtils]: 0: Hoare triple {288#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {282#true} is VALID [2020-07-29 00:48:04,951 INFO L280 TraceCheckUtils]: 1: Hoare triple {282#true} assume true; {282#true} is VALID [2020-07-29 00:48:04,951 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {282#true} {282#true} #103#return; {282#true} is VALID [2020-07-29 00:48:04,953 INFO L263 TraceCheckUtils]: 0: Hoare triple {282#true} call ULTIMATE.init(); {288#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:04,954 INFO L280 TraceCheckUtils]: 1: Hoare triple {288#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {282#true} is VALID [2020-07-29 00:48:04,954 INFO L280 TraceCheckUtils]: 2: Hoare triple {282#true} assume true; {282#true} is VALID [2020-07-29 00:48:04,955 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {282#true} {282#true} #103#return; {282#true} is VALID [2020-07-29 00:48:04,955 INFO L263 TraceCheckUtils]: 4: Hoare triple {282#true} call #t~ret16 := main(); {282#true} is VALID [2020-07-29 00:48:04,955 INFO L263 TraceCheckUtils]: 5: Hoare triple {282#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {282#true} is VALID [2020-07-29 00:48:04,956 INFO L280 TraceCheckUtils]: 6: Hoare triple {282#true} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {282#true} is VALID [2020-07-29 00:48:04,956 INFO L280 TraceCheckUtils]: 7: Hoare triple {282#true} assume ~length~0 < 1;~length~0 := 1; {282#true} is VALID [2020-07-29 00:48:04,958 INFO L280 TraceCheckUtils]: 8: Hoare triple {282#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {287#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} is VALID [2020-07-29 00:48:04,959 INFO L280 TraceCheckUtils]: 9: Hoare triple {287#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} assume !(~i~0 < ~length~0 - 1); {287#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} is VALID [2020-07-29 00:48:04,960 INFO L280 TraceCheckUtils]: 10: Hoare triple {287#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} assume !(1 == #valid[~nondetString~0.base]); {283#false} is VALID [2020-07-29 00:48:04,961 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:04,962 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [548601859] [2020-07-29 00:48:04,962 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:04,962 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2020-07-29 00:48:04,963 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1176854663] [2020-07-29 00:48:04,964 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 11 [2020-07-29 00:48:04,965 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:04,965 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2020-07-29 00:48:04,982 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 11 edges. 11 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:04,983 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2020-07-29 00:48:04,983 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:04,983 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2020-07-29 00:48:04,984 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-29 00:48:04,984 INFO L87 Difference]: Start difference. First operand 53 states and 57 transitions. Second operand 4 states. [2020-07-29 00:48:05,292 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:05,292 INFO L93 Difference]: Finished difference Result 51 states and 55 transitions. [2020-07-29 00:48:05,292 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2020-07-29 00:48:05,292 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 11 [2020-07-29 00:48:05,293 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:05,293 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-29 00:48:05,297 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 57 transitions. [2020-07-29 00:48:05,297 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-29 00:48:05,300 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 57 transitions. [2020-07-29 00:48:05,300 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 57 transitions. [2020-07-29 00:48:05,390 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 57 edges. 57 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:05,392 INFO L225 Difference]: With dead ends: 51 [2020-07-29 00:48:05,392 INFO L226 Difference]: Without dead ends: 51 [2020-07-29 00:48:05,393 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-29 00:48:05,394 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 51 states. [2020-07-29 00:48:05,398 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 51 to 51. [2020-07-29 00:48:05,398 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:05,398 INFO L82 GeneralOperation]: Start isEquivalent. First operand 51 states. Second operand 51 states. [2020-07-29 00:48:05,398 INFO L74 IsIncluded]: Start isIncluded. First operand 51 states. Second operand 51 states. [2020-07-29 00:48:05,398 INFO L87 Difference]: Start difference. First operand 51 states. Second operand 51 states. [2020-07-29 00:48:05,402 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:05,402 INFO L93 Difference]: Finished difference Result 51 states and 55 transitions. [2020-07-29 00:48:05,405 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 55 transitions. [2020-07-29 00:48:05,406 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:05,406 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:05,407 INFO L74 IsIncluded]: Start isIncluded. First operand 51 states. Second operand 51 states. [2020-07-29 00:48:05,407 INFO L87 Difference]: Start difference. First operand 51 states. Second operand 51 states. [2020-07-29 00:48:05,413 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:05,413 INFO L93 Difference]: Finished difference Result 51 states and 55 transitions. [2020-07-29 00:48:05,413 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 55 transitions. [2020-07-29 00:48:05,414 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:05,414 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:05,415 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:05,415 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:05,415 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 51 states. [2020-07-29 00:48:05,418 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 51 states to 51 states and 55 transitions. [2020-07-29 00:48:05,419 INFO L78 Accepts]: Start accepts. Automaton has 51 states and 55 transitions. Word has length 11 [2020-07-29 00:48:05,419 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:05,419 INFO L479 AbstractCegarLoop]: Abstraction has 51 states and 55 transitions. [2020-07-29 00:48:05,419 INFO L480 AbstractCegarLoop]: Interpolant automaton has 4 states. [2020-07-29 00:48:05,420 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 55 transitions. [2020-07-29 00:48:05,420 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2020-07-29 00:48:05,420 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:05,421 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:05,421 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2020-07-29 00:48:05,421 INFO L427 AbstractCegarLoop]: === Iteration 3 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:05,422 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:05,422 INFO L82 PathProgramCache]: Analyzing trace with hash 1524183617, now seen corresponding path program 1 times [2020-07-29 00:48:05,422 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:05,423 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [172612749] [2020-07-29 00:48:05,423 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:05,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:05,519 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:05,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:05,527 INFO L280 TraceCheckUtils]: 0: Hoare triple {502#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {495#true} is VALID [2020-07-29 00:48:05,527 INFO L280 TraceCheckUtils]: 1: Hoare triple {495#true} assume true; {495#true} is VALID [2020-07-29 00:48:05,528 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {495#true} {495#true} #103#return; {495#true} is VALID [2020-07-29 00:48:05,529 INFO L263 TraceCheckUtils]: 0: Hoare triple {495#true} call ULTIMATE.init(); {502#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:05,529 INFO L280 TraceCheckUtils]: 1: Hoare triple {502#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {495#true} is VALID [2020-07-29 00:48:05,530 INFO L280 TraceCheckUtils]: 2: Hoare triple {495#true} assume true; {495#true} is VALID [2020-07-29 00:48:05,530 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {495#true} {495#true} #103#return; {495#true} is VALID [2020-07-29 00:48:05,531 INFO L263 TraceCheckUtils]: 4: Hoare triple {495#true} call #t~ret16 := main(); {495#true} is VALID [2020-07-29 00:48:05,531 INFO L263 TraceCheckUtils]: 5: Hoare triple {495#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {495#true} is VALID [2020-07-29 00:48:05,531 INFO L280 TraceCheckUtils]: 6: Hoare triple {495#true} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {495#true} is VALID [2020-07-29 00:48:05,532 INFO L280 TraceCheckUtils]: 7: Hoare triple {495#true} assume ~length~0 < 1;~length~0 := 1; {500#(<= 1 build_nondet_String_~length~0)} is VALID [2020-07-29 00:48:05,534 INFO L280 TraceCheckUtils]: 8: Hoare triple {500#(<= 1 build_nondet_String_~length~0)} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {501#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:05,535 INFO L280 TraceCheckUtils]: 9: Hoare triple {501#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} assume !(~i~0 < ~length~0 - 1); {501#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:05,536 INFO L280 TraceCheckUtils]: 10: Hoare triple {501#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} assume !(1 + (~nondetString~0.offset + (~length~0 - 1)) <= #length[~nondetString~0.base] && 0 <= ~nondetString~0.offset + (~length~0 - 1)); {496#false} is VALID [2020-07-29 00:48:05,537 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:05,538 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [172612749] [2020-07-29 00:48:05,538 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:05,538 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2020-07-29 00:48:05,539 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1902373151] [2020-07-29 00:48:05,539 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 11 [2020-07-29 00:48:05,540 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:05,540 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2020-07-29 00:48:05,557 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 11 edges. 11 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:05,558 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2020-07-29 00:48:05,558 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:05,558 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2020-07-29 00:48:05,559 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2020-07-29 00:48:05,559 INFO L87 Difference]: Start difference. First operand 51 states and 55 transitions. Second operand 5 states. [2020-07-29 00:48:05,843 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:05,843 INFO L93 Difference]: Finished difference Result 50 states and 54 transitions. [2020-07-29 00:48:05,843 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2020-07-29 00:48:05,844 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 11 [2020-07-29 00:48:05,844 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:05,844 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:48:05,848 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 55 transitions. [2020-07-29 00:48:05,848 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:48:05,851 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 55 transitions. [2020-07-29 00:48:05,851 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 55 transitions. [2020-07-29 00:48:05,945 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 55 edges. 55 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:05,947 INFO L225 Difference]: With dead ends: 50 [2020-07-29 00:48:05,947 INFO L226 Difference]: Without dead ends: 50 [2020-07-29 00:48:05,947 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=12, Invalid=18, Unknown=0, NotChecked=0, Total=30 [2020-07-29 00:48:05,948 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 50 states. [2020-07-29 00:48:05,952 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 50 to 50. [2020-07-29 00:48:05,953 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:05,953 INFO L82 GeneralOperation]: Start isEquivalent. First operand 50 states. Second operand 50 states. [2020-07-29 00:48:05,953 INFO L74 IsIncluded]: Start isIncluded. First operand 50 states. Second operand 50 states. [2020-07-29 00:48:05,953 INFO L87 Difference]: Start difference. First operand 50 states. Second operand 50 states. [2020-07-29 00:48:05,957 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:05,957 INFO L93 Difference]: Finished difference Result 50 states and 54 transitions. [2020-07-29 00:48:05,957 INFO L276 IsEmpty]: Start isEmpty. Operand 50 states and 54 transitions. [2020-07-29 00:48:05,958 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:05,959 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:05,959 INFO L74 IsIncluded]: Start isIncluded. First operand 50 states. Second operand 50 states. [2020-07-29 00:48:05,959 INFO L87 Difference]: Start difference. First operand 50 states. Second operand 50 states. [2020-07-29 00:48:05,963 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:05,964 INFO L93 Difference]: Finished difference Result 50 states and 54 transitions. [2020-07-29 00:48:05,964 INFO L276 IsEmpty]: Start isEmpty. Operand 50 states and 54 transitions. [2020-07-29 00:48:05,965 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:05,965 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:05,965 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:05,966 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:05,966 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 50 states. [2020-07-29 00:48:05,969 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 50 states to 50 states and 54 transitions. [2020-07-29 00:48:05,969 INFO L78 Accepts]: Start accepts. Automaton has 50 states and 54 transitions. Word has length 11 [2020-07-29 00:48:05,970 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:05,970 INFO L479 AbstractCegarLoop]: Abstraction has 50 states and 54 transitions. [2020-07-29 00:48:05,970 INFO L480 AbstractCegarLoop]: Interpolant automaton has 5 states. [2020-07-29 00:48:05,970 INFO L276 IsEmpty]: Start isEmpty. Operand 50 states and 54 transitions. [2020-07-29 00:48:05,971 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2020-07-29 00:48:05,971 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:05,971 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:05,972 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2020-07-29 00:48:05,972 INFO L427 AbstractCegarLoop]: === Iteration 4 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:05,973 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:05,973 INFO L82 PathProgramCache]: Analyzing trace with hash 1524183670, now seen corresponding path program 1 times [2020-07-29 00:48:05,973 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:05,974 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2069335347] [2020-07-29 00:48:05,974 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:05,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:06,054 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:06,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:06,072 INFO L280 TraceCheckUtils]: 0: Hoare triple {714#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {707#true} is VALID [2020-07-29 00:48:06,072 INFO L280 TraceCheckUtils]: 1: Hoare triple {707#true} assume true; {707#true} is VALID [2020-07-29 00:48:06,072 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {707#true} {707#true} #103#return; {707#true} is VALID [2020-07-29 00:48:06,074 INFO L263 TraceCheckUtils]: 0: Hoare triple {707#true} call ULTIMATE.init(); {714#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:06,074 INFO L280 TraceCheckUtils]: 1: Hoare triple {714#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {707#true} is VALID [2020-07-29 00:48:06,075 INFO L280 TraceCheckUtils]: 2: Hoare triple {707#true} assume true; {707#true} is VALID [2020-07-29 00:48:06,075 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {707#true} {707#true} #103#return; {707#true} is VALID [2020-07-29 00:48:06,075 INFO L263 TraceCheckUtils]: 4: Hoare triple {707#true} call #t~ret16 := main(); {707#true} is VALID [2020-07-29 00:48:06,076 INFO L263 TraceCheckUtils]: 5: Hoare triple {707#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {707#true} is VALID [2020-07-29 00:48:06,076 INFO L280 TraceCheckUtils]: 6: Hoare triple {707#true} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {707#true} is VALID [2020-07-29 00:48:06,080 INFO L280 TraceCheckUtils]: 7: Hoare triple {707#true} assume ~length~0 < 1;~length~0 := 1; {712#(<= build_nondet_String_~length~0 1)} is VALID [2020-07-29 00:48:06,081 INFO L280 TraceCheckUtils]: 8: Hoare triple {712#(<= build_nondet_String_~length~0 1)} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {713#(and (<= build_nondet_String_~length~0 1) (= 0 build_nondet_String_~i~0))} is VALID [2020-07-29 00:48:06,082 INFO L280 TraceCheckUtils]: 9: Hoare triple {713#(and (<= build_nondet_String_~length~0 1) (= 0 build_nondet_String_~i~0))} assume !!(~i~0 < ~length~0 - 1);assume -128 <= #t~nondet5 && #t~nondet5 <= 127; {708#false} is VALID [2020-07-29 00:48:06,083 INFO L280 TraceCheckUtils]: 10: Hoare triple {708#false} assume !(1 + (~nondetString~0.offset + ~i~0) <= #length[~nondetString~0.base] && 0 <= ~nondetString~0.offset + ~i~0); {708#false} is VALID [2020-07-29 00:48:06,083 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:06,084 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2069335347] [2020-07-29 00:48:06,084 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:06,085 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2020-07-29 00:48:06,086 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [307491122] [2020-07-29 00:48:06,086 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 11 [2020-07-29 00:48:06,086 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:06,086 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2020-07-29 00:48:06,102 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 11 edges. 11 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:06,103 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2020-07-29 00:48:06,103 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:06,104 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2020-07-29 00:48:06,104 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2020-07-29 00:48:06,104 INFO L87 Difference]: Start difference. First operand 50 states and 54 transitions. Second operand 5 states. [2020-07-29 00:48:06,411 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:06,411 INFO L93 Difference]: Finished difference Result 56 states and 60 transitions. [2020-07-29 00:48:06,412 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2020-07-29 00:48:06,412 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 11 [2020-07-29 00:48:06,412 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:06,412 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:48:06,416 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 61 transitions. [2020-07-29 00:48:06,416 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:48:06,418 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 61 transitions. [2020-07-29 00:48:06,419 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 61 transitions. [2020-07-29 00:48:06,495 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 61 edges. 61 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:06,498 INFO L225 Difference]: With dead ends: 56 [2020-07-29 00:48:06,498 INFO L226 Difference]: Without dead ends: 56 [2020-07-29 00:48:06,499 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=12, Invalid=18, Unknown=0, NotChecked=0, Total=30 [2020-07-29 00:48:06,499 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 56 states. [2020-07-29 00:48:06,505 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 56 to 52. [2020-07-29 00:48:06,507 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:06,507 INFO L82 GeneralOperation]: Start isEquivalent. First operand 56 states. Second operand 52 states. [2020-07-29 00:48:06,507 INFO L74 IsIncluded]: Start isIncluded. First operand 56 states. Second operand 52 states. [2020-07-29 00:48:06,507 INFO L87 Difference]: Start difference. First operand 56 states. Second operand 52 states. [2020-07-29 00:48:06,512 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:06,512 INFO L93 Difference]: Finished difference Result 56 states and 60 transitions. [2020-07-29 00:48:06,512 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 60 transitions. [2020-07-29 00:48:06,515 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:06,517 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:06,517 INFO L74 IsIncluded]: Start isIncluded. First operand 52 states. Second operand 56 states. [2020-07-29 00:48:06,517 INFO L87 Difference]: Start difference. First operand 52 states. Second operand 56 states. [2020-07-29 00:48:06,521 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:06,522 INFO L93 Difference]: Finished difference Result 56 states and 60 transitions. [2020-07-29 00:48:06,522 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 60 transitions. [2020-07-29 00:48:06,523 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:06,523 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:06,524 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:06,524 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:06,524 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 52 states. [2020-07-29 00:48:06,531 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 52 states to 52 states and 56 transitions. [2020-07-29 00:48:06,531 INFO L78 Accepts]: Start accepts. Automaton has 52 states and 56 transitions. Word has length 11 [2020-07-29 00:48:06,531 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:06,532 INFO L479 AbstractCegarLoop]: Abstraction has 52 states and 56 transitions. [2020-07-29 00:48:06,532 INFO L480 AbstractCegarLoop]: Interpolant automaton has 5 states. [2020-07-29 00:48:06,532 INFO L276 IsEmpty]: Start isEmpty. Operand 52 states and 56 transitions. [2020-07-29 00:48:06,533 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2020-07-29 00:48:06,533 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:06,533 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:06,533 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2020-07-29 00:48:06,534 INFO L427 AbstractCegarLoop]: === Iteration 5 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:06,534 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:06,534 INFO L82 PathProgramCache]: Analyzing trace with hash 1524243252, now seen corresponding path program 1 times [2020-07-29 00:48:06,535 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:06,535 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [227612902] [2020-07-29 00:48:06,535 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:06,562 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:06,656 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:06,658 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:06,663 INFO L280 TraceCheckUtils]: 0: Hoare triple {946#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {939#true} is VALID [2020-07-29 00:48:06,663 INFO L280 TraceCheckUtils]: 1: Hoare triple {939#true} assume true; {939#true} is VALID [2020-07-29 00:48:06,664 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {939#true} {939#true} #103#return; {939#true} is VALID [2020-07-29 00:48:06,665 INFO L263 TraceCheckUtils]: 0: Hoare triple {939#true} call ULTIMATE.init(); {946#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:06,665 INFO L280 TraceCheckUtils]: 1: Hoare triple {946#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {939#true} is VALID [2020-07-29 00:48:06,666 INFO L280 TraceCheckUtils]: 2: Hoare triple {939#true} assume true; {939#true} is VALID [2020-07-29 00:48:06,666 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {939#true} {939#true} #103#return; {939#true} is VALID [2020-07-29 00:48:06,666 INFO L263 TraceCheckUtils]: 4: Hoare triple {939#true} call #t~ret16 := main(); {939#true} is VALID [2020-07-29 00:48:06,667 INFO L263 TraceCheckUtils]: 5: Hoare triple {939#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {939#true} is VALID [2020-07-29 00:48:06,667 INFO L280 TraceCheckUtils]: 6: Hoare triple {939#true} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {939#true} is VALID [2020-07-29 00:48:06,667 INFO L280 TraceCheckUtils]: 7: Hoare triple {939#true} assume !(~length~0 < 1); {939#true} is VALID [2020-07-29 00:48:06,669 INFO L280 TraceCheckUtils]: 8: Hoare triple {939#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {944#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} is VALID [2020-07-29 00:48:06,670 INFO L280 TraceCheckUtils]: 9: Hoare triple {944#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} assume !!(~i~0 < ~length~0 - 1);assume -128 <= #t~nondet5 && #t~nondet5 <= 127; {945#(and (<= (+ build_nondet_String_~i~0 2) (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} is VALID [2020-07-29 00:48:06,672 INFO L280 TraceCheckUtils]: 10: Hoare triple {945#(and (<= (+ build_nondet_String_~i~0 2) (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} assume !(1 + (~nondetString~0.offset + ~i~0) <= #length[~nondetString~0.base] && 0 <= ~nondetString~0.offset + ~i~0); {940#false} is VALID [2020-07-29 00:48:06,672 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:06,673 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [227612902] [2020-07-29 00:48:06,673 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:06,673 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2020-07-29 00:48:06,674 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [37602661] [2020-07-29 00:48:06,674 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 11 [2020-07-29 00:48:06,674 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:06,674 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2020-07-29 00:48:06,688 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 11 edges. 11 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:06,688 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2020-07-29 00:48:06,688 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:06,689 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2020-07-29 00:48:06,689 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2020-07-29 00:48:06,689 INFO L87 Difference]: Start difference. First operand 52 states and 56 transitions. Second operand 5 states. [2020-07-29 00:48:07,078 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:07,078 INFO L93 Difference]: Finished difference Result 60 states and 65 transitions. [2020-07-29 00:48:07,078 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2020-07-29 00:48:07,079 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 11 [2020-07-29 00:48:07,079 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:07,079 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:48:07,082 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 64 transitions. [2020-07-29 00:48:07,082 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:48:07,085 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 64 transitions. [2020-07-29 00:48:07,085 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 64 transitions. [2020-07-29 00:48:07,167 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 64 edges. 64 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:07,170 INFO L225 Difference]: With dead ends: 60 [2020-07-29 00:48:07,170 INFO L226 Difference]: Without dead ends: 60 [2020-07-29 00:48:07,170 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2020-07-29 00:48:07,171 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 60 states. [2020-07-29 00:48:07,174 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 60 to 54. [2020-07-29 00:48:07,175 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:07,175 INFO L82 GeneralOperation]: Start isEquivalent. First operand 60 states. Second operand 54 states. [2020-07-29 00:48:07,175 INFO L74 IsIncluded]: Start isIncluded. First operand 60 states. Second operand 54 states. [2020-07-29 00:48:07,175 INFO L87 Difference]: Start difference. First operand 60 states. Second operand 54 states. [2020-07-29 00:48:07,178 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:07,178 INFO L93 Difference]: Finished difference Result 60 states and 65 transitions. [2020-07-29 00:48:07,178 INFO L276 IsEmpty]: Start isEmpty. Operand 60 states and 65 transitions. [2020-07-29 00:48:07,179 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:07,179 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:07,179 INFO L74 IsIncluded]: Start isIncluded. First operand 54 states. Second operand 60 states. [2020-07-29 00:48:07,179 INFO L87 Difference]: Start difference. First operand 54 states. Second operand 60 states. [2020-07-29 00:48:07,182 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:07,182 INFO L93 Difference]: Finished difference Result 60 states and 65 transitions. [2020-07-29 00:48:07,182 INFO L276 IsEmpty]: Start isEmpty. Operand 60 states and 65 transitions. [2020-07-29 00:48:07,183 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:07,183 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:07,183 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:07,183 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:07,183 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 54 states. [2020-07-29 00:48:07,185 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 54 states to 54 states and 59 transitions. [2020-07-29 00:48:07,186 INFO L78 Accepts]: Start accepts. Automaton has 54 states and 59 transitions. Word has length 11 [2020-07-29 00:48:07,186 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:07,186 INFO L479 AbstractCegarLoop]: Abstraction has 54 states and 59 transitions. [2020-07-29 00:48:07,186 INFO L480 AbstractCegarLoop]: Interpolant automaton has 5 states. [2020-07-29 00:48:07,186 INFO L276 IsEmpty]: Start isEmpty. Operand 54 states and 59 transitions. [2020-07-29 00:48:07,187 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 16 [2020-07-29 00:48:07,187 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:07,187 INFO L422 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:07,187 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2020-07-29 00:48:07,187 INFO L427 AbstractCegarLoop]: === Iteration 6 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:07,188 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:07,188 INFO L82 PathProgramCache]: Analyzing trace with hash -583933833, now seen corresponding path program 1 times [2020-07-29 00:48:07,188 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:07,188 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [69748567] [2020-07-29 00:48:07,188 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:07,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:07,283 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:07,284 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:07,291 INFO L280 TraceCheckUtils]: 0: Hoare triple {1193#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1185#true} is VALID [2020-07-29 00:48:07,292 INFO L280 TraceCheckUtils]: 1: Hoare triple {1185#true} assume true; {1185#true} is VALID [2020-07-29 00:48:07,292 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1185#true} {1185#true} #103#return; {1185#true} is VALID [2020-07-29 00:48:07,293 INFO L263 TraceCheckUtils]: 0: Hoare triple {1185#true} call ULTIMATE.init(); {1193#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:07,293 INFO L280 TraceCheckUtils]: 1: Hoare triple {1193#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1185#true} is VALID [2020-07-29 00:48:07,293 INFO L280 TraceCheckUtils]: 2: Hoare triple {1185#true} assume true; {1185#true} is VALID [2020-07-29 00:48:07,294 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1185#true} {1185#true} #103#return; {1185#true} is VALID [2020-07-29 00:48:07,294 INFO L263 TraceCheckUtils]: 4: Hoare triple {1185#true} call #t~ret16 := main(); {1185#true} is VALID [2020-07-29 00:48:07,294 INFO L263 TraceCheckUtils]: 5: Hoare triple {1185#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {1185#true} is VALID [2020-07-29 00:48:07,294 INFO L280 TraceCheckUtils]: 6: Hoare triple {1185#true} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {1185#true} is VALID [2020-07-29 00:48:07,295 INFO L280 TraceCheckUtils]: 7: Hoare triple {1185#true} assume !(~length~0 < 1); {1185#true} is VALID [2020-07-29 00:48:07,296 INFO L280 TraceCheckUtils]: 8: Hoare triple {1185#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {1190#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} is VALID [2020-07-29 00:48:07,297 INFO L280 TraceCheckUtils]: 9: Hoare triple {1190#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} assume !!(~i~0 < ~length~0 - 1);assume -128 <= #t~nondet5 && #t~nondet5 <= 127; {1190#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} is VALID [2020-07-29 00:48:07,298 INFO L280 TraceCheckUtils]: 10: Hoare triple {1190#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} SUMMARY for call write~int(#t~nondet5, ~nondetString~0.base, ~nondetString~0.offset + ~i~0, 1); srcloc: L523 {1190#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} is VALID [2020-07-29 00:48:07,299 INFO L280 TraceCheckUtils]: 11: Hoare triple {1190#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} havoc #t~nondet5; {1190#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} is VALID [2020-07-29 00:48:07,300 INFO L280 TraceCheckUtils]: 12: Hoare triple {1190#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset) (= 0 build_nondet_String_~i~0))} #t~post4 := ~i~0;~i~0 := 1 + #t~post4;havoc #t~post4; {1191#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~i~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:07,301 INFO L280 TraceCheckUtils]: 13: Hoare triple {1191#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~i~0) (= 0 build_nondet_String_~nondetString~0.offset))} assume !!(~i~0 < ~length~0 - 1);assume -128 <= #t~nondet5 && #t~nondet5 <= 127; {1192#(and (<= (+ build_nondet_String_~i~0 2) (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~i~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:07,302 INFO L280 TraceCheckUtils]: 14: Hoare triple {1192#(and (<= (+ build_nondet_String_~i~0 2) (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~i~0) (= 0 build_nondet_String_~nondetString~0.offset))} assume !(1 + (~nondetString~0.offset + ~i~0) <= #length[~nondetString~0.base] && 0 <= ~nondetString~0.offset + ~i~0); {1186#false} is VALID [2020-07-29 00:48:07,303 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:07,304 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [69748567] [2020-07-29 00:48:07,304 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [616944361] [2020-07-29 00:48:07,304 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:48:07,409 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:07,411 INFO L263 TraceCheckSpWp]: Trace formula consists of 69 conjuncts, 11 conjunts are in the unsatisfiable core [2020-07-29 00:48:07,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:07,429 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 00:48:07,519 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-29 00:48:07,520 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:48:07,528 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:48:07,529 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-29 00:48:07,529 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:13, output treesize:12 [2020-07-29 00:48:07,533 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:48:07,533 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#length_19|]. (and (<= 0 build_nondet_String_~i~0) (= 0 build_nondet_String_~nondetString~0.offset) (= |#length| (store |v_#length_19| build_nondet_String_~nondetString~0.base build_nondet_String_~length~0))) [2020-07-29 00:48:07,534 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (<= 0 build_nondet_String_~i~0) (= 0 build_nondet_String_~nondetString~0.offset) (= (select |#length| build_nondet_String_~nondetString~0.base) build_nondet_String_~length~0)) [2020-07-29 00:48:07,622 INFO L263 TraceCheckUtils]: 0: Hoare triple {1185#true} call ULTIMATE.init(); {1185#true} is VALID [2020-07-29 00:48:07,623 INFO L280 TraceCheckUtils]: 1: Hoare triple {1185#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1185#true} is VALID [2020-07-29 00:48:07,623 INFO L280 TraceCheckUtils]: 2: Hoare triple {1185#true} assume true; {1185#true} is VALID [2020-07-29 00:48:07,623 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1185#true} {1185#true} #103#return; {1185#true} is VALID [2020-07-29 00:48:07,623 INFO L263 TraceCheckUtils]: 4: Hoare triple {1185#true} call #t~ret16 := main(); {1185#true} is VALID [2020-07-29 00:48:07,624 INFO L263 TraceCheckUtils]: 5: Hoare triple {1185#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {1185#true} is VALID [2020-07-29 00:48:07,624 INFO L280 TraceCheckUtils]: 6: Hoare triple {1185#true} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {1185#true} is VALID [2020-07-29 00:48:07,625 INFO L280 TraceCheckUtils]: 7: Hoare triple {1185#true} assume !(~length~0 < 1); {1185#true} is VALID [2020-07-29 00:48:07,626 INFO L280 TraceCheckUtils]: 8: Hoare triple {1185#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {1221#(and (<= 0 build_nondet_String_~i~0) (= (select |#length| build_nondet_String_~nondetString~0.base) build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:07,628 INFO L280 TraceCheckUtils]: 9: Hoare triple {1221#(and (<= 0 build_nondet_String_~i~0) (= (select |#length| build_nondet_String_~nondetString~0.base) build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} assume !!(~i~0 < ~length~0 - 1);assume -128 <= #t~nondet5 && #t~nondet5 <= 127; {1221#(and (<= 0 build_nondet_String_~i~0) (= (select |#length| build_nondet_String_~nondetString~0.base) build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:07,629 INFO L280 TraceCheckUtils]: 10: Hoare triple {1221#(and (<= 0 build_nondet_String_~i~0) (= (select |#length| build_nondet_String_~nondetString~0.base) build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} SUMMARY for call write~int(#t~nondet5, ~nondetString~0.base, ~nondetString~0.offset + ~i~0, 1); srcloc: L523 {1221#(and (<= 0 build_nondet_String_~i~0) (= (select |#length| build_nondet_String_~nondetString~0.base) build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:07,631 INFO L280 TraceCheckUtils]: 11: Hoare triple {1221#(and (<= 0 build_nondet_String_~i~0) (= (select |#length| build_nondet_String_~nondetString~0.base) build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} havoc #t~nondet5; {1221#(and (<= 0 build_nondet_String_~i~0) (= (select |#length| build_nondet_String_~nondetString~0.base) build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:07,632 INFO L280 TraceCheckUtils]: 12: Hoare triple {1221#(and (<= 0 build_nondet_String_~i~0) (= (select |#length| build_nondet_String_~nondetString~0.base) build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} #t~post4 := ~i~0;~i~0 := 1 + #t~post4;havoc #t~post4; {1191#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~i~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:07,634 INFO L280 TraceCheckUtils]: 13: Hoare triple {1191#(and (= build_nondet_String_~length~0 (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~i~0) (= 0 build_nondet_String_~nondetString~0.offset))} assume !!(~i~0 < ~length~0 - 1);assume -128 <= #t~nondet5 && #t~nondet5 <= 127; {1192#(and (<= (+ build_nondet_String_~i~0 2) (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~i~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:07,635 INFO L280 TraceCheckUtils]: 14: Hoare triple {1192#(and (<= (+ build_nondet_String_~i~0 2) (select |#length| build_nondet_String_~nondetString~0.base)) (<= 1 build_nondet_String_~i~0) (= 0 build_nondet_String_~nondetString~0.offset))} assume !(1 + (~nondetString~0.offset + ~i~0) <= #length[~nondetString~0.base] && 0 <= ~nondetString~0.offset + ~i~0); {1186#false} is VALID [2020-07-29 00:48:07,636 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:07,637 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-29 00:48:07,637 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [5, 4] total 6 [2020-07-29 00:48:07,637 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [12524240] [2020-07-29 00:48:07,638 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 15 [2020-07-29 00:48:07,638 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:07,638 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states. [2020-07-29 00:48:07,665 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 22 edges. 22 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:07,666 INFO L459 AbstractCegarLoop]: Interpolant automaton has 7 states [2020-07-29 00:48:07,666 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:07,666 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2020-07-29 00:48:07,666 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2020-07-29 00:48:07,666 INFO L87 Difference]: Start difference. First operand 54 states and 59 transitions. Second operand 7 states. [2020-07-29 00:48:08,128 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:08,128 INFO L93 Difference]: Finished difference Result 59 states and 64 transitions. [2020-07-29 00:48:08,128 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2020-07-29 00:48:08,128 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 15 [2020-07-29 00:48:08,128 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:08,128 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 00:48:08,132 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 63 transitions. [2020-07-29 00:48:08,134 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 00:48:08,137 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 63 transitions. [2020-07-29 00:48:08,138 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 63 transitions. [2020-07-29 00:48:08,223 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 63 edges. 63 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:08,225 INFO L225 Difference]: With dead ends: 59 [2020-07-29 00:48:08,225 INFO L226 Difference]: Without dead ends: 59 [2020-07-29 00:48:08,226 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 21 GetRequests, 13 SyntacticMatches, 2 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=18, Invalid=38, Unknown=0, NotChecked=0, Total=56 [2020-07-29 00:48:08,226 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 59 states. [2020-07-29 00:48:08,229 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 59 to 51. [2020-07-29 00:48:08,230 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:08,230 INFO L82 GeneralOperation]: Start isEquivalent. First operand 59 states. Second operand 51 states. [2020-07-29 00:48:08,230 INFO L74 IsIncluded]: Start isIncluded. First operand 59 states. Second operand 51 states. [2020-07-29 00:48:08,230 INFO L87 Difference]: Start difference. First operand 59 states. Second operand 51 states. [2020-07-29 00:48:08,233 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:08,233 INFO L93 Difference]: Finished difference Result 59 states and 64 transitions. [2020-07-29 00:48:08,233 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 64 transitions. [2020-07-29 00:48:08,234 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:08,234 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:08,234 INFO L74 IsIncluded]: Start isIncluded. First operand 51 states. Second operand 59 states. [2020-07-29 00:48:08,234 INFO L87 Difference]: Start difference. First operand 51 states. Second operand 59 states. [2020-07-29 00:48:08,237 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:08,237 INFO L93 Difference]: Finished difference Result 59 states and 64 transitions. [2020-07-29 00:48:08,238 INFO L276 IsEmpty]: Start isEmpty. Operand 59 states and 64 transitions. [2020-07-29 00:48:08,238 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:08,238 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:08,238 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:08,239 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:08,239 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 51 states. [2020-07-29 00:48:08,240 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 51 states to 51 states and 55 transitions. [2020-07-29 00:48:08,241 INFO L78 Accepts]: Start accepts. Automaton has 51 states and 55 transitions. Word has length 15 [2020-07-29 00:48:08,241 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:08,241 INFO L479 AbstractCegarLoop]: Abstraction has 51 states and 55 transitions. [2020-07-29 00:48:08,241 INFO L480 AbstractCegarLoop]: Interpolant automaton has 7 states. [2020-07-29 00:48:08,242 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 55 transitions. [2020-07-29 00:48:08,242 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 19 [2020-07-29 00:48:08,242 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:08,242 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:08,457 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable5 [2020-07-29 00:48:08,458 INFO L427 AbstractCegarLoop]: === Iteration 7 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:08,458 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:08,458 INFO L82 PathProgramCache]: Analyzing trace with hash -269979680, now seen corresponding path program 1 times [2020-07-29 00:48:08,458 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:08,459 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [627524052] [2020-07-29 00:48:08,459 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:08,471 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:08,530 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:08,531 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:08,535 INFO L280 TraceCheckUtils]: 0: Hoare triple {1486#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1469#true} is VALID [2020-07-29 00:48:08,535 INFO L280 TraceCheckUtils]: 1: Hoare triple {1469#true} assume true; {1469#true} is VALID [2020-07-29 00:48:08,536 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1469#true} {1469#true} #103#return; {1469#true} is VALID [2020-07-29 00:48:08,551 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2020-07-29 00:48:08,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:08,593 INFO L280 TraceCheckUtils]: 0: Hoare triple {1487#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {1469#true} is VALID [2020-07-29 00:48:08,593 INFO L280 TraceCheckUtils]: 1: Hoare triple {1469#true} assume ~length~0 < 1;~length~0 := 1; {1469#true} is VALID [2020-07-29 00:48:08,594 INFO L280 TraceCheckUtils]: 2: Hoare triple {1469#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {1469#true} is VALID [2020-07-29 00:48:08,594 INFO L280 TraceCheckUtils]: 3: Hoare triple {1469#true} assume !(~i~0 < ~length~0 - 1); {1469#true} is VALID [2020-07-29 00:48:08,595 INFO L280 TraceCheckUtils]: 4: Hoare triple {1469#true} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {1488#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} is VALID [2020-07-29 00:48:08,596 INFO L280 TraceCheckUtils]: 5: Hoare triple {1488#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {1489#(= 1 (select |#valid| |build_nondet_String_#res.base|))} is VALID [2020-07-29 00:48:08,596 INFO L280 TraceCheckUtils]: 6: Hoare triple {1489#(= 1 (select |#valid| |build_nondet_String_#res.base|))} assume true; {1489#(= 1 (select |#valid| |build_nondet_String_#res.base|))} is VALID [2020-07-29 00:48:08,598 INFO L275 TraceCheckUtils]: 7: Hoare quadruple {1489#(= 1 (select |#valid| |build_nondet_String_#res.base|))} {1469#true} #99#return; {1482#(= 1 (select |#valid| |main_#t~ret12.base|))} is VALID [2020-07-29 00:48:08,599 INFO L263 TraceCheckUtils]: 0: Hoare triple {1469#true} call ULTIMATE.init(); {1486#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:08,599 INFO L280 TraceCheckUtils]: 1: Hoare triple {1486#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1469#true} is VALID [2020-07-29 00:48:08,599 INFO L280 TraceCheckUtils]: 2: Hoare triple {1469#true} assume true; {1469#true} is VALID [2020-07-29 00:48:08,599 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1469#true} {1469#true} #103#return; {1469#true} is VALID [2020-07-29 00:48:08,600 INFO L263 TraceCheckUtils]: 4: Hoare triple {1469#true} call #t~ret16 := main(); {1469#true} is VALID [2020-07-29 00:48:08,601 INFO L263 TraceCheckUtils]: 5: Hoare triple {1469#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {1487#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} is VALID [2020-07-29 00:48:08,601 INFO L280 TraceCheckUtils]: 6: Hoare triple {1487#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {1469#true} is VALID [2020-07-29 00:48:08,601 INFO L280 TraceCheckUtils]: 7: Hoare triple {1469#true} assume ~length~0 < 1;~length~0 := 1; {1469#true} is VALID [2020-07-29 00:48:08,601 INFO L280 TraceCheckUtils]: 8: Hoare triple {1469#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {1469#true} is VALID [2020-07-29 00:48:08,602 INFO L280 TraceCheckUtils]: 9: Hoare triple {1469#true} assume !(~i~0 < ~length~0 - 1); {1469#true} is VALID [2020-07-29 00:48:08,603 INFO L280 TraceCheckUtils]: 10: Hoare triple {1469#true} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {1488#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} is VALID [2020-07-29 00:48:08,604 INFO L280 TraceCheckUtils]: 11: Hoare triple {1488#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {1489#(= 1 (select |#valid| |build_nondet_String_#res.base|))} is VALID [2020-07-29 00:48:08,604 INFO L280 TraceCheckUtils]: 12: Hoare triple {1489#(= 1 (select |#valid| |build_nondet_String_#res.base|))} assume true; {1489#(= 1 (select |#valid| |build_nondet_String_#res.base|))} is VALID [2020-07-29 00:48:08,605 INFO L275 TraceCheckUtils]: 13: Hoare quadruple {1489#(= 1 (select |#valid| |build_nondet_String_#res.base|))} {1469#true} #99#return; {1482#(= 1 (select |#valid| |main_#t~ret12.base|))} is VALID [2020-07-29 00:48:08,606 INFO L280 TraceCheckUtils]: 14: Hoare triple {1482#(= 1 (select |#valid| |main_#t~ret12.base|))} ~s~0.base, ~s~0.offset := #t~ret12.base, #t~ret12.offset;havoc #t~ret12.base, #t~ret12.offset;assume -2147483648 <= #t~nondet13 && #t~nondet13 <= 2147483647; {1483#(= 1 (select |#valid| main_~s~0.base))} is VALID [2020-07-29 00:48:08,608 INFO L263 TraceCheckUtils]: 15: Hoare triple {1483#(= 1 (select |#valid| main_~s~0.base))} call #t~ret14.base, #t~ret14.offset := cstrchr(~s~0.base, ~s~0.offset, #t~nondet13); {1484#(= 1 (select |#valid| |cstrchr_#in~s.base|))} is VALID [2020-07-29 00:48:08,608 INFO L280 TraceCheckUtils]: 16: Hoare triple {1484#(= 1 (select |#valid| |cstrchr_#in~s.base|))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~c := #in~c; {1485#(= 1 (select |#valid| cstrchr_~s.base))} is VALID [2020-07-29 00:48:08,609 INFO L280 TraceCheckUtils]: 17: Hoare triple {1485#(= 1 (select |#valid| cstrchr_~s.base))} assume !(1 == #valid[~s.base]); {1470#false} is VALID [2020-07-29 00:48:08,610 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:08,610 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [627524052] [2020-07-29 00:48:08,611 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:08,611 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2020-07-29 00:48:08,611 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [159597948] [2020-07-29 00:48:08,611 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 18 [2020-07-29 00:48:08,612 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:08,612 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states. [2020-07-29 00:48:08,633 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 18 edges. 18 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:08,633 INFO L459 AbstractCegarLoop]: Interpolant automaton has 10 states [2020-07-29 00:48:08,633 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:08,633 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2020-07-29 00:48:08,634 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2020-07-29 00:48:08,634 INFO L87 Difference]: Start difference. First operand 51 states and 55 transitions. Second operand 10 states. [2020-07-29 00:48:09,580 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:09,581 INFO L93 Difference]: Finished difference Result 47 states and 51 transitions. [2020-07-29 00:48:09,581 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2020-07-29 00:48:09,581 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 18 [2020-07-29 00:48:09,584 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:09,584 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-29 00:48:09,588 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 53 transitions. [2020-07-29 00:48:09,588 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-29 00:48:09,596 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 53 transitions. [2020-07-29 00:48:09,596 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 53 transitions. [2020-07-29 00:48:09,667 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 53 edges. 53 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:09,668 INFO L225 Difference]: With dead ends: 47 [2020-07-29 00:48:09,669 INFO L226 Difference]: Without dead ends: 47 [2020-07-29 00:48:09,669 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=39, Invalid=143, Unknown=0, NotChecked=0, Total=182 [2020-07-29 00:48:09,670 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 47 states. [2020-07-29 00:48:09,672 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 47 to 47. [2020-07-29 00:48:09,672 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:09,672 INFO L82 GeneralOperation]: Start isEquivalent. First operand 47 states. Second operand 47 states. [2020-07-29 00:48:09,675 INFO L74 IsIncluded]: Start isIncluded. First operand 47 states. Second operand 47 states. [2020-07-29 00:48:09,675 INFO L87 Difference]: Start difference. First operand 47 states. Second operand 47 states. [2020-07-29 00:48:09,677 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:09,677 INFO L93 Difference]: Finished difference Result 47 states and 51 transitions. [2020-07-29 00:48:09,677 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 51 transitions. [2020-07-29 00:48:09,677 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:09,677 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:09,678 INFO L74 IsIncluded]: Start isIncluded. First operand 47 states. Second operand 47 states. [2020-07-29 00:48:09,678 INFO L87 Difference]: Start difference. First operand 47 states. Second operand 47 states. [2020-07-29 00:48:09,680 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:09,680 INFO L93 Difference]: Finished difference Result 47 states and 51 transitions. [2020-07-29 00:48:09,680 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 51 transitions. [2020-07-29 00:48:09,681 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:09,681 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:09,681 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:09,681 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:09,681 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 47 states. [2020-07-29 00:48:09,684 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 47 states to 47 states and 51 transitions. [2020-07-29 00:48:09,684 INFO L78 Accepts]: Start accepts. Automaton has 47 states and 51 transitions. Word has length 18 [2020-07-29 00:48:09,686 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:09,687 INFO L479 AbstractCegarLoop]: Abstraction has 47 states and 51 transitions. [2020-07-29 00:48:09,687 INFO L480 AbstractCegarLoop]: Interpolant automaton has 10 states. [2020-07-29 00:48:09,687 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 51 transitions. [2020-07-29 00:48:09,687 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 19 [2020-07-29 00:48:09,688 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:09,688 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:09,688 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2020-07-29 00:48:09,688 INFO L427 AbstractCegarLoop]: === Iteration 8 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:09,689 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:09,689 INFO L82 PathProgramCache]: Analyzing trace with hash -269979679, now seen corresponding path program 1 times [2020-07-29 00:48:09,689 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:09,690 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1797530187] [2020-07-29 00:48:09,690 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:09,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:09,830 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:09,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:09,838 INFO L280 TraceCheckUtils]: 0: Hoare triple {1706#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1689#true} is VALID [2020-07-29 00:48:09,839 INFO L280 TraceCheckUtils]: 1: Hoare triple {1689#true} assume true; {1689#true} is VALID [2020-07-29 00:48:09,839 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1689#true} {1689#true} #103#return; {1689#true} is VALID [2020-07-29 00:48:09,854 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2020-07-29 00:48:09,863 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:09,961 INFO L280 TraceCheckUtils]: 0: Hoare triple {1707#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {1689#true} is VALID [2020-07-29 00:48:09,962 INFO L280 TraceCheckUtils]: 1: Hoare triple {1689#true} assume ~length~0 < 1;~length~0 := 1; {1708#(<= 1 build_nondet_String_~length~0)} is VALID [2020-07-29 00:48:09,964 INFO L280 TraceCheckUtils]: 2: Hoare triple {1708#(<= 1 build_nondet_String_~length~0)} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:09,964 INFO L280 TraceCheckUtils]: 3: Hoare triple {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} assume !(~i~0 < ~length~0 - 1); {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:09,965 INFO L280 TraceCheckUtils]: 4: Hoare triple {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:09,966 INFO L280 TraceCheckUtils]: 5: Hoare triple {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {1710#(and (<= 1 (select |#length| |build_nondet_String_#res.base|)) (= 0 |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:09,966 INFO L280 TraceCheckUtils]: 6: Hoare triple {1710#(and (<= 1 (select |#length| |build_nondet_String_#res.base|)) (= 0 |build_nondet_String_#res.offset|))} assume true; {1710#(and (<= 1 (select |#length| |build_nondet_String_#res.base|)) (= 0 |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:09,967 INFO L275 TraceCheckUtils]: 7: Hoare quadruple {1710#(and (<= 1 (select |#length| |build_nondet_String_#res.base|)) (= 0 |build_nondet_String_#res.offset|))} {1689#true} #99#return; {1702#(and (<= 1 (select |#length| |main_#t~ret12.base|)) (= 0 |main_#t~ret12.offset|))} is VALID [2020-07-29 00:48:09,968 INFO L263 TraceCheckUtils]: 0: Hoare triple {1689#true} call ULTIMATE.init(); {1706#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:09,968 INFO L280 TraceCheckUtils]: 1: Hoare triple {1706#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1689#true} is VALID [2020-07-29 00:48:09,969 INFO L280 TraceCheckUtils]: 2: Hoare triple {1689#true} assume true; {1689#true} is VALID [2020-07-29 00:48:09,969 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1689#true} {1689#true} #103#return; {1689#true} is VALID [2020-07-29 00:48:09,969 INFO L263 TraceCheckUtils]: 4: Hoare triple {1689#true} call #t~ret16 := main(); {1689#true} is VALID [2020-07-29 00:48:09,970 INFO L263 TraceCheckUtils]: 5: Hoare triple {1689#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {1707#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} is VALID [2020-07-29 00:48:09,970 INFO L280 TraceCheckUtils]: 6: Hoare triple {1707#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {1689#true} is VALID [2020-07-29 00:48:09,974 INFO L280 TraceCheckUtils]: 7: Hoare triple {1689#true} assume ~length~0 < 1;~length~0 := 1; {1708#(<= 1 build_nondet_String_~length~0)} is VALID [2020-07-29 00:48:09,976 INFO L280 TraceCheckUtils]: 8: Hoare triple {1708#(<= 1 build_nondet_String_~length~0)} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:09,977 INFO L280 TraceCheckUtils]: 9: Hoare triple {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} assume !(~i~0 < ~length~0 - 1); {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:09,978 INFO L280 TraceCheckUtils]: 10: Hoare triple {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:09,979 INFO L280 TraceCheckUtils]: 11: Hoare triple {1709#(and (<= 1 (select |#length| build_nondet_String_~nondetString~0.base)) (= 0 build_nondet_String_~nondetString~0.offset))} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {1710#(and (<= 1 (select |#length| |build_nondet_String_#res.base|)) (= 0 |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:09,980 INFO L280 TraceCheckUtils]: 12: Hoare triple {1710#(and (<= 1 (select |#length| |build_nondet_String_#res.base|)) (= 0 |build_nondet_String_#res.offset|))} assume true; {1710#(and (<= 1 (select |#length| |build_nondet_String_#res.base|)) (= 0 |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:09,982 INFO L275 TraceCheckUtils]: 13: Hoare quadruple {1710#(and (<= 1 (select |#length| |build_nondet_String_#res.base|)) (= 0 |build_nondet_String_#res.offset|))} {1689#true} #99#return; {1702#(and (<= 1 (select |#length| |main_#t~ret12.base|)) (= 0 |main_#t~ret12.offset|))} is VALID [2020-07-29 00:48:09,983 INFO L280 TraceCheckUtils]: 14: Hoare triple {1702#(and (<= 1 (select |#length| |main_#t~ret12.base|)) (= 0 |main_#t~ret12.offset|))} ~s~0.base, ~s~0.offset := #t~ret12.base, #t~ret12.offset;havoc #t~ret12.base, #t~ret12.offset;assume -2147483648 <= #t~nondet13 && #t~nondet13 <= 2147483647; {1703#(and (<= 1 (select |#length| main_~s~0.base)) (= 0 main_~s~0.offset))} is VALID [2020-07-29 00:48:09,984 INFO L263 TraceCheckUtils]: 15: Hoare triple {1703#(and (<= 1 (select |#length| main_~s~0.base)) (= 0 main_~s~0.offset))} call #t~ret14.base, #t~ret14.offset := cstrchr(~s~0.base, ~s~0.offset, #t~nondet13); {1704#(and (<= 1 (select |#length| |cstrchr_#in~s.base|)) (= 0 |cstrchr_#in~s.offset|))} is VALID [2020-07-29 00:48:09,985 INFO L280 TraceCheckUtils]: 16: Hoare triple {1704#(and (<= 1 (select |#length| |cstrchr_#in~s.base|)) (= 0 |cstrchr_#in~s.offset|))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~c := #in~c; {1705#(and (<= 1 (select |#length| cstrchr_~s.base)) (= 0 cstrchr_~s.offset))} is VALID [2020-07-29 00:48:09,986 INFO L280 TraceCheckUtils]: 17: Hoare triple {1705#(and (<= 1 (select |#length| cstrchr_~s.base)) (= 0 cstrchr_~s.offset))} assume !(1 + ~s.offset <= #length[~s.base] && 0 <= ~s.offset); {1690#false} is VALID [2020-07-29 00:48:09,987 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:09,988 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1797530187] [2020-07-29 00:48:09,988 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:09,988 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2020-07-29 00:48:09,989 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2116303159] [2020-07-29 00:48:09,989 INFO L78 Accepts]: Start accepts. Automaton has 11 states. Word has length 18 [2020-07-29 00:48:09,989 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:09,989 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states. [2020-07-29 00:48:10,014 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 18 edges. 18 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:10,014 INFO L459 AbstractCegarLoop]: Interpolant automaton has 11 states [2020-07-29 00:48:10,015 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:10,015 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2020-07-29 00:48:10,015 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2020-07-29 00:48:10,016 INFO L87 Difference]: Start difference. First operand 47 states and 51 transitions. Second operand 11 states. [2020-07-29 00:48:11,177 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:11,178 INFO L93 Difference]: Finished difference Result 57 states and 64 transitions. [2020-07-29 00:48:11,178 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2020-07-29 00:48:11,178 INFO L78 Accepts]: Start accepts. Automaton has 11 states. Word has length 18 [2020-07-29 00:48:11,178 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:11,178 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2020-07-29 00:48:11,181 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 66 transitions. [2020-07-29 00:48:11,181 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 11 states. [2020-07-29 00:48:11,183 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 66 transitions. [2020-07-29 00:48:11,184 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 66 transitions. [2020-07-29 00:48:11,296 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 66 edges. 66 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:11,299 INFO L225 Difference]: With dead ends: 57 [2020-07-29 00:48:11,299 INFO L226 Difference]: Without dead ends: 57 [2020-07-29 00:48:11,299 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 10 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=53, Invalid=219, Unknown=0, NotChecked=0, Total=272 [2020-07-29 00:48:11,300 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 57 states. [2020-07-29 00:48:11,303 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 57 to 53. [2020-07-29 00:48:11,304 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:11,304 INFO L82 GeneralOperation]: Start isEquivalent. First operand 57 states. Second operand 53 states. [2020-07-29 00:48:11,304 INFO L74 IsIncluded]: Start isIncluded. First operand 57 states. Second operand 53 states. [2020-07-29 00:48:11,304 INFO L87 Difference]: Start difference. First operand 57 states. Second operand 53 states. [2020-07-29 00:48:11,307 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:11,307 INFO L93 Difference]: Finished difference Result 57 states and 64 transitions. [2020-07-29 00:48:11,307 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 64 transitions. [2020-07-29 00:48:11,308 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:11,308 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:11,308 INFO L74 IsIncluded]: Start isIncluded. First operand 53 states. Second operand 57 states. [2020-07-29 00:48:11,308 INFO L87 Difference]: Start difference. First operand 53 states. Second operand 57 states. [2020-07-29 00:48:11,311 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:11,311 INFO L93 Difference]: Finished difference Result 57 states and 64 transitions. [2020-07-29 00:48:11,311 INFO L276 IsEmpty]: Start isEmpty. Operand 57 states and 64 transitions. [2020-07-29 00:48:11,311 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:11,312 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:11,312 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:11,312 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:11,312 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 53 states. [2020-07-29 00:48:11,314 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 53 states to 53 states and 59 transitions. [2020-07-29 00:48:11,314 INFO L78 Accepts]: Start accepts. Automaton has 53 states and 59 transitions. Word has length 18 [2020-07-29 00:48:11,315 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:11,315 INFO L479 AbstractCegarLoop]: Abstraction has 53 states and 59 transitions. [2020-07-29 00:48:11,315 INFO L480 AbstractCegarLoop]: Interpolant automaton has 11 states. [2020-07-29 00:48:11,315 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 59 transitions. [2020-07-29 00:48:11,316 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 23 [2020-07-29 00:48:11,316 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:11,316 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:11,316 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2020-07-29 00:48:11,317 INFO L427 AbstractCegarLoop]: === Iteration 9 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:11,317 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:11,317 INFO L82 PathProgramCache]: Analyzing trace with hash -463192456, now seen corresponding path program 1 times [2020-07-29 00:48:11,318 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:11,318 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [947196013] [2020-07-29 00:48:11,318 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:11,328 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:11,361 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:11,362 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:11,371 INFO L280 TraceCheckUtils]: 0: Hoare triple {1964#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1950#true} is VALID [2020-07-29 00:48:11,372 INFO L280 TraceCheckUtils]: 1: Hoare triple {1950#true} assume true; {1950#true} is VALID [2020-07-29 00:48:11,372 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1950#true} {1950#true} #103#return; {1950#true} is VALID [2020-07-29 00:48:11,385 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2020-07-29 00:48:11,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:11,403 INFO L280 TraceCheckUtils]: 0: Hoare triple {1965#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {1950#true} is VALID [2020-07-29 00:48:11,404 INFO L280 TraceCheckUtils]: 1: Hoare triple {1950#true} assume ~length~0 < 1;~length~0 := 1; {1950#true} is VALID [2020-07-29 00:48:11,404 INFO L280 TraceCheckUtils]: 2: Hoare triple {1950#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {1950#true} is VALID [2020-07-29 00:48:11,404 INFO L280 TraceCheckUtils]: 3: Hoare triple {1950#true} assume !(~i~0 < ~length~0 - 1); {1950#true} is VALID [2020-07-29 00:48:11,404 INFO L280 TraceCheckUtils]: 4: Hoare triple {1950#true} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {1950#true} is VALID [2020-07-29 00:48:11,404 INFO L280 TraceCheckUtils]: 5: Hoare triple {1950#true} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {1950#true} is VALID [2020-07-29 00:48:11,405 INFO L280 TraceCheckUtils]: 6: Hoare triple {1950#true} assume true; {1950#true} is VALID [2020-07-29 00:48:11,405 INFO L275 TraceCheckUtils]: 7: Hoare quadruple {1950#true} {1950#true} #99#return; {1950#true} is VALID [2020-07-29 00:48:11,406 INFO L263 TraceCheckUtils]: 0: Hoare triple {1950#true} call ULTIMATE.init(); {1964#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:11,407 INFO L280 TraceCheckUtils]: 1: Hoare triple {1964#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1950#true} is VALID [2020-07-29 00:48:11,407 INFO L280 TraceCheckUtils]: 2: Hoare triple {1950#true} assume true; {1950#true} is VALID [2020-07-29 00:48:11,408 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1950#true} {1950#true} #103#return; {1950#true} is VALID [2020-07-29 00:48:11,408 INFO L263 TraceCheckUtils]: 4: Hoare triple {1950#true} call #t~ret16 := main(); {1950#true} is VALID [2020-07-29 00:48:11,409 INFO L263 TraceCheckUtils]: 5: Hoare triple {1950#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {1965#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} is VALID [2020-07-29 00:48:11,409 INFO L280 TraceCheckUtils]: 6: Hoare triple {1965#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {1950#true} is VALID [2020-07-29 00:48:11,410 INFO L280 TraceCheckUtils]: 7: Hoare triple {1950#true} assume ~length~0 < 1;~length~0 := 1; {1950#true} is VALID [2020-07-29 00:48:11,410 INFO L280 TraceCheckUtils]: 8: Hoare triple {1950#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {1950#true} is VALID [2020-07-29 00:48:11,410 INFO L280 TraceCheckUtils]: 9: Hoare triple {1950#true} assume !(~i~0 < ~length~0 - 1); {1950#true} is VALID [2020-07-29 00:48:11,410 INFO L280 TraceCheckUtils]: 10: Hoare triple {1950#true} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {1950#true} is VALID [2020-07-29 00:48:11,410 INFO L280 TraceCheckUtils]: 11: Hoare triple {1950#true} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {1950#true} is VALID [2020-07-29 00:48:11,411 INFO L280 TraceCheckUtils]: 12: Hoare triple {1950#true} assume true; {1950#true} is VALID [2020-07-29 00:48:11,411 INFO L275 TraceCheckUtils]: 13: Hoare quadruple {1950#true} {1950#true} #99#return; {1950#true} is VALID [2020-07-29 00:48:11,411 INFO L280 TraceCheckUtils]: 14: Hoare triple {1950#true} ~s~0.base, ~s~0.offset := #t~ret12.base, #t~ret12.offset;havoc #t~ret12.base, #t~ret12.offset;assume -2147483648 <= #t~nondet13 && #t~nondet13 <= 2147483647; {1950#true} is VALID [2020-07-29 00:48:11,411 INFO L263 TraceCheckUtils]: 15: Hoare triple {1950#true} call #t~ret14.base, #t~ret14.offset := cstrchr(~s~0.base, ~s~0.offset, #t~nondet13); {1950#true} is VALID [2020-07-29 00:48:11,412 INFO L280 TraceCheckUtils]: 16: Hoare triple {1950#true} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~c := #in~c; {1950#true} is VALID [2020-07-29 00:48:11,412 INFO L280 TraceCheckUtils]: 17: Hoare triple {1950#true} SUMMARY for call #t~mem6 := read~int(~s.base, ~s.offset, 1); srcloc: L531-8 {1950#true} is VALID [2020-07-29 00:48:11,412 INFO L280 TraceCheckUtils]: 18: Hoare triple {1950#true} #t~short8 := 0 != #t~mem6; {1950#true} is VALID [2020-07-29 00:48:11,414 INFO L280 TraceCheckUtils]: 19: Hoare triple {1950#true} assume !#t~short8; {1963#(not |cstrchr_#t~short8|)} is VALID [2020-07-29 00:48:11,420 INFO L280 TraceCheckUtils]: 20: Hoare triple {1963#(not |cstrchr_#t~short8|)} assume !!#t~short8;havoc #t~mem7;havoc #t~mem6;havoc #t~short8;#t~post9.base, #t~post9.offset := ~s.base, ~s.offset;~s.base, ~s.offset := #t~post9.base, 1 + #t~post9.offset;havoc #t~post9.base, #t~post9.offset; {1951#false} is VALID [2020-07-29 00:48:11,420 INFO L280 TraceCheckUtils]: 21: Hoare triple {1951#false} assume !(1 + ~s.offset <= #length[~s.base] && 0 <= ~s.offset); {1951#false} is VALID [2020-07-29 00:48:11,421 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:11,421 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [947196013] [2020-07-29 00:48:11,421 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:11,421 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2020-07-29 00:48:11,422 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [477329600] [2020-07-29 00:48:11,422 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 22 [2020-07-29 00:48:11,423 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:11,424 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2020-07-29 00:48:11,447 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 22 edges. 22 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:11,447 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2020-07-29 00:48:11,447 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:11,448 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2020-07-29 00:48:11,448 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2020-07-29 00:48:11,448 INFO L87 Difference]: Start difference. First operand 53 states and 59 transitions. Second operand 5 states. [2020-07-29 00:48:11,721 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:11,721 INFO L93 Difference]: Finished difference Result 55 states and 61 transitions. [2020-07-29 00:48:11,722 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2020-07-29 00:48:11,722 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 22 [2020-07-29 00:48:11,722 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:11,722 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:48:11,724 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 50 transitions. [2020-07-29 00:48:11,724 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:48:11,726 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 50 transitions. [2020-07-29 00:48:11,726 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 50 transitions. [2020-07-29 00:48:11,792 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 50 edges. 50 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:11,794 INFO L225 Difference]: With dead ends: 55 [2020-07-29 00:48:11,794 INFO L226 Difference]: Without dead ends: 55 [2020-07-29 00:48:11,794 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2020-07-29 00:48:11,795 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 55 states. [2020-07-29 00:48:11,799 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 55 to 55. [2020-07-29 00:48:11,799 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:11,799 INFO L82 GeneralOperation]: Start isEquivalent. First operand 55 states. Second operand 55 states. [2020-07-29 00:48:11,799 INFO L74 IsIncluded]: Start isIncluded. First operand 55 states. Second operand 55 states. [2020-07-29 00:48:11,799 INFO L87 Difference]: Start difference. First operand 55 states. Second operand 55 states. [2020-07-29 00:48:11,804 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:11,804 INFO L93 Difference]: Finished difference Result 55 states and 61 transitions. [2020-07-29 00:48:11,804 INFO L276 IsEmpty]: Start isEmpty. Operand 55 states and 61 transitions. [2020-07-29 00:48:11,805 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:11,805 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:11,805 INFO L74 IsIncluded]: Start isIncluded. First operand 55 states. Second operand 55 states. [2020-07-29 00:48:11,813 INFO L87 Difference]: Start difference. First operand 55 states. Second operand 55 states. [2020-07-29 00:48:11,817 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:11,817 INFO L93 Difference]: Finished difference Result 55 states and 61 transitions. [2020-07-29 00:48:11,818 INFO L276 IsEmpty]: Start isEmpty. Operand 55 states and 61 transitions. [2020-07-29 00:48:11,818 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:11,818 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:11,818 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:11,818 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:11,819 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 55 states. [2020-07-29 00:48:11,820 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 55 states to 55 states and 61 transitions. [2020-07-29 00:48:11,823 INFO L78 Accepts]: Start accepts. Automaton has 55 states and 61 transitions. Word has length 22 [2020-07-29 00:48:11,824 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:11,824 INFO L479 AbstractCegarLoop]: Abstraction has 55 states and 61 transitions. [2020-07-29 00:48:11,825 INFO L480 AbstractCegarLoop]: Interpolant automaton has 5 states. [2020-07-29 00:48:11,825 INFO L276 IsEmpty]: Start isEmpty. Operand 55 states and 61 transitions. [2020-07-29 00:48:11,825 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2020-07-29 00:48:11,826 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:11,826 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:11,826 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2020-07-29 00:48:11,826 INFO L427 AbstractCegarLoop]: === Iteration 10 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:11,827 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:11,827 INFO L82 PathProgramCache]: Analyzing trace with hash 1542788213, now seen corresponding path program 1 times [2020-07-29 00:48:11,827 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:11,828 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1117966532] [2020-07-29 00:48:11,828 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:11,860 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:11,967 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:11,968 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:11,974 INFO L280 TraceCheckUtils]: 0: Hoare triple {2212#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2193#true} is VALID [2020-07-29 00:48:11,974 INFO L280 TraceCheckUtils]: 1: Hoare triple {2193#true} assume true; {2193#true} is VALID [2020-07-29 00:48:11,974 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2193#true} {2193#true} #103#return; {2193#true} is VALID [2020-07-29 00:48:11,991 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2020-07-29 00:48:11,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:12,140 INFO L280 TraceCheckUtils]: 0: Hoare triple {2213#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {2193#true} is VALID [2020-07-29 00:48:12,141 INFO L280 TraceCheckUtils]: 1: Hoare triple {2193#true} assume ~length~0 < 1;~length~0 := 1; {2214#(and (<= build_nondet_String_~length~0 1) (<= 1 build_nondet_String_~length~0))} is VALID [2020-07-29 00:48:12,142 INFO L280 TraceCheckUtils]: 2: Hoare triple {2214#(and (<= build_nondet_String_~length~0 1) (<= 1 build_nondet_String_~length~0))} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {2215#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} is VALID [2020-07-29 00:48:12,143 INFO L280 TraceCheckUtils]: 3: Hoare triple {2215#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} assume !(~i~0 < ~length~0 - 1); {2215#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} is VALID [2020-07-29 00:48:12,144 INFO L280 TraceCheckUtils]: 4: Hoare triple {2215#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {2216#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 0 (select (select |#memory_int| build_nondet_String_~nondetString~0.base) build_nondet_String_~nondetString~0.offset)))} is VALID [2020-07-29 00:48:12,145 INFO L280 TraceCheckUtils]: 5: Hoare triple {2216#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 0 (select (select |#memory_int| build_nondet_String_~nondetString~0.base) build_nondet_String_~nondetString~0.offset)))} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {2217#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:12,146 INFO L280 TraceCheckUtils]: 6: Hoare triple {2217#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} assume true; {2217#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:12,147 INFO L275 TraceCheckUtils]: 7: Hoare quadruple {2217#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} {2193#true} #99#return; {2206#(= 0 (select (select |#memory_int| |main_#t~ret12.base|) |main_#t~ret12.offset|))} is VALID [2020-07-29 00:48:12,150 INFO L263 TraceCheckUtils]: 0: Hoare triple {2193#true} call ULTIMATE.init(); {2212#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:12,150 INFO L280 TraceCheckUtils]: 1: Hoare triple {2212#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2193#true} is VALID [2020-07-29 00:48:12,150 INFO L280 TraceCheckUtils]: 2: Hoare triple {2193#true} assume true; {2193#true} is VALID [2020-07-29 00:48:12,150 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2193#true} {2193#true} #103#return; {2193#true} is VALID [2020-07-29 00:48:12,150 INFO L263 TraceCheckUtils]: 4: Hoare triple {2193#true} call #t~ret16 := main(); {2193#true} is VALID [2020-07-29 00:48:12,151 INFO L263 TraceCheckUtils]: 5: Hoare triple {2193#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {2213#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} is VALID [2020-07-29 00:48:12,151 INFO L280 TraceCheckUtils]: 6: Hoare triple {2213#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {2193#true} is VALID [2020-07-29 00:48:12,152 INFO L280 TraceCheckUtils]: 7: Hoare triple {2193#true} assume ~length~0 < 1;~length~0 := 1; {2214#(and (<= build_nondet_String_~length~0 1) (<= 1 build_nondet_String_~length~0))} is VALID [2020-07-29 00:48:12,153 INFO L280 TraceCheckUtils]: 8: Hoare triple {2214#(and (<= build_nondet_String_~length~0 1) (<= 1 build_nondet_String_~length~0))} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {2215#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} is VALID [2020-07-29 00:48:12,153 INFO L280 TraceCheckUtils]: 9: Hoare triple {2215#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} assume !(~i~0 < ~length~0 - 1); {2215#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} is VALID [2020-07-29 00:48:12,155 INFO L280 TraceCheckUtils]: 10: Hoare triple {2215#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {2216#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 0 (select (select |#memory_int| build_nondet_String_~nondetString~0.base) build_nondet_String_~nondetString~0.offset)))} is VALID [2020-07-29 00:48:12,155 INFO L280 TraceCheckUtils]: 11: Hoare triple {2216#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 0 (select (select |#memory_int| build_nondet_String_~nondetString~0.base) build_nondet_String_~nondetString~0.offset)))} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {2217#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:12,156 INFO L280 TraceCheckUtils]: 12: Hoare triple {2217#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} assume true; {2217#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:12,156 INFO L275 TraceCheckUtils]: 13: Hoare quadruple {2217#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} {2193#true} #99#return; {2206#(= 0 (select (select |#memory_int| |main_#t~ret12.base|) |main_#t~ret12.offset|))} is VALID [2020-07-29 00:48:12,157 INFO L280 TraceCheckUtils]: 14: Hoare triple {2206#(= 0 (select (select |#memory_int| |main_#t~ret12.base|) |main_#t~ret12.offset|))} ~s~0.base, ~s~0.offset := #t~ret12.base, #t~ret12.offset;havoc #t~ret12.base, #t~ret12.offset;assume -2147483648 <= #t~nondet13 && #t~nondet13 <= 2147483647; {2207#(= 0 (select (select |#memory_int| main_~s~0.base) main_~s~0.offset))} is VALID [2020-07-29 00:48:12,158 INFO L263 TraceCheckUtils]: 15: Hoare triple {2207#(= 0 (select (select |#memory_int| main_~s~0.base) main_~s~0.offset))} call #t~ret14.base, #t~ret14.offset := cstrchr(~s~0.base, ~s~0.offset, #t~nondet13); {2208#(= 0 (select (select |#memory_int| |cstrchr_#in~s.base|) |cstrchr_#in~s.offset|))} is VALID [2020-07-29 00:48:12,159 INFO L280 TraceCheckUtils]: 16: Hoare triple {2208#(= 0 (select (select |#memory_int| |cstrchr_#in~s.base|) |cstrchr_#in~s.offset|))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~c := #in~c; {2209#(= 0 (select (select |#memory_int| cstrchr_~s.base) cstrchr_~s.offset))} is VALID [2020-07-29 00:48:12,160 INFO L280 TraceCheckUtils]: 17: Hoare triple {2209#(= 0 (select (select |#memory_int| cstrchr_~s.base) cstrchr_~s.offset))} SUMMARY for call #t~mem6 := read~int(~s.base, ~s.offset, 1); srcloc: L531-8 {2210#(= 0 |cstrchr_#t~mem6|)} is VALID [2020-07-29 00:48:12,161 INFO L280 TraceCheckUtils]: 18: Hoare triple {2210#(= 0 |cstrchr_#t~mem6|)} #t~short8 := 0 != #t~mem6; {2211#(not |cstrchr_#t~short8|)} is VALID [2020-07-29 00:48:12,161 INFO L280 TraceCheckUtils]: 19: Hoare triple {2211#(not |cstrchr_#t~short8|)} assume #t~short8; {2194#false} is VALID [2020-07-29 00:48:12,161 INFO L280 TraceCheckUtils]: 20: Hoare triple {2194#false} SUMMARY for call #t~mem7 := read~int(~s.base, ~s.offset, 1); srcloc: L531-3 {2194#false} is VALID [2020-07-29 00:48:12,162 INFO L280 TraceCheckUtils]: 21: Hoare triple {2194#false} #t~short8 := #t~mem7 != (if ~c % 256 <= 127 then ~c % 256 else ~c % 256 - 256); {2194#false} is VALID [2020-07-29 00:48:12,162 INFO L280 TraceCheckUtils]: 22: Hoare triple {2194#false} assume !!#t~short8;havoc #t~mem7;havoc #t~mem6;havoc #t~short8;#t~post9.base, #t~post9.offset := ~s.base, ~s.offset;~s.base, ~s.offset := #t~post9.base, 1 + #t~post9.offset;havoc #t~post9.base, #t~post9.offset; {2194#false} is VALID [2020-07-29 00:48:12,162 INFO L280 TraceCheckUtils]: 23: Hoare triple {2194#false} assume !(1 + ~s.offset <= #length[~s.base] && 0 <= ~s.offset); {2194#false} is VALID [2020-07-29 00:48:12,163 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:12,163 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1117966532] [2020-07-29 00:48:12,164 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:12,164 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [14] imperfect sequences [] total 14 [2020-07-29 00:48:12,164 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1965581662] [2020-07-29 00:48:12,164 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 24 [2020-07-29 00:48:12,165 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:12,165 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states. [2020-07-29 00:48:12,194 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:12,194 INFO L459 AbstractCegarLoop]: Interpolant automaton has 14 states [2020-07-29 00:48:12,194 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:12,195 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2020-07-29 00:48:12,195 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=26, Invalid=156, Unknown=0, NotChecked=0, Total=182 [2020-07-29 00:48:12,195 INFO L87 Difference]: Start difference. First operand 55 states and 61 transitions. Second operand 14 states. [2020-07-29 00:48:13,711 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:13,711 INFO L93 Difference]: Finished difference Result 81 states and 87 transitions. [2020-07-29 00:48:13,711 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2020-07-29 00:48:13,711 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 24 [2020-07-29 00:48:13,712 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:13,712 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 14 states. [2020-07-29 00:48:13,715 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 78 transitions. [2020-07-29 00:48:13,715 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 14 states. [2020-07-29 00:48:13,717 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 78 transitions. [2020-07-29 00:48:13,717 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 78 transitions. [2020-07-29 00:48:13,827 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 78 edges. 78 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:13,829 INFO L225 Difference]: With dead ends: 81 [2020-07-29 00:48:13,829 INFO L226 Difference]: Without dead ends: 81 [2020-07-29 00:48:13,830 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 26 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=91, Invalid=415, Unknown=0, NotChecked=0, Total=506 [2020-07-29 00:48:13,830 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 81 states. [2020-07-29 00:48:13,834 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 81 to 71. [2020-07-29 00:48:13,835 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:13,835 INFO L82 GeneralOperation]: Start isEquivalent. First operand 81 states. Second operand 71 states. [2020-07-29 00:48:13,835 INFO L74 IsIncluded]: Start isIncluded. First operand 81 states. Second operand 71 states. [2020-07-29 00:48:13,835 INFO L87 Difference]: Start difference. First operand 81 states. Second operand 71 states. [2020-07-29 00:48:13,837 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:13,838 INFO L93 Difference]: Finished difference Result 81 states and 87 transitions. [2020-07-29 00:48:13,838 INFO L276 IsEmpty]: Start isEmpty. Operand 81 states and 87 transitions. [2020-07-29 00:48:13,839 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:13,839 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:13,839 INFO L74 IsIncluded]: Start isIncluded. First operand 71 states. Second operand 81 states. [2020-07-29 00:48:13,839 INFO L87 Difference]: Start difference. First operand 71 states. Second operand 81 states. [2020-07-29 00:48:13,841 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:13,841 INFO L93 Difference]: Finished difference Result 81 states and 87 transitions. [2020-07-29 00:48:13,842 INFO L276 IsEmpty]: Start isEmpty. Operand 81 states and 87 transitions. [2020-07-29 00:48:13,842 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:13,842 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:13,842 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:13,842 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:13,842 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 71 states. [2020-07-29 00:48:13,844 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 71 states to 71 states and 78 transitions. [2020-07-29 00:48:13,844 INFO L78 Accepts]: Start accepts. Automaton has 71 states and 78 transitions. Word has length 24 [2020-07-29 00:48:13,844 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:13,844 INFO L479 AbstractCegarLoop]: Abstraction has 71 states and 78 transitions. [2020-07-29 00:48:13,845 INFO L480 AbstractCegarLoop]: Interpolant automaton has 14 states. [2020-07-29 00:48:13,845 INFO L276 IsEmpty]: Start isEmpty. Operand 71 states and 78 transitions. [2020-07-29 00:48:13,845 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2020-07-29 00:48:13,846 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:13,846 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:13,846 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2020-07-29 00:48:13,846 INFO L427 AbstractCegarLoop]: === Iteration 11 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:13,847 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:13,847 INFO L82 PathProgramCache]: Analyzing trace with hash -45559689, now seen corresponding path program 1 times [2020-07-29 00:48:13,847 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:13,848 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1538806780] [2020-07-29 00:48:13,848 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:13,861 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:13,955 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:13,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:13,971 INFO L280 TraceCheckUtils]: 0: Hoare triple {2572#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2553#true} is VALID [2020-07-29 00:48:13,972 INFO L280 TraceCheckUtils]: 1: Hoare triple {2553#true} assume true; {2553#true} is VALID [2020-07-29 00:48:13,972 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2553#true} {2553#true} #103#return; {2553#true} is VALID [2020-07-29 00:48:13,988 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2020-07-29 00:48:13,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:14,250 INFO L280 TraceCheckUtils]: 0: Hoare triple {2573#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {2553#true} is VALID [2020-07-29 00:48:14,252 INFO L280 TraceCheckUtils]: 1: Hoare triple {2553#true} assume !(~length~0 < 1); {2574#(<= 1 build_nondet_String_~length~0)} is VALID [2020-07-29 00:48:14,253 INFO L280 TraceCheckUtils]: 2: Hoare triple {2574#(<= 1 build_nondet_String_~length~0)} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {2575#(and (or (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)) (= 0 build_nondet_String_~i~0)) (<= 1 build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:14,255 INFO L280 TraceCheckUtils]: 3: Hoare triple {2575#(and (or (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)) (= 0 build_nondet_String_~i~0)) (<= 1 build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} assume !(~i~0 < ~length~0 - 1); {2576#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} is VALID [2020-07-29 00:48:14,256 INFO L280 TraceCheckUtils]: 4: Hoare triple {2576#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {2577#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 0 (select (select |#memory_int| build_nondet_String_~nondetString~0.base) build_nondet_String_~nondetString~0.offset)))} is VALID [2020-07-29 00:48:14,257 INFO L280 TraceCheckUtils]: 5: Hoare triple {2577#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 0 (select (select |#memory_int| build_nondet_String_~nondetString~0.base) build_nondet_String_~nondetString~0.offset)))} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {2578#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:14,258 INFO L280 TraceCheckUtils]: 6: Hoare triple {2578#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} assume true; {2578#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:14,259 INFO L275 TraceCheckUtils]: 7: Hoare quadruple {2578#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} {2553#true} #99#return; {2566#(= 0 (select (select |#memory_int| |main_#t~ret12.base|) |main_#t~ret12.offset|))} is VALID [2020-07-29 00:48:14,260 INFO L263 TraceCheckUtils]: 0: Hoare triple {2553#true} call ULTIMATE.init(); {2572#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:14,261 INFO L280 TraceCheckUtils]: 1: Hoare triple {2572#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2553#true} is VALID [2020-07-29 00:48:14,261 INFO L280 TraceCheckUtils]: 2: Hoare triple {2553#true} assume true; {2553#true} is VALID [2020-07-29 00:48:14,261 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2553#true} {2553#true} #103#return; {2553#true} is VALID [2020-07-29 00:48:14,261 INFO L263 TraceCheckUtils]: 4: Hoare triple {2553#true} call #t~ret16 := main(); {2553#true} is VALID [2020-07-29 00:48:14,262 INFO L263 TraceCheckUtils]: 5: Hoare triple {2553#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {2573#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} is VALID [2020-07-29 00:48:14,263 INFO L280 TraceCheckUtils]: 6: Hoare triple {2573#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {2553#true} is VALID [2020-07-29 00:48:14,263 INFO L280 TraceCheckUtils]: 7: Hoare triple {2553#true} assume !(~length~0 < 1); {2574#(<= 1 build_nondet_String_~length~0)} is VALID [2020-07-29 00:48:14,265 INFO L280 TraceCheckUtils]: 8: Hoare triple {2574#(<= 1 build_nondet_String_~length~0)} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {2575#(and (or (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)) (= 0 build_nondet_String_~i~0)) (<= 1 build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} is VALID [2020-07-29 00:48:14,271 INFO L280 TraceCheckUtils]: 9: Hoare triple {2575#(and (or (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)) (= 0 build_nondet_String_~i~0)) (<= 1 build_nondet_String_~length~0) (= 0 build_nondet_String_~nondetString~0.offset))} assume !(~i~0 < ~length~0 - 1); {2576#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} is VALID [2020-07-29 00:48:14,275 INFO L280 TraceCheckUtils]: 10: Hoare triple {2576#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 1 (+ build_nondet_String_~nondetString~0.offset build_nondet_String_~length~0)))} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {2577#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 0 (select (select |#memory_int| build_nondet_String_~nondetString~0.base) build_nondet_String_~nondetString~0.offset)))} is VALID [2020-07-29 00:48:14,277 INFO L280 TraceCheckUtils]: 11: Hoare triple {2577#(and (= 0 build_nondet_String_~nondetString~0.offset) (= 0 (select (select |#memory_int| build_nondet_String_~nondetString~0.base) build_nondet_String_~nondetString~0.offset)))} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {2578#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:14,278 INFO L280 TraceCheckUtils]: 12: Hoare triple {2578#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} assume true; {2578#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} is VALID [2020-07-29 00:48:14,283 INFO L275 TraceCheckUtils]: 13: Hoare quadruple {2578#(= 0 (select (select |#memory_int| |build_nondet_String_#res.base|) |build_nondet_String_#res.offset|))} {2553#true} #99#return; {2566#(= 0 (select (select |#memory_int| |main_#t~ret12.base|) |main_#t~ret12.offset|))} is VALID [2020-07-29 00:48:14,285 INFO L280 TraceCheckUtils]: 14: Hoare triple {2566#(= 0 (select (select |#memory_int| |main_#t~ret12.base|) |main_#t~ret12.offset|))} ~s~0.base, ~s~0.offset := #t~ret12.base, #t~ret12.offset;havoc #t~ret12.base, #t~ret12.offset;assume -2147483648 <= #t~nondet13 && #t~nondet13 <= 2147483647; {2567#(= 0 (select (select |#memory_int| main_~s~0.base) main_~s~0.offset))} is VALID [2020-07-29 00:48:14,292 INFO L263 TraceCheckUtils]: 15: Hoare triple {2567#(= 0 (select (select |#memory_int| main_~s~0.base) main_~s~0.offset))} call #t~ret14.base, #t~ret14.offset := cstrchr(~s~0.base, ~s~0.offset, #t~nondet13); {2568#(= 0 (select (select |#memory_int| |cstrchr_#in~s.base|) |cstrchr_#in~s.offset|))} is VALID [2020-07-29 00:48:14,294 INFO L280 TraceCheckUtils]: 16: Hoare triple {2568#(= 0 (select (select |#memory_int| |cstrchr_#in~s.base|) |cstrchr_#in~s.offset|))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~c := #in~c; {2569#(= 0 (select (select |#memory_int| cstrchr_~s.base) cstrchr_~s.offset))} is VALID [2020-07-29 00:48:14,295 INFO L280 TraceCheckUtils]: 17: Hoare triple {2569#(= 0 (select (select |#memory_int| cstrchr_~s.base) cstrchr_~s.offset))} SUMMARY for call #t~mem6 := read~int(~s.base, ~s.offset, 1); srcloc: L531-8 {2570#(= 0 |cstrchr_#t~mem6|)} is VALID [2020-07-29 00:48:14,296 INFO L280 TraceCheckUtils]: 18: Hoare triple {2570#(= 0 |cstrchr_#t~mem6|)} #t~short8 := 0 != #t~mem6; {2571#(not |cstrchr_#t~short8|)} is VALID [2020-07-29 00:48:14,297 INFO L280 TraceCheckUtils]: 19: Hoare triple {2571#(not |cstrchr_#t~short8|)} assume #t~short8; {2554#false} is VALID [2020-07-29 00:48:14,297 INFO L280 TraceCheckUtils]: 20: Hoare triple {2554#false} SUMMARY for call #t~mem7 := read~int(~s.base, ~s.offset, 1); srcloc: L531-3 {2554#false} is VALID [2020-07-29 00:48:14,298 INFO L280 TraceCheckUtils]: 21: Hoare triple {2554#false} #t~short8 := #t~mem7 != (if ~c % 256 <= 127 then ~c % 256 else ~c % 256 - 256); {2554#false} is VALID [2020-07-29 00:48:14,298 INFO L280 TraceCheckUtils]: 22: Hoare triple {2554#false} assume !!#t~short8;havoc #t~mem7;havoc #t~mem6;havoc #t~short8;#t~post9.base, #t~post9.offset := ~s.base, ~s.offset;~s.base, ~s.offset := #t~post9.base, 1 + #t~post9.offset;havoc #t~post9.base, #t~post9.offset; {2554#false} is VALID [2020-07-29 00:48:14,298 INFO L280 TraceCheckUtils]: 23: Hoare triple {2554#false} assume !(1 + ~s.offset <= #length[~s.base] && 0 <= ~s.offset); {2554#false} is VALID [2020-07-29 00:48:14,300 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:14,300 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1538806780] [2020-07-29 00:48:14,300 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:14,300 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [15] imperfect sequences [] total 15 [2020-07-29 00:48:14,300 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1363413236] [2020-07-29 00:48:14,301 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 24 [2020-07-29 00:48:14,302 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:14,302 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states. [2020-07-29 00:48:14,330 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:14,330 INFO L459 AbstractCegarLoop]: Interpolant automaton has 15 states [2020-07-29 00:48:14,330 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:14,331 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2020-07-29 00:48:14,331 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2020-07-29 00:48:14,331 INFO L87 Difference]: Start difference. First operand 71 states and 78 transitions. Second operand 15 states. [2020-07-29 00:48:15,848 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:15,849 INFO L93 Difference]: Finished difference Result 101 states and 109 transitions. [2020-07-29 00:48:15,850 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 16 states. [2020-07-29 00:48:15,850 INFO L78 Accepts]: Start accepts. Automaton has 15 states. Word has length 24 [2020-07-29 00:48:15,850 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:15,850 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2020-07-29 00:48:15,853 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 16 states to 16 states and 81 transitions. [2020-07-29 00:48:15,855 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 15 states. [2020-07-29 00:48:15,857 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 16 states to 16 states and 81 transitions. [2020-07-29 00:48:15,857 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 16 states and 81 transitions. [2020-07-29 00:48:15,994 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 81 edges. 81 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:15,997 INFO L225 Difference]: With dead ends: 101 [2020-07-29 00:48:15,997 INFO L226 Difference]: Without dead ends: 101 [2020-07-29 00:48:15,998 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 27 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 40 ImplicationChecksByTransitivity, 0.5s TimeCoverageRelationStatistics Valid=97, Invalid=455, Unknown=0, NotChecked=0, Total=552 [2020-07-29 00:48:15,998 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 101 states. [2020-07-29 00:48:16,001 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 101 to 72. [2020-07-29 00:48:16,001 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:16,002 INFO L82 GeneralOperation]: Start isEquivalent. First operand 101 states. Second operand 72 states. [2020-07-29 00:48:16,002 INFO L74 IsIncluded]: Start isIncluded. First operand 101 states. Second operand 72 states. [2020-07-29 00:48:16,002 INFO L87 Difference]: Start difference. First operand 101 states. Second operand 72 states. [2020-07-29 00:48:16,005 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:16,005 INFO L93 Difference]: Finished difference Result 101 states and 109 transitions. [2020-07-29 00:48:16,006 INFO L276 IsEmpty]: Start isEmpty. Operand 101 states and 109 transitions. [2020-07-29 00:48:16,006 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:16,007 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:16,007 INFO L74 IsIncluded]: Start isIncluded. First operand 72 states. Second operand 101 states. [2020-07-29 00:48:16,007 INFO L87 Difference]: Start difference. First operand 72 states. Second operand 101 states. [2020-07-29 00:48:16,010 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:16,010 INFO L93 Difference]: Finished difference Result 101 states and 109 transitions. [2020-07-29 00:48:16,010 INFO L276 IsEmpty]: Start isEmpty. Operand 101 states and 109 transitions. [2020-07-29 00:48:16,011 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:16,011 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:16,011 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:16,011 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:16,012 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 72 states. [2020-07-29 00:48:16,013 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 72 states to 72 states and 80 transitions. [2020-07-29 00:48:16,013 INFO L78 Accepts]: Start accepts. Automaton has 72 states and 80 transitions. Word has length 24 [2020-07-29 00:48:16,014 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:16,014 INFO L479 AbstractCegarLoop]: Abstraction has 72 states and 80 transitions. [2020-07-29 00:48:16,014 INFO L480 AbstractCegarLoop]: Interpolant automaton has 15 states. [2020-07-29 00:48:16,014 INFO L276 IsEmpty]: Start isEmpty. Operand 72 states and 80 transitions. [2020-07-29 00:48:16,015 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 28 [2020-07-29 00:48:16,015 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:16,015 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:16,016 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2020-07-29 00:48:16,016 INFO L427 AbstractCegarLoop]: === Iteration 12 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:16,016 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:16,017 INFO L82 PathProgramCache]: Analyzing trace with hash -1919056224, now seen corresponding path program 1 times [2020-07-29 00:48:16,017 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:16,017 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1111419034] [2020-07-29 00:48:16,017 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:16,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:16,074 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:16,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:16,080 INFO L280 TraceCheckUtils]: 0: Hoare triple {3001#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2975#true} is VALID [2020-07-29 00:48:16,080 INFO L280 TraceCheckUtils]: 1: Hoare triple {2975#true} assume true; {2975#true} is VALID [2020-07-29 00:48:16,080 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2975#true} {2975#true} #103#return; {2975#true} is VALID [2020-07-29 00:48:16,091 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2020-07-29 00:48:16,099 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:16,139 INFO L280 TraceCheckUtils]: 0: Hoare triple {3002#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {2975#true} is VALID [2020-07-29 00:48:16,140 INFO L280 TraceCheckUtils]: 1: Hoare triple {2975#true} assume ~length~0 < 1;~length~0 := 1; {2975#true} is VALID [2020-07-29 00:48:16,140 INFO L280 TraceCheckUtils]: 2: Hoare triple {2975#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {2975#true} is VALID [2020-07-29 00:48:16,140 INFO L280 TraceCheckUtils]: 3: Hoare triple {2975#true} assume !(~i~0 < ~length~0 - 1); {2975#true} is VALID [2020-07-29 00:48:16,141 INFO L280 TraceCheckUtils]: 4: Hoare triple {2975#true} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {3003#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} is VALID [2020-07-29 00:48:16,142 INFO L280 TraceCheckUtils]: 5: Hoare triple {3003#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {3004#(= 1 (select |#valid| |build_nondet_String_#res.base|))} is VALID [2020-07-29 00:48:16,143 INFO L280 TraceCheckUtils]: 6: Hoare triple {3004#(= 1 (select |#valid| |build_nondet_String_#res.base|))} assume true; {3004#(= 1 (select |#valid| |build_nondet_String_#res.base|))} is VALID [2020-07-29 00:48:16,144 INFO L275 TraceCheckUtils]: 7: Hoare quadruple {3004#(= 1 (select |#valid| |build_nondet_String_#res.base|))} {2975#true} #99#return; {2988#(= 1 (select |#valid| |main_#t~ret12.base|))} is VALID [2020-07-29 00:48:16,145 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2020-07-29 00:48:16,147 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:16,201 INFO L280 TraceCheckUtils]: 0: Hoare triple {2975#true} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~c := #in~c; {2975#true} is VALID [2020-07-29 00:48:16,202 INFO L280 TraceCheckUtils]: 1: Hoare triple {2975#true} SUMMARY for call #t~mem6 := read~int(~s.base, ~s.offset, 1); srcloc: L531-8 {3005#(= 1 (select |#valid| cstrchr_~s.base))} is VALID [2020-07-29 00:48:16,203 INFO L280 TraceCheckUtils]: 2: Hoare triple {3005#(= 1 (select |#valid| cstrchr_~s.base))} #t~short8 := 0 != #t~mem6; {3005#(= 1 (select |#valid| cstrchr_~s.base))} is VALID [2020-07-29 00:48:16,203 INFO L280 TraceCheckUtils]: 3: Hoare triple {3005#(= 1 (select |#valid| cstrchr_~s.base))} assume !#t~short8; {3005#(= 1 (select |#valid| cstrchr_~s.base))} is VALID [2020-07-29 00:48:16,204 INFO L280 TraceCheckUtils]: 4: Hoare triple {3005#(= 1 (select |#valid| cstrchr_~s.base))} assume !#t~short8;havoc #t~mem7;havoc #t~mem6;havoc #t~short8; {3005#(= 1 (select |#valid| cstrchr_~s.base))} is VALID [2020-07-29 00:48:16,205 INFO L280 TraceCheckUtils]: 5: Hoare triple {3005#(= 1 (select |#valid| cstrchr_~s.base))} SUMMARY for call #t~mem10 := read~int(~s.base, ~s.offset, 1); srcloc: L531-9 {3005#(= 1 (select |#valid| cstrchr_~s.base))} is VALID [2020-07-29 00:48:16,206 INFO L280 TraceCheckUtils]: 6: Hoare triple {3005#(= 1 (select |#valid| cstrchr_~s.base))} assume #t~mem10 == ~c;#t~ite11.base, #t~ite11.offset := ~s.base, ~s.offset; {3006#(= 1 (select |#valid| |cstrchr_#t~ite11.base|))} is VALID [2020-07-29 00:48:16,206 INFO L280 TraceCheckUtils]: 7: Hoare triple {3006#(= 1 (select |#valid| |cstrchr_#t~ite11.base|))} #res.base, #res.offset := #t~ite11.base, #t~ite11.offset;havoc #t~ite11.base, #t~ite11.offset;havoc #t~mem10; {3007#(= 1 (select |#valid| |cstrchr_#res.base|))} is VALID [2020-07-29 00:48:16,207 INFO L280 TraceCheckUtils]: 8: Hoare triple {3007#(= 1 (select |#valid| |cstrchr_#res.base|))} assume true; {3007#(= 1 (select |#valid| |cstrchr_#res.base|))} is VALID [2020-07-29 00:48:16,209 INFO L275 TraceCheckUtils]: 9: Hoare quadruple {3007#(= 1 (select |#valid| |cstrchr_#res.base|))} {2989#(= 1 (select |#valid| main_~s~0.base))} #101#return; {3000#(= 1 (select |#valid| |main_#t~ret14.base|))} is VALID [2020-07-29 00:48:16,210 INFO L263 TraceCheckUtils]: 0: Hoare triple {2975#true} call ULTIMATE.init(); {3001#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:16,211 INFO L280 TraceCheckUtils]: 1: Hoare triple {3001#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2975#true} is VALID [2020-07-29 00:48:16,211 INFO L280 TraceCheckUtils]: 2: Hoare triple {2975#true} assume true; {2975#true} is VALID [2020-07-29 00:48:16,211 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2975#true} {2975#true} #103#return; {2975#true} is VALID [2020-07-29 00:48:16,212 INFO L263 TraceCheckUtils]: 4: Hoare triple {2975#true} call #t~ret16 := main(); {2975#true} is VALID [2020-07-29 00:48:16,213 INFO L263 TraceCheckUtils]: 5: Hoare triple {2975#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {3002#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} is VALID [2020-07-29 00:48:16,213 INFO L280 TraceCheckUtils]: 6: Hoare triple {3002#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {2975#true} is VALID [2020-07-29 00:48:16,214 INFO L280 TraceCheckUtils]: 7: Hoare triple {2975#true} assume ~length~0 < 1;~length~0 := 1; {2975#true} is VALID [2020-07-29 00:48:16,214 INFO L280 TraceCheckUtils]: 8: Hoare triple {2975#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {2975#true} is VALID [2020-07-29 00:48:16,214 INFO L280 TraceCheckUtils]: 9: Hoare triple {2975#true} assume !(~i~0 < ~length~0 - 1); {2975#true} is VALID [2020-07-29 00:48:16,215 INFO L280 TraceCheckUtils]: 10: Hoare triple {2975#true} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {3003#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} is VALID [2020-07-29 00:48:16,216 INFO L280 TraceCheckUtils]: 11: Hoare triple {3003#(= 1 (select |#valid| build_nondet_String_~nondetString~0.base))} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {3004#(= 1 (select |#valid| |build_nondet_String_#res.base|))} is VALID [2020-07-29 00:48:16,217 INFO L280 TraceCheckUtils]: 12: Hoare triple {3004#(= 1 (select |#valid| |build_nondet_String_#res.base|))} assume true; {3004#(= 1 (select |#valid| |build_nondet_String_#res.base|))} is VALID [2020-07-29 00:48:16,218 INFO L275 TraceCheckUtils]: 13: Hoare quadruple {3004#(= 1 (select |#valid| |build_nondet_String_#res.base|))} {2975#true} #99#return; {2988#(= 1 (select |#valid| |main_#t~ret12.base|))} is VALID [2020-07-29 00:48:16,219 INFO L280 TraceCheckUtils]: 14: Hoare triple {2988#(= 1 (select |#valid| |main_#t~ret12.base|))} ~s~0.base, ~s~0.offset := #t~ret12.base, #t~ret12.offset;havoc #t~ret12.base, #t~ret12.offset;assume -2147483648 <= #t~nondet13 && #t~nondet13 <= 2147483647; {2989#(= 1 (select |#valid| main_~s~0.base))} is VALID [2020-07-29 00:48:16,220 INFO L263 TraceCheckUtils]: 15: Hoare triple {2989#(= 1 (select |#valid| main_~s~0.base))} call #t~ret14.base, #t~ret14.offset := cstrchr(~s~0.base, ~s~0.offset, #t~nondet13); {2975#true} is VALID [2020-07-29 00:48:16,220 INFO L280 TraceCheckUtils]: 16: Hoare triple {2975#true} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~c := #in~c; {2975#true} is VALID [2020-07-29 00:48:16,221 INFO L280 TraceCheckUtils]: 17: Hoare triple {2975#true} SUMMARY for call #t~mem6 := read~int(~s.base, ~s.offset, 1); srcloc: L531-8 {3005#(= 1 (select |#valid| cstrchr_~s.base))} is VALID [2020-07-29 00:48:16,222 INFO L280 TraceCheckUtils]: 18: Hoare triple {3005#(= 1 (select |#valid| cstrchr_~s.base))} #t~short8 := 0 != #t~mem6; {3005#(= 1 (select |#valid| cstrchr_~s.base))} is VALID [2020-07-29 00:48:16,223 INFO L280 TraceCheckUtils]: 19: Hoare triple {3005#(= 1 (select |#valid| cstrchr_~s.base))} assume !#t~short8; {3005#(= 1 (select |#valid| cstrchr_~s.base))} is VALID [2020-07-29 00:48:16,223 INFO L280 TraceCheckUtils]: 20: Hoare triple {3005#(= 1 (select |#valid| cstrchr_~s.base))} assume !#t~short8;havoc #t~mem7;havoc #t~mem6;havoc #t~short8; {3005#(= 1 (select |#valid| cstrchr_~s.base))} is VALID [2020-07-29 00:48:16,224 INFO L280 TraceCheckUtils]: 21: Hoare triple {3005#(= 1 (select |#valid| cstrchr_~s.base))} SUMMARY for call #t~mem10 := read~int(~s.base, ~s.offset, 1); srcloc: L531-9 {3005#(= 1 (select |#valid| cstrchr_~s.base))} is VALID [2020-07-29 00:48:16,225 INFO L280 TraceCheckUtils]: 22: Hoare triple {3005#(= 1 (select |#valid| cstrchr_~s.base))} assume #t~mem10 == ~c;#t~ite11.base, #t~ite11.offset := ~s.base, ~s.offset; {3006#(= 1 (select |#valid| |cstrchr_#t~ite11.base|))} is VALID [2020-07-29 00:48:16,226 INFO L280 TraceCheckUtils]: 23: Hoare triple {3006#(= 1 (select |#valid| |cstrchr_#t~ite11.base|))} #res.base, #res.offset := #t~ite11.base, #t~ite11.offset;havoc #t~ite11.base, #t~ite11.offset;havoc #t~mem10; {3007#(= 1 (select |#valid| |cstrchr_#res.base|))} is VALID [2020-07-29 00:48:16,226 INFO L280 TraceCheckUtils]: 24: Hoare triple {3007#(= 1 (select |#valid| |cstrchr_#res.base|))} assume true; {3007#(= 1 (select |#valid| |cstrchr_#res.base|))} is VALID [2020-07-29 00:48:16,228 INFO L275 TraceCheckUtils]: 25: Hoare quadruple {3007#(= 1 (select |#valid| |cstrchr_#res.base|))} {2989#(= 1 (select |#valid| main_~s~0.base))} #101#return; {3000#(= 1 (select |#valid| |main_#t~ret14.base|))} is VALID [2020-07-29 00:48:16,229 INFO L280 TraceCheckUtils]: 26: Hoare triple {3000#(= 1 (select |#valid| |main_#t~ret14.base|))} assume !(1 == #valid[#t~ret14.base]); {2976#false} is VALID [2020-07-29 00:48:16,230 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:16,231 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1111419034] [2020-07-29 00:48:16,231 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:16,231 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2020-07-29 00:48:16,231 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [492340772] [2020-07-29 00:48:16,231 INFO L78 Accepts]: Start accepts. Automaton has 12 states. Word has length 27 [2020-07-29 00:48:16,232 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:16,232 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states. [2020-07-29 00:48:16,267 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 27 edges. 27 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:16,268 INFO L459 AbstractCegarLoop]: Interpolant automaton has 12 states [2020-07-29 00:48:16,268 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:16,268 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2020-07-29 00:48:16,269 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2020-07-29 00:48:16,269 INFO L87 Difference]: Start difference. First operand 72 states and 80 transitions. Second operand 12 states. [2020-07-29 00:48:17,355 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:17,355 INFO L93 Difference]: Finished difference Result 80 states and 88 transitions. [2020-07-29 00:48:17,355 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2020-07-29 00:48:17,355 INFO L78 Accepts]: Start accepts. Automaton has 12 states. Word has length 27 [2020-07-29 00:48:17,356 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:17,356 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 12 states. [2020-07-29 00:48:17,358 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 55 transitions. [2020-07-29 00:48:17,358 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 12 states. [2020-07-29 00:48:17,359 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 55 transitions. [2020-07-29 00:48:17,359 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 55 transitions. [2020-07-29 00:48:17,437 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 55 edges. 55 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:17,438 INFO L225 Difference]: With dead ends: 80 [2020-07-29 00:48:17,438 INFO L226 Difference]: Without dead ends: 80 [2020-07-29 00:48:17,439 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 22 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 10 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=55, Invalid=251, Unknown=0, NotChecked=0, Total=306 [2020-07-29 00:48:17,439 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 80 states. [2020-07-29 00:48:17,445 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 80 to 79. [2020-07-29 00:48:17,445 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:17,445 INFO L82 GeneralOperation]: Start isEquivalent. First operand 80 states. Second operand 79 states. [2020-07-29 00:48:17,445 INFO L74 IsIncluded]: Start isIncluded. First operand 80 states. Second operand 79 states. [2020-07-29 00:48:17,446 INFO L87 Difference]: Start difference. First operand 80 states. Second operand 79 states. [2020-07-29 00:48:17,448 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:17,448 INFO L93 Difference]: Finished difference Result 80 states and 88 transitions. [2020-07-29 00:48:17,448 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 88 transitions. [2020-07-29 00:48:17,449 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:17,449 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:17,449 INFO L74 IsIncluded]: Start isIncluded. First operand 79 states. Second operand 80 states. [2020-07-29 00:48:17,449 INFO L87 Difference]: Start difference. First operand 79 states. Second operand 80 states. [2020-07-29 00:48:17,451 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:17,452 INFO L93 Difference]: Finished difference Result 80 states and 88 transitions. [2020-07-29 00:48:17,454 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 88 transitions. [2020-07-29 00:48:17,454 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:17,455 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:17,455 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:17,455 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:17,455 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 79 states. [2020-07-29 00:48:17,456 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 79 states to 79 states and 88 transitions. [2020-07-29 00:48:17,457 INFO L78 Accepts]: Start accepts. Automaton has 79 states and 88 transitions. Word has length 27 [2020-07-29 00:48:17,457 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:17,457 INFO L479 AbstractCegarLoop]: Abstraction has 79 states and 88 transitions. [2020-07-29 00:48:17,457 INFO L480 AbstractCegarLoop]: Interpolant automaton has 12 states. [2020-07-29 00:48:17,458 INFO L276 IsEmpty]: Start isEmpty. Operand 79 states and 88 transitions. [2020-07-29 00:48:17,458 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 28 [2020-07-29 00:48:17,459 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:17,459 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:17,459 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2020-07-29 00:48:17,459 INFO L427 AbstractCegarLoop]: === Iteration 13 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:17,460 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:17,460 INFO L82 PathProgramCache]: Analyzing trace with hash -1919056223, now seen corresponding path program 1 times [2020-07-29 00:48:17,460 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:17,460 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [233167417] [2020-07-29 00:48:17,461 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:17,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:17,563 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:48:17,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:17,570 INFO L280 TraceCheckUtils]: 0: Hoare triple {3368#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {3342#true} is VALID [2020-07-29 00:48:17,571 INFO L280 TraceCheckUtils]: 1: Hoare triple {3342#true} assume true; {3342#true} is VALID [2020-07-29 00:48:17,571 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {3342#true} {3342#true} #103#return; {3342#true} is VALID [2020-07-29 00:48:17,585 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2020-07-29 00:48:17,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:17,639 INFO L280 TraceCheckUtils]: 0: Hoare triple {3369#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {3342#true} is VALID [2020-07-29 00:48:17,640 INFO L280 TraceCheckUtils]: 1: Hoare triple {3342#true} assume ~length~0 < 1;~length~0 := 1; {3342#true} is VALID [2020-07-29 00:48:17,641 INFO L280 TraceCheckUtils]: 2: Hoare triple {3342#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {3370#(= 0 build_nondet_String_~nondetString~0.offset)} is VALID [2020-07-29 00:48:17,641 INFO L280 TraceCheckUtils]: 3: Hoare triple {3370#(= 0 build_nondet_String_~nondetString~0.offset)} assume !(~i~0 < ~length~0 - 1); {3370#(= 0 build_nondet_String_~nondetString~0.offset)} is VALID [2020-07-29 00:48:17,642 INFO L280 TraceCheckUtils]: 4: Hoare triple {3370#(= 0 build_nondet_String_~nondetString~0.offset)} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {3370#(= 0 build_nondet_String_~nondetString~0.offset)} is VALID [2020-07-29 00:48:17,643 INFO L280 TraceCheckUtils]: 5: Hoare triple {3370#(= 0 build_nondet_String_~nondetString~0.offset)} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {3371#(= 0 |build_nondet_String_#res.offset|)} is VALID [2020-07-29 00:48:17,643 INFO L280 TraceCheckUtils]: 6: Hoare triple {3371#(= 0 |build_nondet_String_#res.offset|)} assume true; {3371#(= 0 |build_nondet_String_#res.offset|)} is VALID [2020-07-29 00:48:17,644 INFO L275 TraceCheckUtils]: 7: Hoare quadruple {3371#(= 0 |build_nondet_String_#res.offset|)} {3342#true} #99#return; {3355#(= 0 |main_#t~ret12.offset|)} is VALID [2020-07-29 00:48:17,645 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2020-07-29 00:48:17,648 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:48:17,813 INFO L280 TraceCheckUtils]: 0: Hoare triple {3342#true} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~c := #in~c; {3372#(or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset))} is VALID [2020-07-29 00:48:17,814 INFO L280 TraceCheckUtils]: 1: Hoare triple {3372#(or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset))} SUMMARY for call #t~mem6 := read~int(~s.base, ~s.offset, 1); srcloc: L531-8 {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} is VALID [2020-07-29 00:48:17,816 INFO L280 TraceCheckUtils]: 2: Hoare triple {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} #t~short8 := 0 != #t~mem6; {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} is VALID [2020-07-29 00:48:17,819 INFO L280 TraceCheckUtils]: 3: Hoare triple {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} assume !#t~short8; {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} is VALID [2020-07-29 00:48:17,822 INFO L280 TraceCheckUtils]: 4: Hoare triple {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} assume !#t~short8;havoc #t~mem7;havoc #t~mem6;havoc #t~short8; {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} is VALID [2020-07-29 00:48:17,822 INFO L280 TraceCheckUtils]: 5: Hoare triple {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} SUMMARY for call #t~mem10 := read~int(~s.base, ~s.offset, 1); srcloc: L531-9 {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} is VALID [2020-07-29 00:48:17,823 INFO L280 TraceCheckUtils]: 6: Hoare triple {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} assume #t~mem10 == ~c;#t~ite11.base, #t~ite11.offset := ~s.base, ~s.offset; {3374#(and (<= 1 (select |#length| |cstrchr_#t~ite11.base|)) (<= 0 |cstrchr_#t~ite11.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#t~ite11.offset| 0)))} is VALID [2020-07-29 00:48:17,824 INFO L280 TraceCheckUtils]: 7: Hoare triple {3374#(and (<= 1 (select |#length| |cstrchr_#t~ite11.base|)) (<= 0 |cstrchr_#t~ite11.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#t~ite11.offset| 0)))} #res.base, #res.offset := #t~ite11.base, #t~ite11.offset;havoc #t~ite11.base, #t~ite11.offset;havoc #t~mem10; {3375#(and (<= 1 (select |#length| |cstrchr_#res.base|)) (<= 0 |cstrchr_#res.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#res.offset| 0)))} is VALID [2020-07-29 00:48:17,830 INFO L280 TraceCheckUtils]: 8: Hoare triple {3375#(and (<= 1 (select |#length| |cstrchr_#res.base|)) (<= 0 |cstrchr_#res.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#res.offset| 0)))} assume true; {3375#(and (<= 1 (select |#length| |cstrchr_#res.base|)) (<= 0 |cstrchr_#res.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#res.offset| 0)))} is VALID [2020-07-29 00:48:17,831 INFO L275 TraceCheckUtils]: 9: Hoare quadruple {3375#(and (<= 1 (select |#length| |cstrchr_#res.base|)) (<= 0 |cstrchr_#res.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#res.offset| 0)))} {3356#(= 0 main_~s~0.offset)} #101#return; {3367#(and (= 0 |main_#t~ret14.offset|) (<= 1 (select |#length| |main_#t~ret14.base|)))} is VALID [2020-07-29 00:48:17,835 INFO L263 TraceCheckUtils]: 0: Hoare triple {3342#true} call ULTIMATE.init(); {3368#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:48:17,835 INFO L280 TraceCheckUtils]: 1: Hoare triple {3368#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {3342#true} is VALID [2020-07-29 00:48:17,835 INFO L280 TraceCheckUtils]: 2: Hoare triple {3342#true} assume true; {3342#true} is VALID [2020-07-29 00:48:17,835 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {3342#true} {3342#true} #103#return; {3342#true} is VALID [2020-07-29 00:48:17,835 INFO L263 TraceCheckUtils]: 4: Hoare triple {3342#true} call #t~ret16 := main(); {3342#true} is VALID [2020-07-29 00:48:17,836 INFO L263 TraceCheckUtils]: 5: Hoare triple {3342#true} call #t~ret12.base, #t~ret12.offset := build_nondet_String(); {3369#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} is VALID [2020-07-29 00:48:17,836 INFO L280 TraceCheckUtils]: 6: Hoare triple {3369#(and (= |#valid| |old(#valid)|) (= |#memory_int| |old(#memory_int)|) (= |old(#length)| |#length|))} assume -2147483648 <= #t~nondet2 && #t~nondet2 <= 2147483647;~length~0 := #t~nondet2;havoc #t~nondet2; {3342#true} is VALID [2020-07-29 00:48:17,836 INFO L280 TraceCheckUtils]: 7: Hoare triple {3342#true} assume ~length~0 < 1;~length~0 := 1; {3342#true} is VALID [2020-07-29 00:48:17,837 INFO L280 TraceCheckUtils]: 8: Hoare triple {3342#true} call #t~malloc3.base, #t~malloc3.offset := #Ultimate.allocOnHeap(~length~0);~nondetString~0.base, ~nondetString~0.offset := #t~malloc3.base, #t~malloc3.offset;~i~0 := 0; {3370#(= 0 build_nondet_String_~nondetString~0.offset)} is VALID [2020-07-29 00:48:17,837 INFO L280 TraceCheckUtils]: 9: Hoare triple {3370#(= 0 build_nondet_String_~nondetString~0.offset)} assume !(~i~0 < ~length~0 - 1); {3370#(= 0 build_nondet_String_~nondetString~0.offset)} is VALID [2020-07-29 00:48:17,838 INFO L280 TraceCheckUtils]: 10: Hoare triple {3370#(= 0 build_nondet_String_~nondetString~0.offset)} SUMMARY for call write~int(0, ~nondetString~0.base, ~nondetString~0.offset + (~length~0 - 1), 1); srcloc: L521-4 {3370#(= 0 build_nondet_String_~nondetString~0.offset)} is VALID [2020-07-29 00:48:17,838 INFO L280 TraceCheckUtils]: 11: Hoare triple {3370#(= 0 build_nondet_String_~nondetString~0.offset)} #res.base, #res.offset := ~nondetString~0.base, ~nondetString~0.offset; {3371#(= 0 |build_nondet_String_#res.offset|)} is VALID [2020-07-29 00:48:17,839 INFO L280 TraceCheckUtils]: 12: Hoare triple {3371#(= 0 |build_nondet_String_#res.offset|)} assume true; {3371#(= 0 |build_nondet_String_#res.offset|)} is VALID [2020-07-29 00:48:17,839 INFO L275 TraceCheckUtils]: 13: Hoare quadruple {3371#(= 0 |build_nondet_String_#res.offset|)} {3342#true} #99#return; {3355#(= 0 |main_#t~ret12.offset|)} is VALID [2020-07-29 00:48:17,840 INFO L280 TraceCheckUtils]: 14: Hoare triple {3355#(= 0 |main_#t~ret12.offset|)} ~s~0.base, ~s~0.offset := #t~ret12.base, #t~ret12.offset;havoc #t~ret12.base, #t~ret12.offset;assume -2147483648 <= #t~nondet13 && #t~nondet13 <= 2147483647; {3356#(= 0 main_~s~0.offset)} is VALID [2020-07-29 00:48:17,840 INFO L263 TraceCheckUtils]: 15: Hoare triple {3356#(= 0 main_~s~0.offset)} call #t~ret14.base, #t~ret14.offset := cstrchr(~s~0.base, ~s~0.offset, #t~nondet13); {3342#true} is VALID [2020-07-29 00:48:17,841 INFO L280 TraceCheckUtils]: 16: Hoare triple {3342#true} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~c := #in~c; {3372#(or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset))} is VALID [2020-07-29 00:48:17,842 INFO L280 TraceCheckUtils]: 17: Hoare triple {3372#(or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset))} SUMMARY for call #t~mem6 := read~int(~s.base, ~s.offset, 1); srcloc: L531-8 {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} is VALID [2020-07-29 00:48:17,843 INFO L280 TraceCheckUtils]: 18: Hoare triple {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} #t~short8 := 0 != #t~mem6; {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} is VALID [2020-07-29 00:48:17,844 INFO L280 TraceCheckUtils]: 19: Hoare triple {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} assume !#t~short8; {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} is VALID [2020-07-29 00:48:17,844 INFO L280 TraceCheckUtils]: 20: Hoare triple {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} assume !#t~short8;havoc #t~mem7;havoc #t~mem6;havoc #t~short8; {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} is VALID [2020-07-29 00:48:17,846 INFO L280 TraceCheckUtils]: 21: Hoare triple {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} SUMMARY for call #t~mem10 := read~int(~s.base, ~s.offset, 1); srcloc: L531-9 {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} is VALID [2020-07-29 00:48:17,847 INFO L280 TraceCheckUtils]: 22: Hoare triple {3373#(and (<= 1 (select |#length| cstrchr_~s.base)) (<= 0 cstrchr_~s.offset) (or (= |cstrchr_#in~s.offset| cstrchr_~s.offset) (= 0 cstrchr_~s.offset)))} assume #t~mem10 == ~c;#t~ite11.base, #t~ite11.offset := ~s.base, ~s.offset; {3374#(and (<= 1 (select |#length| |cstrchr_#t~ite11.base|)) (<= 0 |cstrchr_#t~ite11.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#t~ite11.offset| 0)))} is VALID [2020-07-29 00:48:17,848 INFO L280 TraceCheckUtils]: 23: Hoare triple {3374#(and (<= 1 (select |#length| |cstrchr_#t~ite11.base|)) (<= 0 |cstrchr_#t~ite11.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#t~ite11.offset| 0)))} #res.base, #res.offset := #t~ite11.base, #t~ite11.offset;havoc #t~ite11.base, #t~ite11.offset;havoc #t~mem10; {3375#(and (<= 1 (select |#length| |cstrchr_#res.base|)) (<= 0 |cstrchr_#res.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#res.offset| 0)))} is VALID [2020-07-29 00:48:17,849 INFO L280 TraceCheckUtils]: 24: Hoare triple {3375#(and (<= 1 (select |#length| |cstrchr_#res.base|)) (<= 0 |cstrchr_#res.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#res.offset| 0)))} assume true; {3375#(and (<= 1 (select |#length| |cstrchr_#res.base|)) (<= 0 |cstrchr_#res.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#res.offset| 0)))} is VALID [2020-07-29 00:48:17,850 INFO L275 TraceCheckUtils]: 25: Hoare quadruple {3375#(and (<= 1 (select |#length| |cstrchr_#res.base|)) (<= 0 |cstrchr_#res.offset|) (or (not (= 0 |cstrchr_#in~s.offset|)) (<= |cstrchr_#res.offset| 0)))} {3356#(= 0 main_~s~0.offset)} #101#return; {3367#(and (= 0 |main_#t~ret14.offset|) (<= 1 (select |#length| |main_#t~ret14.base|)))} is VALID [2020-07-29 00:48:17,851 INFO L280 TraceCheckUtils]: 26: Hoare triple {3367#(and (= 0 |main_#t~ret14.offset|) (<= 1 (select |#length| |main_#t~ret14.base|)))} assume !(1 + #t~ret14.offset <= #length[#t~ret14.base] && 0 <= #t~ret14.offset); {3343#false} is VALID [2020-07-29 00:48:17,852 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:48:17,852 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [233167417] [2020-07-29 00:48:17,852 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:48:17,853 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2020-07-29 00:48:17,853 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [857750537] [2020-07-29 00:48:17,853 INFO L78 Accepts]: Start accepts. Automaton has 13 states. Word has length 27 [2020-07-29 00:48:17,854 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:48:17,854 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states. [2020-07-29 00:48:17,886 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 27 edges. 27 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:17,887 INFO L459 AbstractCegarLoop]: Interpolant automaton has 13 states [2020-07-29 00:48:17,887 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:48:17,887 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 13 interpolants. [2020-07-29 00:48:17,888 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=132, Unknown=0, NotChecked=0, Total=156 [2020-07-29 00:48:17,888 INFO L87 Difference]: Start difference. First operand 79 states and 88 transitions. Second operand 13 states. [2020-07-29 00:48:19,085 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:19,085 INFO L93 Difference]: Finished difference Result 88 states and 98 transitions. [2020-07-29 00:48:19,085 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2020-07-29 00:48:19,085 INFO L78 Accepts]: Start accepts. Automaton has 13 states. Word has length 27 [2020-07-29 00:48:19,086 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:48:19,086 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 13 states. [2020-07-29 00:48:19,092 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 68 transitions. [2020-07-29 00:48:19,092 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 13 states. [2020-07-29 00:48:19,094 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 68 transitions. [2020-07-29 00:48:19,094 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 68 transitions. [2020-07-29 00:48:19,213 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 68 edges. 68 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:48:19,215 INFO L225 Difference]: With dead ends: 88 [2020-07-29 00:48:19,216 INFO L226 Difference]: Without dead ends: 88 [2020-07-29 00:48:19,216 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 23 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 18 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 17 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=70, Invalid=310, Unknown=0, NotChecked=0, Total=380 [2020-07-29 00:48:19,217 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 88 states. [2020-07-29 00:48:19,222 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 88 to 84. [2020-07-29 00:48:19,228 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:48:19,229 INFO L82 GeneralOperation]: Start isEquivalent. First operand 88 states. Second operand 84 states. [2020-07-29 00:48:19,229 INFO L74 IsIncluded]: Start isIncluded. First operand 88 states. Second operand 84 states. [2020-07-29 00:48:19,229 INFO L87 Difference]: Start difference. First operand 88 states. Second operand 84 states. [2020-07-29 00:48:19,231 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:19,232 INFO L93 Difference]: Finished difference Result 88 states and 98 transitions. [2020-07-29 00:48:19,232 INFO L276 IsEmpty]: Start isEmpty. Operand 88 states and 98 transitions. [2020-07-29 00:48:19,232 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:19,232 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:19,233 INFO L74 IsIncluded]: Start isIncluded. First operand 84 states. Second operand 88 states. [2020-07-29 00:48:19,233 INFO L87 Difference]: Start difference. First operand 84 states. Second operand 88 states. [2020-07-29 00:48:19,237 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:48:19,237 INFO L93 Difference]: Finished difference Result 88 states and 98 transitions. [2020-07-29 00:48:19,238 INFO L276 IsEmpty]: Start isEmpty. Operand 88 states and 98 transitions. [2020-07-29 00:48:19,238 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:48:19,239 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:48:19,239 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:48:19,239 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:48:19,239 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 84 states. [2020-07-29 00:48:19,242 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 84 states to 84 states and 94 transitions. [2020-07-29 00:48:19,242 INFO L78 Accepts]: Start accepts. Automaton has 84 states and 94 transitions. Word has length 27 [2020-07-29 00:48:19,242 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:48:19,243 INFO L479 AbstractCegarLoop]: Abstraction has 84 states and 94 transitions. [2020-07-29 00:48:19,243 INFO L480 AbstractCegarLoop]: Interpolant automaton has 13 states. [2020-07-29 00:48:19,243 INFO L276 IsEmpty]: Start isEmpty. Operand 84 states and 94 transitions. [2020-07-29 00:48:19,246 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 28 [2020-07-29 00:48:19,247 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:48:19,247 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:48:19,247 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12 [2020-07-29 00:48:19,248 INFO L427 AbstractCegarLoop]: === Iteration 14 === [build_nondet_StringErr3REQUIRES_VIOLATION, build_nondet_StringErr2REQUIRES_VIOLATION, build_nondet_StringErr1REQUIRES_VIOLATION, build_nondet_StringErr0REQUIRES_VIOLATION, cstrchrErr0REQUIRES_VIOLATION, cstrchrErr5REQUIRES_VIOLATION, cstrchrErr1REQUIRES_VIOLATION, cstrchrErr3REQUIRES_VIOLATION, cstrchrErr2REQUIRES_VIOLATION, cstrchrErr4REQUIRES_VIOLATION, mainErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr2ASSERT_VIOLATIONMEMORY_FREE, mainErr5ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr4ASSERT_VIOLATIONMEMORY_FREE, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:48:19,248 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:48:19,248 INFO L82 PathProgramCache]: Analyzing trace with hash -1917209182, now seen corresponding path program 1 times [2020-07-29 00:48:19,249 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:48:19,249 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [56676693] [2020-07-29 00:48:19,249 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:48:19,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2020-07-29 00:48:19,273 INFO L221 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2020-07-29 00:48:19,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2020-07-29 00:48:19,304 INFO L221 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2020-07-29 00:48:19,352 INFO L174 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2020-07-29 00:48:19,353 INFO L520 BasicCegarLoop]: Counterexample might be feasible [2020-07-29 00:48:19,354 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable13 [2020-07-29 00:48:19,424 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 29.07 12:48:19 BoogieIcfgContainer [2020-07-29 00:48:19,424 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2020-07-29 00:48:19,425 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2020-07-29 00:48:19,425 INFO L271 PluginConnector]: Initializing Witness Printer... [2020-07-29 00:48:19,425 INFO L275 PluginConnector]: Witness Printer initialized [2020-07-29 00:48:19,426 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 12:48:03" (3/4) ... [2020-07-29 00:48:19,429 INFO L131 WitnessPrinter]: Generating witness for reachability counterexample [2020-07-29 00:48:19,512 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2020-07-29 00:48:19,512 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2020-07-29 00:48:19,521 INFO L168 Benchmark]: Toolchain (without parser) took 17387.57 ms. Allocated memory was 1.0 GB in the beginning and 1.4 GB in the end (delta: 339.2 MB). Free memory was 960.2 MB in the beginning and 798.6 MB in the end (delta: 161.6 MB). Peak memory consumption was 500.9 MB. Max. memory is 11.5 GB. [2020-07-29 00:48:19,522 INFO L168 Benchmark]: CDTParser took 0.69 ms. Allocated memory is still 1.0 GB. Free memory is still 987.1 MB. There was no memory consumed. Max. memory is 11.5 GB. [2020-07-29 00:48:19,523 INFO L168 Benchmark]: CACSL2BoogieTranslator took 799.17 ms. Allocated memory was 1.0 GB in the beginning and 1.1 GB in the end (delta: 115.9 MB). Free memory was 960.2 MB in the beginning and 1.1 GB in the end (delta: -134.8 MB). Peak memory consumption was 26.3 MB. Max. memory is 11.5 GB. [2020-07-29 00:48:19,523 INFO L168 Benchmark]: Boogie Preprocessor took 132.88 ms. Allocated memory is still 1.1 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 7.1 MB). Peak memory consumption was 7.1 MB. Max. memory is 11.5 GB. [2020-07-29 00:48:19,524 INFO L168 Benchmark]: RCFGBuilder took 864.97 ms. Allocated memory is still 1.1 GB. Free memory was 1.1 GB in the beginning and 1.0 GB in the end (delta: 62.3 MB). Peak memory consumption was 62.3 MB. Max. memory is 11.5 GB. [2020-07-29 00:48:19,524 INFO L168 Benchmark]: TraceAbstraction took 15494.35 ms. Allocated memory was 1.1 GB in the beginning and 1.4 GB in the end (delta: 223.3 MB). Free memory was 1.0 GB in the beginning and 798.6 MB in the end (delta: 227.2 MB). Peak memory consumption was 450.5 MB. Max. memory is 11.5 GB. [2020-07-29 00:48:19,524 INFO L168 Benchmark]: Witness Printer took 87.89 ms. Allocated memory is still 1.4 GB. Free memory is still 798.6 MB. There was no memory consumed. Max. memory is 11.5 GB. [2020-07-29 00:48:19,526 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.69 ms. Allocated memory is still 1.0 GB. Free memory is still 987.1 MB. There was no memory consumed. Max. memory is 11.5 GB. * CACSL2BoogieTranslator took 799.17 ms. Allocated memory was 1.0 GB in the beginning and 1.1 GB in the end (delta: 115.9 MB). Free memory was 960.2 MB in the beginning and 1.1 GB in the end (delta: -134.8 MB). Peak memory consumption was 26.3 MB. Max. memory is 11.5 GB. * Boogie Preprocessor took 132.88 ms. Allocated memory is still 1.1 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 7.1 MB). Peak memory consumption was 7.1 MB. Max. memory is 11.5 GB. * RCFGBuilder took 864.97 ms. Allocated memory is still 1.1 GB. Free memory was 1.1 GB in the beginning and 1.0 GB in the end (delta: 62.3 MB). Peak memory consumption was 62.3 MB. Max. memory is 11.5 GB. * TraceAbstraction took 15494.35 ms. Allocated memory was 1.1 GB in the beginning and 1.4 GB in the end (delta: 223.3 MB). Free memory was 1.0 GB in the beginning and 798.6 MB in the end (delta: 227.2 MB). Peak memory consumption was 450.5 MB. Max. memory is 11.5 GB. * Witness Printer took 87.89 ms. Allocated memory is still 1.4 GB. Free memory is still 798.6 MB. There was no memory consumed. Max. memory is 11.5 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - CounterExampleResult [Line: 537]: pointer dereference may fail pointer dereference may fail We found a FailurePath: [L536] CALL, EXPR build_nondet_String() [L515] int length = __VERIFIER_nondet_int(); [L516] COND TRUE length < 1 [L517] length = 1 VAL [length=1] [L519] char* nondetString = (char*) malloc(length * sizeof(char)); [L521] int i = 0; VAL [i=0, length=1, malloc(length * sizeof(char))={-1:0}, nondetString={-1:0}] [L521] COND FALSE !(i < length - 1) VAL [i=0, length=1, malloc(length * sizeof(char))={-1:0}, nondetString={-1:0}] [L526] nondetString[length-1] = '\0' VAL [i=0, length=1, malloc(length * sizeof(char))={-1:0}, nondetString={-1:0}] [L527] return nondetString; VAL [\result={-1:0}, i=0, length=1, malloc(length * sizeof(char))={-1:0}, nondetString={-1:0}] [L536] RET, EXPR build_nondet_String() VAL [build_nondet_String()={-1:0}] [L536] char* s = build_nondet_String(); [L537] CALL cstrchr(s,__VERIFIER_nondet_int()) VAL [\old(c)=2, s={-1:0}] [L531] EXPR \read(*s) VAL [\old(c)=2, \read(*s)=0, c=2, s={-1:0}, s={-1:0}] [L531] *s != '\0' && *s != (char)c VAL [*s != '\0' && *s != (char)c=0, \old(c)=2, \read(*s)=0, c=2, s={-1:0}, s={-1:0}] [L531] COND FALSE !(*s != '\0' && *s != (char)c) [L533] EXPR \read(*s) VAL [\old(c)=2, \read(*s)=0, c=2, s={-1:0}, s={-1:0}] [L533] EXPR (*s == c) ? (char *) s : 0 VAL [(*s == c) ? (char *) s : 0={0:0}, \old(c)=2, \read(*s)=0, c=2, s={-1:0}, s={-1:0}] [L533] return ( (*s == c) ? (char *) s : 0 ); [L537] RET cstrchr(s,__VERIFIER_nondet_int()) VAL [__VERIFIER_nondet_int()=2, cstrchr(s,__VERIFIER_nondet_int())={0:0}, s={-1:0}] - StatisticsResult: Ultimate Automizer benchmark data CFG has 10 procedures, 71 locations, 16 error locations. Started 1 CEGAR loops. VerificationResult: UNSAFE, OverallTime: 15.3s, OverallIterations: 14, TraceHistogramMax: 2, AutomataDifference: 11.1s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 456 SDtfs, 838 SDslu, 808 SDs, 0 SdLazy, 2464 SolverSat, 121 SolverUnsat, 0 SolverUnknown, 0 SolverNotchecked, 3.5s Time, PredicateUnifierStatistics: 0 DeclaredPredicates, 191 GetRequests, 59 SyntacticMatches, 2 SemanticMatches, 130 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 116 ImplicationChecksByTransitivity, 2.4s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=84occurred in iteration=13, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 13 MinimizatonAttempts, 66 StatesRemovedByMinimization, 8 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 2.6s InterpolantComputationTime, 272 NumberOfCodeBlocks, 272 NumberOfCodeBlocksAsserted, 15 NumberOfCheckSat, 231 ConstructedInterpolants, 0 QuantifiedInterpolants, 20667 SizeOfPredicates, 3 NumberOfNonLiveVariables, 69 ConjunctsInSsa, 11 ConjunctsInUnsatCore, 14 InterpolantComputations, 12 PerfectInterpolantSequences, 4/7 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available RESULT: Ultimate proved your program to be incorrect! Received shutdown request...