./Ultimate.py --spec ../sv-benchmarks/c/properties/valid-memsafety.prp --file ../sv-benchmarks/c/ldv-memsafety/memleaks_test3-2.i --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version 8bd4bc60 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx12G -Xms1G -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/ldv-memsafety/memleaks_test3-2.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 34250e9d8f469697cb8850c8aa9214fde887cb00 ............................................................................................................................... Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx12G -Xms1G -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/ldv-memsafety/memleaks_test3-2.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 34250e9d8f469697cb8850c8aa9214fde887cb00 ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. Execution finished normally Writing output log to file Ultimate.log Result: TRUE --- Real Ultimate output --- This is Ultimate 0.1.25-8bd4bc6 [2020-07-29 01:05:45,859 INFO L177 SettingsManager]: Resetting all preferences to default values... [2020-07-29 01:05:45,861 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2020-07-29 01:05:45,874 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2020-07-29 01:05:45,874 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2020-07-29 01:05:45,877 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2020-07-29 01:05:45,879 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2020-07-29 01:05:45,893 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2020-07-29 01:05:45,895 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2020-07-29 01:05:45,896 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2020-07-29 01:05:45,899 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2020-07-29 01:05:45,901 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2020-07-29 01:05:45,901 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2020-07-29 01:05:45,903 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2020-07-29 01:05:45,904 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2020-07-29 01:05:45,906 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2020-07-29 01:05:45,907 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2020-07-29 01:05:45,912 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2020-07-29 01:05:45,914 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2020-07-29 01:05:45,917 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2020-07-29 01:05:45,924 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2020-07-29 01:05:45,925 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2020-07-29 01:05:45,929 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2020-07-29 01:05:45,931 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2020-07-29 01:05:45,935 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2020-07-29 01:05:45,936 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2020-07-29 01:05:45,936 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2020-07-29 01:05:45,937 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2020-07-29 01:05:45,937 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2020-07-29 01:05:45,939 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2020-07-29 01:05:45,939 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2020-07-29 01:05:45,940 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2020-07-29 01:05:45,941 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2020-07-29 01:05:45,942 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2020-07-29 01:05:45,943 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2020-07-29 01:05:45,943 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2020-07-29 01:05:45,944 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2020-07-29 01:05:45,944 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2020-07-29 01:05:45,945 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2020-07-29 01:05:45,946 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2020-07-29 01:05:45,947 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2020-07-29 01:05:45,948 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2020-07-29 01:05:45,963 INFO L113 SettingsManager]: Loading preferences was successful [2020-07-29 01:05:45,963 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2020-07-29 01:05:45,965 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2020-07-29 01:05:45,966 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2020-07-29 01:05:45,966 INFO L138 SettingsManager]: * Use SBE=true [2020-07-29 01:05:45,966 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2020-07-29 01:05:45,967 INFO L138 SettingsManager]: * sizeof long=4 [2020-07-29 01:05:45,967 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2020-07-29 01:05:45,967 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2020-07-29 01:05:45,968 INFO L138 SettingsManager]: * sizeof POINTER=4 [2020-07-29 01:05:45,969 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2020-07-29 01:05:45,969 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2020-07-29 01:05:45,970 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2020-07-29 01:05:45,970 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2020-07-29 01:05:45,971 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2020-07-29 01:05:45,971 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2020-07-29 01:05:45,971 INFO L138 SettingsManager]: * sizeof long double=12 [2020-07-29 01:05:45,971 INFO L138 SettingsManager]: * Use constant arrays=true [2020-07-29 01:05:45,972 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2020-07-29 01:05:45,972 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2020-07-29 01:05:45,972 INFO L138 SettingsManager]: * To the following directory=./dump/ [2020-07-29 01:05:45,973 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2020-07-29 01:05:45,973 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-29 01:05:45,973 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2020-07-29 01:05:45,974 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2020-07-29 01:05:45,974 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2020-07-29 01:05:45,974 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2020-07-29 01:05:45,975 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2020-07-29 01:05:45,975 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 34250e9d8f469697cb8850c8aa9214fde887cb00 [2020-07-29 01:05:46,281 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2020-07-29 01:05:46,296 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2020-07-29 01:05:46,299 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2020-07-29 01:05:46,301 INFO L271 PluginConnector]: Initializing CDTParser... [2020-07-29 01:05:46,302 INFO L275 PluginConnector]: CDTParser initialized [2020-07-29 01:05:46,303 INFO L429 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ldv-memsafety/memleaks_test3-2.i [2020-07-29 01:05:46,377 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/50e6c225f/59726129af0b4d4e9503ad0c236b261a/FLAG4d99e8d41 [2020-07-29 01:05:46,995 INFO L306 CDTParser]: Found 1 translation units. [2020-07-29 01:05:46,996 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ldv-memsafety/memleaks_test3-2.i [2020-07-29 01:05:47,021 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/50e6c225f/59726129af0b4d4e9503ad0c236b261a/FLAG4d99e8d41 [2020-07-29 01:05:47,357 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/50e6c225f/59726129af0b4d4e9503ad0c236b261a [2020-07-29 01:05:47,361 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2020-07-29 01:05:47,364 INFO L131 ToolchainWalker]: Walking toolchain with 5 elements. [2020-07-29 01:05:47,365 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2020-07-29 01:05:47,365 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2020-07-29 01:05:47,369 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2020-07-29 01:05:47,371 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 29.07 01:05:47" (1/1) ... [2020-07-29 01:05:47,374 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6d494b33 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:47, skipping insertion in model container [2020-07-29 01:05:47,375 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 29.07 01:05:47" (1/1) ... [2020-07-29 01:05:47,383 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2020-07-29 01:05:47,452 INFO L178 MainTranslator]: Built tables and reachable declarations [2020-07-29 01:05:47,939 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-29 01:05:47,975 ERROR L326 MainTranslator]: Unsupported Syntax: Found a cast between two array/pointer types where the value type is smaller than the cast-to type while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) [2020-07-29 01:05:47,976 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieTranslatorObserver@12fbbc87 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:47, skipping insertion in model container [2020-07-29 01:05:47,977 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2020-07-29 01:05:47,977 INFO L184 ToolchainWalker]: Toolchain execution was canceled (user or tool) before executing de.uni_freiburg.informatik.ultimate.boogie.preprocessor [2020-07-29 01:05:47,983 INFO L168 Benchmark]: Toolchain (without parser) took 618.46 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 134.2 MB). Free memory was 945.5 MB in the beginning and 1.1 GB in the end (delta: -170.7 MB). Peak memory consumption was 20.8 MB. Max. memory is 11.5 GB. [2020-07-29 01:05:47,984 INFO L168 Benchmark]: CDTParser took 0.28 ms. Allocated memory is still 1.0 GB. Free memory is still 981.7 MB. There was no memory consumed. Max. memory is 11.5 GB. [2020-07-29 01:05:47,986 INFO L168 Benchmark]: CACSL2BoogieTranslator took 612.13 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 134.2 MB). Free memory was 945.5 MB in the beginning and 1.1 GB in the end (delta: -170.7 MB). Peak memory consumption was 20.8 MB. Max. memory is 11.5 GB. [2020-07-29 01:05:47,990 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.28 ms. Allocated memory is still 1.0 GB. Free memory is still 981.7 MB. There was no memory consumed. Max. memory is 11.5 GB. * CACSL2BoogieTranslator took 612.13 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 134.2 MB). Free memory was 945.5 MB in the beginning and 1.1 GB in the end (delta: -170.7 MB). Peak memory consumption was 20.8 MB. Max. memory is 11.5 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - UnsupportedSyntaxResult [Line: 576]: Unsupported Syntax Found a cast between two array/pointer types where the value type is smaller than the cast-to type while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request... ### Bit-precise run ### This is Ultimate 0.1.25-8bd4bc6 [2020-07-29 01:05:49,846 INFO L177 SettingsManager]: Resetting all preferences to default values... [2020-07-29 01:05:49,848 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2020-07-29 01:05:49,859 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2020-07-29 01:05:49,860 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2020-07-29 01:05:49,861 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2020-07-29 01:05:49,863 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2020-07-29 01:05:49,864 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2020-07-29 01:05:49,866 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2020-07-29 01:05:49,867 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2020-07-29 01:05:49,869 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2020-07-29 01:05:49,870 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2020-07-29 01:05:49,870 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2020-07-29 01:05:49,871 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2020-07-29 01:05:49,873 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2020-07-29 01:05:49,874 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2020-07-29 01:05:49,875 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2020-07-29 01:05:49,876 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2020-07-29 01:05:49,878 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2020-07-29 01:05:49,880 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2020-07-29 01:05:49,882 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2020-07-29 01:05:49,884 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2020-07-29 01:05:49,885 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2020-07-29 01:05:49,886 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2020-07-29 01:05:49,889 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2020-07-29 01:05:49,889 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2020-07-29 01:05:49,890 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2020-07-29 01:05:49,891 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2020-07-29 01:05:49,891 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2020-07-29 01:05:49,893 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2020-07-29 01:05:49,893 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2020-07-29 01:05:49,894 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2020-07-29 01:05:49,895 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2020-07-29 01:05:49,896 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2020-07-29 01:05:49,897 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2020-07-29 01:05:49,897 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2020-07-29 01:05:49,898 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2020-07-29 01:05:49,898 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2020-07-29 01:05:49,899 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2020-07-29 01:05:49,900 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2020-07-29 01:05:49,901 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2020-07-29 01:05:49,902 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf [2020-07-29 01:05:49,917 INFO L113 SettingsManager]: Loading preferences was successful [2020-07-29 01:05:49,917 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2020-07-29 01:05:49,919 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2020-07-29 01:05:49,919 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2020-07-29 01:05:49,919 INFO L138 SettingsManager]: * Use SBE=true [2020-07-29 01:05:49,920 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2020-07-29 01:05:49,920 INFO L138 SettingsManager]: * sizeof long=4 [2020-07-29 01:05:49,920 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2020-07-29 01:05:49,920 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2020-07-29 01:05:49,921 INFO L138 SettingsManager]: * sizeof POINTER=4 [2020-07-29 01:05:49,921 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2020-07-29 01:05:49,921 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2020-07-29 01:05:49,922 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2020-07-29 01:05:49,922 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2020-07-29 01:05:49,922 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2020-07-29 01:05:49,922 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2020-07-29 01:05:49,923 INFO L138 SettingsManager]: * Use bitvectors instead of ints=true [2020-07-29 01:05:49,923 INFO L138 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2020-07-29 01:05:49,923 INFO L138 SettingsManager]: * sizeof long double=12 [2020-07-29 01:05:49,924 INFO L138 SettingsManager]: * Use constant arrays=true [2020-07-29 01:05:49,924 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2020-07-29 01:05:49,924 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2020-07-29 01:05:49,925 INFO L138 SettingsManager]: * To the following directory=./dump/ [2020-07-29 01:05:49,925 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2020-07-29 01:05:49,925 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-29 01:05:49,925 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2020-07-29 01:05:49,926 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2020-07-29 01:05:49,926 INFO L138 SettingsManager]: * Trace refinement strategy=WOLF [2020-07-29 01:05:49,928 INFO L138 SettingsManager]: * Command for external solver=cvc4 --incremental --rewrite-divk --print-success --lang smt [2020-07-29 01:05:49,928 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2020-07-29 01:05:49,929 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2020-07-29 01:05:49,929 INFO L138 SettingsManager]: * Logic for external solver=AUFBV Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 34250e9d8f469697cb8850c8aa9214fde887cb00 [2020-07-29 01:05:50,262 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2020-07-29 01:05:50,285 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2020-07-29 01:05:50,289 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2020-07-29 01:05:50,291 INFO L271 PluginConnector]: Initializing CDTParser... [2020-07-29 01:05:50,293 INFO L275 PluginConnector]: CDTParser initialized [2020-07-29 01:05:50,294 INFO L429 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ldv-memsafety/memleaks_test3-2.i [2020-07-29 01:05:50,357 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5ac77b74f/40a2db3ea38340d2a436dbcfbb8b8957/FLAG234f3c3f8 [2020-07-29 01:05:50,945 INFO L306 CDTParser]: Found 1 translation units. [2020-07-29 01:05:50,946 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ldv-memsafety/memleaks_test3-2.i [2020-07-29 01:05:50,964 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5ac77b74f/40a2db3ea38340d2a436dbcfbb8b8957/FLAG234f3c3f8 [2020-07-29 01:05:51,200 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5ac77b74f/40a2db3ea38340d2a436dbcfbb8b8957 [2020-07-29 01:05:51,204 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2020-07-29 01:05:51,208 INFO L131 ToolchainWalker]: Walking toolchain with 5 elements. [2020-07-29 01:05:51,210 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2020-07-29 01:05:51,210 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2020-07-29 01:05:51,213 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2020-07-29 01:05:51,215 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 29.07 01:05:51" (1/1) ... [2020-07-29 01:05:51,218 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@32c04553 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:51, skipping insertion in model container [2020-07-29 01:05:51,219 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 29.07 01:05:51" (1/1) ... [2020-07-29 01:05:51,227 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2020-07-29 01:05:51,268 INFO L178 MainTranslator]: Built tables and reachable declarations [2020-07-29 01:05:51,858 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-29 01:05:51,892 INFO L200 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2020-07-29 01:05:51,907 INFO L178 MainTranslator]: Built tables and reachable declarations [2020-07-29 01:05:51,990 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-29 01:05:52,006 INFO L203 MainTranslator]: Completed pre-run [2020-07-29 01:05:52,098 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-29 01:05:52,196 INFO L208 MainTranslator]: Completed translation [2020-07-29 01:05:52,196 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:52 WrapperNode [2020-07-29 01:05:52,197 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2020-07-29 01:05:52,198 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2020-07-29 01:05:52,198 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2020-07-29 01:05:52,198 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2020-07-29 01:05:52,210 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:52" (1/1) ... [2020-07-29 01:05:52,212 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:52" (1/1) ... [2020-07-29 01:05:52,243 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:52" (1/1) ... [2020-07-29 01:05:52,244 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:52" (1/1) ... [2020-07-29 01:05:52,326 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:52" (1/1) ... [2020-07-29 01:05:52,332 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:52" (1/1) ... [2020-07-29 01:05:52,339 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:52" (1/1) ... [2020-07-29 01:05:52,351 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2020-07-29 01:05:52,351 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2020-07-29 01:05:52,352 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2020-07-29 01:05:52,352 INFO L275 PluginConnector]: RCFGBuilder initialized [2020-07-29 01:05:52,353 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:52" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-29 01:05:52,428 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2020-07-29 01:05:52,429 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2020-07-29 01:05:52,430 INFO L138 BoogieDeclarations]: Found implementation of procedure ##fun~$Pointer$~TO~VOID [2020-07-29 01:05:52,430 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.setCurrentRoundingMode [2020-07-29 01:05:52,431 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_32 [2020-07-29 01:05:52,431 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_64 [2020-07-29 01:05:52,431 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint16_identity [2020-07-29 01:05:52,431 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint32_identity [2020-07-29 01:05:52,432 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint64_identity [2020-07-29 01:05:52,432 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_nonpositive [2020-07-29 01:05:52,432 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_positive [2020-07-29 01:05:52,432 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_malloc [2020-07-29 01:05:52,433 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_zalloc [2020-07-29 01:05:52,433 INFO L138 BoogieDeclarations]: Found implementation of procedure LDV_INIT_LIST_HEAD [2020-07-29 01:05:52,433 INFO L138 BoogieDeclarations]: Found implementation of procedure __ldv_list_add [2020-07-29 01:05:52,433 INFO L138 BoogieDeclarations]: Found implementation of procedure __ldv_list_del [2020-07-29 01:05:52,433 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_list_add [2020-07-29 01:05:52,434 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_list_add_tail [2020-07-29 01:05:52,434 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_list_del [2020-07-29 01:05:52,434 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_msg_alloc [2020-07-29 01:05:52,434 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_msg_fill [2020-07-29 01:05:52,435 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_msg_free [2020-07-29 01:05:52,435 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_submit_msg [2020-07-29 01:05:52,435 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_destroy_msgs [2020-07-29 01:05:52,436 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_dev_get_drvdata [2020-07-29 01:05:52,436 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_dev_set_drvdata [2020-07-29 01:05:52,436 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_atomic_add_return [2020-07-29 01:05:52,436 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_atomic_sub_return [2020-07-29 01:05:52,436 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kref_sub [2020-07-29 01:05:52,436 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kref_init [2020-07-29 01:05:52,436 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kref_get [2020-07-29 01:05:52,437 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kref_put [2020-07-29 01:05:52,437 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kobject_del [2020-07-29 01:05:52,437 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kobject_cleanup [2020-07-29 01:05:52,437 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kobject_release [2020-07-29 01:05:52,437 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kobject_put [2020-07-29 01:05:52,437 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kobject_get [2020-07-29 01:05:52,437 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kobject_init_internal [2020-07-29 01:05:52,437 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kobject_init [2020-07-29 01:05:52,438 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_kobject_create [2020-07-29 01:05:52,438 INFO L138 BoogieDeclarations]: Found implementation of procedure f [2020-07-29 01:05:52,438 INFO L138 BoogieDeclarations]: Found implementation of procedure g [2020-07-29 01:05:52,438 INFO L138 BoogieDeclarations]: Found implementation of procedure h_safe [2020-07-29 01:05:52,439 INFO L138 BoogieDeclarations]: Found implementation of procedure entry_point [2020-07-29 01:05:52,439 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2020-07-29 01:05:52,439 INFO L138 BoogieDeclarations]: Found implementation of procedure #Ultimate.C_memset [2020-07-29 01:05:52,439 INFO L138 BoogieDeclarations]: Found implementation of procedure #Ultimate.meminit [2020-07-29 01:05:52,439 INFO L138 BoogieDeclarations]: Found implementation of procedure #Ultimate.C_memcpy [2020-07-29 01:05:52,439 INFO L130 BoogieDeclarations]: Found specification of procedure __ctype_get_mb_cur_max [2020-07-29 01:05:52,440 INFO L130 BoogieDeclarations]: Found specification of procedure atof [2020-07-29 01:05:52,440 INFO L130 BoogieDeclarations]: Found specification of procedure atoi [2020-07-29 01:05:52,440 INFO L130 BoogieDeclarations]: Found specification of procedure atol [2020-07-29 01:05:52,440 INFO L130 BoogieDeclarations]: Found specification of procedure atoll [2020-07-29 01:05:52,440 INFO L130 BoogieDeclarations]: Found specification of procedure strtod [2020-07-29 01:05:52,440 INFO L130 BoogieDeclarations]: Found specification of procedure strtof [2020-07-29 01:05:52,440 INFO L130 BoogieDeclarations]: Found specification of procedure strtold [2020-07-29 01:05:52,441 INFO L130 BoogieDeclarations]: Found specification of procedure strtol [2020-07-29 01:05:52,441 INFO L130 BoogieDeclarations]: Found specification of procedure strtoul [2020-07-29 01:05:52,441 INFO L130 BoogieDeclarations]: Found specification of procedure strtoq [2020-07-29 01:05:52,441 INFO L130 BoogieDeclarations]: Found specification of procedure strtouq [2020-07-29 01:05:52,441 INFO L130 BoogieDeclarations]: Found specification of procedure strtoll [2020-07-29 01:05:52,442 INFO L130 BoogieDeclarations]: Found specification of procedure strtoull [2020-07-29 01:05:52,442 INFO L130 BoogieDeclarations]: Found specification of procedure l64a [2020-07-29 01:05:52,442 INFO L130 BoogieDeclarations]: Found specification of procedure a64l [2020-07-29 01:05:52,442 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_32 [2020-07-29 01:05:52,443 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_64 [2020-07-29 01:05:52,443 INFO L130 BoogieDeclarations]: Found specification of procedure __uint16_identity [2020-07-29 01:05:52,443 INFO L130 BoogieDeclarations]: Found specification of procedure __uint32_identity [2020-07-29 01:05:52,443 INFO L130 BoogieDeclarations]: Found specification of procedure __uint64_identity [2020-07-29 01:05:52,443 INFO L130 BoogieDeclarations]: Found specification of procedure select [2020-07-29 01:05:52,444 INFO L130 BoogieDeclarations]: Found specification of procedure pselect [2020-07-29 01:05:52,444 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_major [2020-07-29 01:05:52,444 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_minor [2020-07-29 01:05:52,444 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_makedev [2020-07-29 01:05:52,445 INFO L130 BoogieDeclarations]: Found specification of procedure random [2020-07-29 01:05:52,445 INFO L130 BoogieDeclarations]: Found specification of procedure srandom [2020-07-29 01:05:52,445 INFO L130 BoogieDeclarations]: Found specification of procedure initstate [2020-07-29 01:05:52,445 INFO L130 BoogieDeclarations]: Found specification of procedure setstate [2020-07-29 01:05:52,445 INFO L130 BoogieDeclarations]: Found specification of procedure random_r [2020-07-29 01:05:52,446 INFO L130 BoogieDeclarations]: Found specification of procedure srandom_r [2020-07-29 01:05:52,446 INFO L130 BoogieDeclarations]: Found specification of procedure initstate_r [2020-07-29 01:05:52,446 INFO L130 BoogieDeclarations]: Found specification of procedure setstate_r [2020-07-29 01:05:52,446 INFO L130 BoogieDeclarations]: Found specification of procedure rand [2020-07-29 01:05:52,446 INFO L130 BoogieDeclarations]: Found specification of procedure srand [2020-07-29 01:05:52,447 INFO L130 BoogieDeclarations]: Found specification of procedure rand_r [2020-07-29 01:05:52,447 INFO L130 BoogieDeclarations]: Found specification of procedure drand48 [2020-07-29 01:05:52,447 INFO L130 BoogieDeclarations]: Found specification of procedure erand48 [2020-07-29 01:05:52,447 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48 [2020-07-29 01:05:52,447 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48 [2020-07-29 01:05:52,448 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48 [2020-07-29 01:05:52,448 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48 [2020-07-29 01:05:52,448 INFO L130 BoogieDeclarations]: Found specification of procedure srand48 [2020-07-29 01:05:52,448 INFO L130 BoogieDeclarations]: Found specification of procedure seed48 [2020-07-29 01:05:52,448 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48 [2020-07-29 01:05:52,449 INFO L130 BoogieDeclarations]: Found specification of procedure drand48_r [2020-07-29 01:05:52,449 INFO L130 BoogieDeclarations]: Found specification of procedure erand48_r [2020-07-29 01:05:52,449 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48_r [2020-07-29 01:05:52,449 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48_r [2020-07-29 01:05:52,449 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48_r [2020-07-29 01:05:52,450 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48_r [2020-07-29 01:05:52,450 INFO L130 BoogieDeclarations]: Found specification of procedure srand48_r [2020-07-29 01:05:52,450 INFO L130 BoogieDeclarations]: Found specification of procedure seed48_r [2020-07-29 01:05:52,450 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48_r [2020-07-29 01:05:52,450 INFO L130 BoogieDeclarations]: Found specification of procedure malloc [2020-07-29 01:05:52,451 INFO L130 BoogieDeclarations]: Found specification of procedure calloc [2020-07-29 01:05:52,451 INFO L130 BoogieDeclarations]: Found specification of procedure realloc [2020-07-29 01:05:52,451 INFO L130 BoogieDeclarations]: Found specification of procedure free [2020-07-29 01:05:52,451 INFO L130 BoogieDeclarations]: Found specification of procedure alloca [2020-07-29 01:05:52,451 INFO L130 BoogieDeclarations]: Found specification of procedure valloc [2020-07-29 01:05:52,452 INFO L130 BoogieDeclarations]: Found specification of procedure posix_memalign [2020-07-29 01:05:52,452 INFO L130 BoogieDeclarations]: Found specification of procedure aligned_alloc [2020-07-29 01:05:52,452 INFO L130 BoogieDeclarations]: Found specification of procedure abort [2020-07-29 01:05:52,452 INFO L130 BoogieDeclarations]: Found specification of procedure atexit [2020-07-29 01:05:52,452 INFO L130 BoogieDeclarations]: Found specification of procedure at_quick_exit [2020-07-29 01:05:52,453 INFO L130 BoogieDeclarations]: Found specification of procedure on_exit [2020-07-29 01:05:52,453 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2020-07-29 01:05:52,453 INFO L130 BoogieDeclarations]: Found specification of procedure quick_exit [2020-07-29 01:05:52,453 INFO L130 BoogieDeclarations]: Found specification of procedure _Exit [2020-07-29 01:05:52,453 INFO L130 BoogieDeclarations]: Found specification of procedure getenv [2020-07-29 01:05:52,454 INFO L130 BoogieDeclarations]: Found specification of procedure putenv [2020-07-29 01:05:52,454 INFO L130 BoogieDeclarations]: Found specification of procedure setenv [2020-07-29 01:05:52,454 INFO L130 BoogieDeclarations]: Found specification of procedure unsetenv [2020-07-29 01:05:52,454 INFO L130 BoogieDeclarations]: Found specification of procedure clearenv [2020-07-29 01:05:52,454 INFO L130 BoogieDeclarations]: Found specification of procedure mktemp [2020-07-29 01:05:52,455 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemp [2020-07-29 01:05:52,455 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemps [2020-07-29 01:05:52,455 INFO L130 BoogieDeclarations]: Found specification of procedure mkdtemp [2020-07-29 01:05:52,455 INFO L130 BoogieDeclarations]: Found specification of procedure system [2020-07-29 01:05:52,456 INFO L130 BoogieDeclarations]: Found specification of procedure realpath [2020-07-29 01:05:52,456 INFO L130 BoogieDeclarations]: Found specification of procedure bsearch [2020-07-29 01:05:52,456 INFO L130 BoogieDeclarations]: Found specification of procedure qsort [2020-07-29 01:05:52,456 INFO L130 BoogieDeclarations]: Found specification of procedure abs [2020-07-29 01:05:52,456 INFO L130 BoogieDeclarations]: Found specification of procedure labs [2020-07-29 01:05:52,457 INFO L130 BoogieDeclarations]: Found specification of procedure llabs [2020-07-29 01:05:52,457 INFO L130 BoogieDeclarations]: Found specification of procedure div [2020-07-29 01:05:52,457 INFO L130 BoogieDeclarations]: Found specification of procedure ldiv [2020-07-29 01:05:52,457 INFO L130 BoogieDeclarations]: Found specification of procedure lldiv [2020-07-29 01:05:52,457 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt [2020-07-29 01:05:52,458 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt [2020-07-29 01:05:52,458 INFO L130 BoogieDeclarations]: Found specification of procedure gcvt [2020-07-29 01:05:52,458 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt [2020-07-29 01:05:52,458 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt [2020-07-29 01:05:52,459 INFO L130 BoogieDeclarations]: Found specification of procedure qgcvt [2020-07-29 01:05:52,459 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt_r [2020-07-29 01:05:52,459 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt_r [2020-07-29 01:05:52,459 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt_r [2020-07-29 01:05:52,459 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt_r [2020-07-29 01:05:52,460 INFO L130 BoogieDeclarations]: Found specification of procedure mblen [2020-07-29 01:05:52,460 INFO L130 BoogieDeclarations]: Found specification of procedure mbtowc [2020-07-29 01:05:52,460 INFO L130 BoogieDeclarations]: Found specification of procedure wctomb [2020-07-29 01:05:52,460 INFO L130 BoogieDeclarations]: Found specification of procedure mbstowcs [2020-07-29 01:05:52,460 INFO L130 BoogieDeclarations]: Found specification of procedure wcstombs [2020-07-29 01:05:52,461 INFO L130 BoogieDeclarations]: Found specification of procedure rpmatch [2020-07-29 01:05:52,461 INFO L130 BoogieDeclarations]: Found specification of procedure getsubopt [2020-07-29 01:05:52,461 INFO L130 BoogieDeclarations]: Found specification of procedure getloadavg [2020-07-29 01:05:52,461 INFO L130 BoogieDeclarations]: Found specification of procedure kfree [2020-07-29 01:05:52,462 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_int [2020-07-29 01:05:52,462 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_nonpositive [2020-07-29 01:05:52,462 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_positive [2020-07-29 01:05:52,462 INFO L130 BoogieDeclarations]: Found specification of procedure memcpy [2020-07-29 01:05:52,462 INFO L130 BoogieDeclarations]: Found specification of procedure memset [2020-07-29 01:05:52,463 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_malloc [2020-07-29 01:05:52,463 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2020-07-29 01:05:52,463 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_zalloc [2020-07-29 01:05:52,463 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.meminit [2020-07-29 01:05:52,463 INFO L130 BoogieDeclarations]: Found specification of procedure LDV_INIT_LIST_HEAD [2020-07-29 01:05:52,464 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2020-07-29 01:05:52,464 INFO L130 BoogieDeclarations]: Found specification of procedure __ldv_list_add [2020-07-29 01:05:52,464 INFO L130 BoogieDeclarations]: Found specification of procedure __ldv_list_del [2020-07-29 01:05:52,464 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_list_add [2020-07-29 01:05:52,465 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2020-07-29 01:05:52,465 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_list_add_tail [2020-07-29 01:05:52,465 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_list_del [2020-07-29 01:05:52,465 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_msg_alloc [2020-07-29 01:05:52,465 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_msg_fill [2020-07-29 01:05:52,466 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.C_memcpy [2020-07-29 01:05:52,466 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_msg_free [2020-07-29 01:05:52,466 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2020-07-29 01:05:52,466 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_submit_msg [2020-07-29 01:05:52,467 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_destroy_msgs [2020-07-29 01:05:52,467 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_dev_get_drvdata [2020-07-29 01:05:52,467 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_dev_set_drvdata [2020-07-29 01:05:52,467 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_atomic_add_return [2020-07-29 01:05:52,467 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE4 [2020-07-29 01:05:52,468 INFO L130 BoogieDeclarations]: Found specification of procedure write~intINTTYPE4 [2020-07-29 01:05:52,468 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_atomic_sub_return [2020-07-29 01:05:52,468 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kref_sub [2020-07-29 01:05:52,468 INFO L130 BoogieDeclarations]: Found specification of procedure ##fun~$Pointer$~TO~VOID [2020-07-29 01:05:52,469 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kref_init [2020-07-29 01:05:52,469 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kref_get [2020-07-29 01:05:52,469 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kref_put [2020-07-29 01:05:52,469 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kobject_del [2020-07-29 01:05:52,469 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kobject_cleanup [2020-07-29 01:05:52,470 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kobject_release [2020-07-29 01:05:52,470 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kobject_put [2020-07-29 01:05:52,470 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kobject_get [2020-07-29 01:05:52,470 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kobject_init_internal [2020-07-29 01:05:52,471 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kobject_init [2020-07-29 01:05:52,471 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_kobject_create [2020-07-29 01:05:52,471 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.C_memset [2020-07-29 01:05:52,471 INFO L130 BoogieDeclarations]: Found specification of procedure f [2020-07-29 01:05:52,472 INFO L130 BoogieDeclarations]: Found specification of procedure g [2020-07-29 01:05:52,472 INFO L130 BoogieDeclarations]: Found specification of procedure h_safe [2020-07-29 01:05:52,472 INFO L130 BoogieDeclarations]: Found specification of procedure entry_point [2020-07-29 01:05:52,472 INFO L130 BoogieDeclarations]: Found specification of procedure main [2020-07-29 01:05:52,472 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2020-07-29 01:05:52,473 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnStack [2020-07-29 01:05:52,473 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$ [2020-07-29 01:05:52,473 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2020-07-29 01:05:52,473 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.setCurrentRoundingMode [2020-07-29 01:05:52,474 INFO L130 BoogieDeclarations]: Found specification of procedure write~unchecked~intINTTYPE4 [2020-07-29 01:05:52,474 INFO L130 BoogieDeclarations]: Found specification of procedure read~unchecked~intINTTYPE4 [2020-07-29 01:05:52,474 INFO L130 BoogieDeclarations]: Found specification of procedure write~unchecked~$Pointer$ [2020-07-29 01:05:52,474 INFO L130 BoogieDeclarations]: Found specification of procedure read~unchecked~$Pointer$ [2020-07-29 01:05:53,248 WARN L775 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2020-07-29 01:05:53,758 WARN L775 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2020-07-29 01:05:54,274 INFO L290 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2020-07-29 01:05:54,274 INFO L295 CfgBuilder]: Removed 1 assume(true) statements. [2020-07-29 01:05:54,278 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 01:05:54 BoogieIcfgContainer [2020-07-29 01:05:54,279 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2020-07-29 01:05:54,280 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2020-07-29 01:05:54,281 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2020-07-29 01:05:54,284 INFO L275 PluginConnector]: TraceAbstraction initialized [2020-07-29 01:05:54,285 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 29.07 01:05:51" (1/3) ... [2020-07-29 01:05:54,286 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2c0fa83b and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 29.07 01:05:54, skipping insertion in model container [2020-07-29 01:05:54,286 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 01:05:52" (2/3) ... [2020-07-29 01:05:54,286 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2c0fa83b and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 29.07 01:05:54, skipping insertion in model container [2020-07-29 01:05:54,286 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 01:05:54" (3/3) ... [2020-07-29 01:05:54,288 INFO L109 eAbstractionObserver]: Analyzing ICFG memleaks_test3-2.i [2020-07-29 01:05:54,303 INFO L157 ceAbstractionStarter]: Automizer settings: Hoare:false NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2020-07-29 01:05:54,312 INFO L169 ceAbstractionStarter]: Appying trace abstraction to program that has 74 error locations. [2020-07-29 01:05:54,331 INFO L251 AbstractCegarLoop]: Starting to check reachability of 74 error locations. [2020-07-29 01:05:54,358 INFO L375 AbstractCegarLoop]: Interprodecural is true [2020-07-29 01:05:54,359 INFO L376 AbstractCegarLoop]: Hoare is false [2020-07-29 01:05:54,359 INFO L377 AbstractCegarLoop]: Compute interpolants for FPandBP [2020-07-29 01:05:54,359 INFO L378 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2020-07-29 01:05:54,359 INFO L379 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2020-07-29 01:05:54,359 INFO L380 AbstractCegarLoop]: Difference is false [2020-07-29 01:05:54,359 INFO L381 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2020-07-29 01:05:54,360 INFO L385 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2020-07-29 01:05:54,376 INFO L276 IsEmpty]: Start isEmpty. Operand 100 states. [2020-07-29 01:05:54,386 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 19 [2020-07-29 01:05:54,386 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 01:05:54,387 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 01:05:54,388 INFO L427 AbstractCegarLoop]: === Iteration 1 === [ldv_kref_initErr0REQUIRES_VIOLATION, ldv_kref_initErr1REQUIRES_VIOLATION, ldv_list_addErr1REQUIRES_VIOLATION, ldv_list_addErr0REQUIRES_VIOLATION, ldv_kobject_createErr1REQUIRES_VIOLATION, ldv_kobject_createErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr4REQUIRES_VIOLATION, ldv_destroy_msgsErr3REQUIRES_VIOLATION, ldv_destroy_msgsErr2REQUIRES_VIOLATION, ldv_destroy_msgsErr1REQUIRES_VIOLATION, ldv_destroy_msgsErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr5REQUIRES_VIOLATION, ldv_msg_fillErr1REQUIRES_VIOLATION, ldv_msg_fillErr5REQUIRES_VIOLATION, ldv_msg_fillErr0REQUIRES_VIOLATION, ldv_msg_fillErr4REQUIRES_VIOLATION, ldv_msg_fillErr2REQUIRES_VIOLATION, ldv_msg_fillErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr1REQUIRES_VIOLATION, ldv_atomic_add_returnErr0REQUIRES_VIOLATION, ldv_atomic_add_returnErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr2REQUIRES_VIOLATION, __ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_delErr1REQUIRES_VIOLATION, __ldv_list_delErr2REQUIRES_VIOLATION, __ldv_list_delErr3REQUIRES_VIOLATION, ldv_kobject_cleanupErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr1REQUIRES_VIOLATION, ldv_kobject_cleanupErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr0REQUIRES_VIOLATION, ldv_kobject_cleanupErr3ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr0ENSURES_VIOLATIONMEMORY_LEAK, LDV_INIT_LIST_HEADErr2REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr3REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr0REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr1REQUIRES_VIOLATION, ldv_list_delErr2REQUIRES_VIOLATION, ldv_list_delErr1REQUIRES_VIOLATION, ldv_list_delErr3REQUIRES_VIOLATION, ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_addErr5REQUIRES_VIOLATION, __ldv_list_addErr0REQUIRES_VIOLATION, __ldv_list_addErr1REQUIRES_VIOLATION, __ldv_list_addErr6REQUIRES_VIOLATION, __ldv_list_addErr7REQUIRES_VIOLATION, __ldv_list_addErr2REQUIRES_VIOLATION, __ldv_list_addErr3REQUIRES_VIOLATION, __ldv_list_addErr4REQUIRES_VIOLATION, ldv_dev_set_drvdataErr0REQUIRES_VIOLATION, ldv_dev_set_drvdataErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr0REQUIRES_VIOLATION, ldv_atomic_sub_returnErr3REQUIRES_VIOLATION, ldv_atomic_sub_returnErr2REQUIRES_VIOLATION, ldv_list_add_tailErr0REQUIRES_VIOLATION, ldv_list_add_tailErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr0REQUIRES_VIOLATION, entry_pointErr2ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr1ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr0ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_allocErr0REQUIRES_VIOLATION, ldv_msg_allocErr1REQUIRES_VIOLATION]=== [2020-07-29 01:05:54,394 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 01:05:54,394 INFO L82 PathProgramCache]: Analyzing trace with hash -1115971593, now seen corresponding path program 1 times [2020-07-29 01:05:54,409 INFO L163 FreeRefinementEngine]: Executing refinement strategy WOLF [2020-07-29 01:05:54,409 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [115294721] [2020-07-29 01:05:54,410 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat Starting monitored process 2 with mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with mathsat -unsat_core_generation=3 [2020-07-29 01:05:54,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:05:54,599 INFO L263 TraceCheckSpWp]: Trace formula consists of 75 conjuncts, 7 conjunts are in the unsatisfiable core [2020-07-29 01:05:54,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:05:54,625 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 01:05:54,752 INFO L263 TraceCheckUtils]: 0: Hoare triple {103#true} call ULTIMATE.init(); {103#true} is VALID [2020-07-29 01:05:54,753 INFO L280 TraceCheckUtils]: 1: Hoare triple {103#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {103#true} is VALID [2020-07-29 01:05:54,753 INFO L280 TraceCheckUtils]: 2: Hoare triple {103#true} assume true; {103#true} is VALID [2020-07-29 01:05:54,754 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {103#true} {103#true} #453#return; {103#true} is VALID [2020-07-29 01:05:54,754 INFO L263 TraceCheckUtils]: 4: Hoare triple {103#true} call main(); {103#true} is VALID [2020-07-29 01:05:54,754 INFO L263 TraceCheckUtils]: 5: Hoare triple {103#true} call entry_point(); {103#true} is VALID [2020-07-29 01:05:54,755 INFO L263 TraceCheckUtils]: 6: Hoare triple {103#true} call #t~ret39.base, #t~ret39.offset := h_safe(); {103#true} is VALID [2020-07-29 01:05:54,755 INFO L263 TraceCheckUtils]: 7: Hoare triple {103#true} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {103#true} is VALID [2020-07-29 01:05:54,756 INFO L280 TraceCheckUtils]: 8: Hoare triple {103#true} ~size := #in~size; {103#true} is VALID [2020-07-29 01:05:54,757 INFO L280 TraceCheckUtils]: 9: Hoare triple {103#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset; {135#(= (_ bv0 32) |ldv_malloc_#res.offset|)} is VALID [2020-07-29 01:05:54,758 INFO L280 TraceCheckUtils]: 10: Hoare triple {135#(= (_ bv0 32) |ldv_malloc_#res.offset|)} assume true; {135#(= (_ bv0 32) |ldv_malloc_#res.offset|)} is VALID [2020-07-29 01:05:54,760 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {135#(= (_ bv0 32) |ldv_malloc_#res.offset|)} {103#true} #445#return; {142#(= (_ bv0 32) |h_safe_#t~ret38.offset|)} is VALID [2020-07-29 01:05:54,761 INFO L280 TraceCheckUtils]: 12: Hoare triple {142#(= (_ bv0 32) |h_safe_#t~ret38.offset|)} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {146#(= (_ bv0 32) |h_safe_#res.offset|)} is VALID [2020-07-29 01:05:54,762 INFO L280 TraceCheckUtils]: 13: Hoare triple {146#(= (_ bv0 32) |h_safe_#res.offset|)} assume true; {146#(= (_ bv0 32) |h_safe_#res.offset|)} is VALID [2020-07-29 01:05:54,763 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {146#(= (_ bv0 32) |h_safe_#res.offset|)} {103#true} #441#return; {153#(= |entry_point_#t~ret39.offset| (_ bv0 32))} is VALID [2020-07-29 01:05:54,764 INFO L280 TraceCheckUtils]: 15: Hoare triple {153#(= |entry_point_#t~ret39.offset| (_ bv0 32))} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {157#(= (_ bv0 32) entry_point_~p~0.offset)} is VALID [2020-07-29 01:05:54,765 INFO L280 TraceCheckUtils]: 16: Hoare triple {157#(= (_ bv0 32) entry_point_~p~0.offset)} assume ~p~0.base != 0bv32 || ~p~0.offset != 0bv32; {157#(= (_ bv0 32) entry_point_~p~0.offset)} is VALID [2020-07-29 01:05:54,766 INFO L280 TraceCheckUtils]: 17: Hoare triple {157#(= (_ bv0 32) entry_point_~p~0.offset)} assume !(0bv32 == ~p~0.offset); {104#false} is VALID [2020-07-29 01:05:54,771 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:05:54,771 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2020-07-29 01:05:54,957 INFO L280 TraceCheckUtils]: 17: Hoare triple {157#(= (_ bv0 32) entry_point_~p~0.offset)} assume !(0bv32 == ~p~0.offset); {104#false} is VALID [2020-07-29 01:05:54,958 INFO L280 TraceCheckUtils]: 16: Hoare triple {157#(= (_ bv0 32) entry_point_~p~0.offset)} assume ~p~0.base != 0bv32 || ~p~0.offset != 0bv32; {157#(= (_ bv0 32) entry_point_~p~0.offset)} is VALID [2020-07-29 01:05:54,960 INFO L280 TraceCheckUtils]: 15: Hoare triple {153#(= |entry_point_#t~ret39.offset| (_ bv0 32))} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {157#(= (_ bv0 32) entry_point_~p~0.offset)} is VALID [2020-07-29 01:05:54,961 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {146#(= (_ bv0 32) |h_safe_#res.offset|)} {103#true} #441#return; {153#(= |entry_point_#t~ret39.offset| (_ bv0 32))} is VALID [2020-07-29 01:05:54,962 INFO L280 TraceCheckUtils]: 13: Hoare triple {146#(= (_ bv0 32) |h_safe_#res.offset|)} assume true; {146#(= (_ bv0 32) |h_safe_#res.offset|)} is VALID [2020-07-29 01:05:54,964 INFO L280 TraceCheckUtils]: 12: Hoare triple {142#(= (_ bv0 32) |h_safe_#t~ret38.offset|)} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {146#(= (_ bv0 32) |h_safe_#res.offset|)} is VALID [2020-07-29 01:05:54,965 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {135#(= (_ bv0 32) |ldv_malloc_#res.offset|)} {103#true} #445#return; {142#(= (_ bv0 32) |h_safe_#t~ret38.offset|)} is VALID [2020-07-29 01:05:54,966 INFO L280 TraceCheckUtils]: 10: Hoare triple {135#(= (_ bv0 32) |ldv_malloc_#res.offset|)} assume true; {135#(= (_ bv0 32) |ldv_malloc_#res.offset|)} is VALID [2020-07-29 01:05:54,968 INFO L280 TraceCheckUtils]: 9: Hoare triple {103#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset; {135#(= (_ bv0 32) |ldv_malloc_#res.offset|)} is VALID [2020-07-29 01:05:54,968 INFO L280 TraceCheckUtils]: 8: Hoare triple {103#true} ~size := #in~size; {103#true} is VALID [2020-07-29 01:05:54,969 INFO L263 TraceCheckUtils]: 7: Hoare triple {103#true} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {103#true} is VALID [2020-07-29 01:05:54,969 INFO L263 TraceCheckUtils]: 6: Hoare triple {103#true} call #t~ret39.base, #t~ret39.offset := h_safe(); {103#true} is VALID [2020-07-29 01:05:54,969 INFO L263 TraceCheckUtils]: 5: Hoare triple {103#true} call entry_point(); {103#true} is VALID [2020-07-29 01:05:54,969 INFO L263 TraceCheckUtils]: 4: Hoare triple {103#true} call main(); {103#true} is VALID [2020-07-29 01:05:54,970 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {103#true} {103#true} #453#return; {103#true} is VALID [2020-07-29 01:05:54,970 INFO L280 TraceCheckUtils]: 2: Hoare triple {103#true} assume true; {103#true} is VALID [2020-07-29 01:05:54,971 INFO L280 TraceCheckUtils]: 1: Hoare triple {103#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {103#true} is VALID [2020-07-29 01:05:54,971 INFO L263 TraceCheckUtils]: 0: Hoare triple {103#true} call ULTIMATE.init(); {103#true} is VALID [2020-07-29 01:05:54,972 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:05:54,974 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [115294721] [2020-07-29 01:05:54,975 INFO L220 FreeRefinementEngine]: Constructing automaton from 2 perfect and 0 imperfect interpolant sequences. [2020-07-29 01:05:54,975 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6, 6] imperfect sequences [] total 6 [2020-07-29 01:05:54,976 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2046507198] [2020-07-29 01:05:54,984 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 18 [2020-07-29 01:05:54,987 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 01:05:54,991 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states. [2020-07-29 01:05:55,029 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 18 edges. 18 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 01:05:55,029 INFO L459 AbstractCegarLoop]: Interpolant automaton has 7 states [2020-07-29 01:05:55,030 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2020-07-29 01:05:55,040 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2020-07-29 01:05:55,041 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2020-07-29 01:05:55,044 INFO L87 Difference]: Start difference. First operand 100 states. Second operand 7 states. [2020-07-29 01:05:55,340 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:55,340 INFO L93 Difference]: Finished difference Result 29 states and 30 transitions. [2020-07-29 01:05:55,341 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2020-07-29 01:05:55,341 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 18 [2020-07-29 01:05:55,341 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 01:05:55,343 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 01:05:55,355 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 31 transitions. [2020-07-29 01:05:55,356 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 01:05:55,359 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 31 transitions. [2020-07-29 01:05:55,360 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 31 transitions. [2020-07-29 01:05:55,406 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 01:05:55,418 INFO L225 Difference]: With dead ends: 29 [2020-07-29 01:05:55,418 INFO L226 Difference]: Without dead ends: 26 [2020-07-29 01:05:55,420 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 35 GetRequests, 30 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2020-07-29 01:05:55,442 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 26 states. [2020-07-29 01:05:55,461 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 26 to 26. [2020-07-29 01:05:55,462 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 01:05:55,462 INFO L82 GeneralOperation]: Start isEquivalent. First operand 26 states. Second operand 26 states. [2020-07-29 01:05:55,463 INFO L74 IsIncluded]: Start isIncluded. First operand 26 states. Second operand 26 states. [2020-07-29 01:05:55,463 INFO L87 Difference]: Start difference. First operand 26 states. Second operand 26 states. [2020-07-29 01:05:55,467 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:55,467 INFO L93 Difference]: Finished difference Result 26 states and 27 transitions. [2020-07-29 01:05:55,467 INFO L276 IsEmpty]: Start isEmpty. Operand 26 states and 27 transitions. [2020-07-29 01:05:55,468 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:05:55,468 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:05:55,468 INFO L74 IsIncluded]: Start isIncluded. First operand 26 states. Second operand 26 states. [2020-07-29 01:05:55,469 INFO L87 Difference]: Start difference. First operand 26 states. Second operand 26 states. [2020-07-29 01:05:55,473 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:55,473 INFO L93 Difference]: Finished difference Result 26 states and 27 transitions. [2020-07-29 01:05:55,473 INFO L276 IsEmpty]: Start isEmpty. Operand 26 states and 27 transitions. [2020-07-29 01:05:55,474 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:05:55,474 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:05:55,474 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 01:05:55,474 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 01:05:55,474 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 26 states. [2020-07-29 01:05:55,477 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 26 states to 26 states and 27 transitions. [2020-07-29 01:05:55,478 INFO L78 Accepts]: Start accepts. Automaton has 26 states and 27 transitions. Word has length 18 [2020-07-29 01:05:55,479 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 01:05:55,479 INFO L479 AbstractCegarLoop]: Abstraction has 26 states and 27 transitions. [2020-07-29 01:05:55,479 INFO L480 AbstractCegarLoop]: Interpolant automaton has 7 states. [2020-07-29 01:05:55,479 INFO L276 IsEmpty]: Start isEmpty. Operand 26 states and 27 transitions. [2020-07-29 01:05:55,480 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2020-07-29 01:05:55,480 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 01:05:55,480 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 01:05:55,702 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 mathsat -unsat_core_generation=3 [2020-07-29 01:05:55,703 INFO L427 AbstractCegarLoop]: === Iteration 2 === [ldv_kref_initErr0REQUIRES_VIOLATION, ldv_kref_initErr1REQUIRES_VIOLATION, ldv_list_addErr1REQUIRES_VIOLATION, ldv_list_addErr0REQUIRES_VIOLATION, ldv_kobject_createErr1REQUIRES_VIOLATION, ldv_kobject_createErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr4REQUIRES_VIOLATION, ldv_destroy_msgsErr3REQUIRES_VIOLATION, ldv_destroy_msgsErr2REQUIRES_VIOLATION, ldv_destroy_msgsErr1REQUIRES_VIOLATION, ldv_destroy_msgsErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr5REQUIRES_VIOLATION, ldv_msg_fillErr1REQUIRES_VIOLATION, ldv_msg_fillErr5REQUIRES_VIOLATION, ldv_msg_fillErr0REQUIRES_VIOLATION, ldv_msg_fillErr4REQUIRES_VIOLATION, ldv_msg_fillErr2REQUIRES_VIOLATION, ldv_msg_fillErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr1REQUIRES_VIOLATION, ldv_atomic_add_returnErr0REQUIRES_VIOLATION, ldv_atomic_add_returnErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr2REQUIRES_VIOLATION, __ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_delErr1REQUIRES_VIOLATION, __ldv_list_delErr2REQUIRES_VIOLATION, __ldv_list_delErr3REQUIRES_VIOLATION, ldv_kobject_cleanupErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr1REQUIRES_VIOLATION, ldv_kobject_cleanupErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr0REQUIRES_VIOLATION, ldv_kobject_cleanupErr3ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr0ENSURES_VIOLATIONMEMORY_LEAK, LDV_INIT_LIST_HEADErr2REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr3REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr0REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr1REQUIRES_VIOLATION, ldv_list_delErr2REQUIRES_VIOLATION, ldv_list_delErr1REQUIRES_VIOLATION, ldv_list_delErr3REQUIRES_VIOLATION, ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_addErr5REQUIRES_VIOLATION, __ldv_list_addErr0REQUIRES_VIOLATION, __ldv_list_addErr1REQUIRES_VIOLATION, __ldv_list_addErr6REQUIRES_VIOLATION, __ldv_list_addErr7REQUIRES_VIOLATION, __ldv_list_addErr2REQUIRES_VIOLATION, __ldv_list_addErr3REQUIRES_VIOLATION, __ldv_list_addErr4REQUIRES_VIOLATION, ldv_dev_set_drvdataErr0REQUIRES_VIOLATION, ldv_dev_set_drvdataErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr0REQUIRES_VIOLATION, ldv_atomic_sub_returnErr3REQUIRES_VIOLATION, ldv_atomic_sub_returnErr2REQUIRES_VIOLATION, ldv_list_add_tailErr0REQUIRES_VIOLATION, ldv_list_add_tailErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr0REQUIRES_VIOLATION, entry_pointErr2ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr1ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr0ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_allocErr0REQUIRES_VIOLATION, ldv_msg_allocErr1REQUIRES_VIOLATION]=== [2020-07-29 01:05:55,703 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 01:05:55,704 INFO L82 PathProgramCache]: Analyzing trace with hash -235380623, now seen corresponding path program 1 times [2020-07-29 01:05:55,705 INFO L163 FreeRefinementEngine]: Executing refinement strategy WOLF [2020-07-29 01:05:55,705 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1942639588] [2020-07-29 01:05:55,706 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat Starting monitored process 3 with mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with mathsat -unsat_core_generation=3 [2020-07-29 01:05:55,833 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:05:55,836 INFO L263 TraceCheckSpWp]: Trace formula consists of 76 conjuncts, 9 conjunts are in the unsatisfiable core [2020-07-29 01:05:55,849 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:05:55,851 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 01:05:56,046 INFO L263 TraceCheckUtils]: 0: Hoare triple {324#true} call ULTIMATE.init(); {324#true} is VALID [2020-07-29 01:05:56,047 INFO L280 TraceCheckUtils]: 1: Hoare triple {324#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,048 INFO L280 TraceCheckUtils]: 2: Hoare triple {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} assume true; {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,048 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} {324#true} #453#return; {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,049 INFO L263 TraceCheckUtils]: 4: Hoare triple {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} call main(); {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,049 INFO L263 TraceCheckUtils]: 5: Hoare triple {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} call entry_point(); {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,050 INFO L263 TraceCheckUtils]: 6: Hoare triple {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} call #t~ret39.base, #t~ret39.offset := h_safe(); {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,054 INFO L263 TraceCheckUtils]: 7: Hoare triple {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,056 INFO L280 TraceCheckUtils]: 8: Hoare triple {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} ~size := #in~size; {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,057 INFO L280 TraceCheckUtils]: 9: Hoare triple {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset; {357#(and (not (= |ldv_malloc_#res.base| (_ bv0 32))) (bvult |ldv_malloc_#res.base| |#StackHeapBarrier|))} is VALID [2020-07-29 01:05:56,058 INFO L280 TraceCheckUtils]: 10: Hoare triple {357#(and (not (= |ldv_malloc_#res.base| (_ bv0 32))) (bvult |ldv_malloc_#res.base| |#StackHeapBarrier|))} assume true; {357#(and (not (= |ldv_malloc_#res.base| (_ bv0 32))) (bvult |ldv_malloc_#res.base| |#StackHeapBarrier|))} is VALID [2020-07-29 01:05:56,060 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {357#(and (not (= |ldv_malloc_#res.base| (_ bv0 32))) (bvult |ldv_malloc_#res.base| |#StackHeapBarrier|))} {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} #445#return; {364#(and (bvult |h_safe_#t~ret38.base| |#StackHeapBarrier|) (not (= |h_safe_#t~ret38.base| (_ bv0 32))))} is VALID [2020-07-29 01:05:56,061 INFO L280 TraceCheckUtils]: 12: Hoare triple {364#(and (bvult |h_safe_#t~ret38.base| |#StackHeapBarrier|) (not (= |h_safe_#t~ret38.base| (_ bv0 32))))} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {368#(and (bvult |h_safe_#res.base| |#StackHeapBarrier|) (not (= |h_safe_#res.base| (_ bv0 32))))} is VALID [2020-07-29 01:05:56,062 INFO L280 TraceCheckUtils]: 13: Hoare triple {368#(and (bvult |h_safe_#res.base| |#StackHeapBarrier|) (not (= |h_safe_#res.base| (_ bv0 32))))} assume true; {368#(and (bvult |h_safe_#res.base| |#StackHeapBarrier|) (not (= |h_safe_#res.base| (_ bv0 32))))} is VALID [2020-07-29 01:05:56,063 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {368#(and (bvult |h_safe_#res.base| |#StackHeapBarrier|) (not (= |h_safe_#res.base| (_ bv0 32))))} {332#(bvult (_ bv0 32) |#StackHeapBarrier|)} #441#return; {375#(and (not (= |entry_point_#t~ret39.base| (_ bv0 32))) (bvult |entry_point_#t~ret39.base| |#StackHeapBarrier|))} is VALID [2020-07-29 01:05:56,068 INFO L280 TraceCheckUtils]: 15: Hoare triple {375#(and (not (= |entry_point_#t~ret39.base| (_ bv0 32))) (bvult |entry_point_#t~ret39.base| |#StackHeapBarrier|))} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {379#(and (bvult entry_point_~p~0.base |#StackHeapBarrier|) (not (= entry_point_~p~0.base (_ bv0 32))))} is VALID [2020-07-29 01:05:56,073 INFO L280 TraceCheckUtils]: 16: Hoare triple {379#(and (bvult entry_point_~p~0.base |#StackHeapBarrier|) (not (= entry_point_~p~0.base (_ bv0 32))))} assume ~p~0.base != 0bv32 || ~p~0.offset != 0bv32; {379#(and (bvult entry_point_~p~0.base |#StackHeapBarrier|) (not (= entry_point_~p~0.base (_ bv0 32))))} is VALID [2020-07-29 01:05:56,075 INFO L280 TraceCheckUtils]: 17: Hoare triple {379#(and (bvult entry_point_~p~0.base |#StackHeapBarrier|) (not (= entry_point_~p~0.base (_ bv0 32))))} assume 0bv32 == ~p~0.offset; {379#(and (bvult entry_point_~p~0.base |#StackHeapBarrier|) (not (= entry_point_~p~0.base (_ bv0 32))))} is VALID [2020-07-29 01:05:56,076 INFO L280 TraceCheckUtils]: 18: Hoare triple {379#(and (bvult entry_point_~p~0.base |#StackHeapBarrier|) (not (= entry_point_~p~0.base (_ bv0 32))))} assume !~bvult32(~p~0.base, #StackHeapBarrier); {325#false} is VALID [2020-07-29 01:05:56,078 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:05:56,078 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2020-07-29 01:05:56,506 INFO L280 TraceCheckUtils]: 18: Hoare triple {389#(bvult entry_point_~p~0.base |#StackHeapBarrier|)} assume !~bvult32(~p~0.base, #StackHeapBarrier); {325#false} is VALID [2020-07-29 01:05:56,507 INFO L280 TraceCheckUtils]: 17: Hoare triple {389#(bvult entry_point_~p~0.base |#StackHeapBarrier|)} assume 0bv32 == ~p~0.offset; {389#(bvult entry_point_~p~0.base |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,507 INFO L280 TraceCheckUtils]: 16: Hoare triple {389#(bvult entry_point_~p~0.base |#StackHeapBarrier|)} assume ~p~0.base != 0bv32 || ~p~0.offset != 0bv32; {389#(bvult entry_point_~p~0.base |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,508 INFO L280 TraceCheckUtils]: 15: Hoare triple {399#(bvult |entry_point_#t~ret39.base| |#StackHeapBarrier|)} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {389#(bvult entry_point_~p~0.base |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,509 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {406#(bvult |h_safe_#res.base| |#StackHeapBarrier|)} {324#true} #441#return; {399#(bvult |entry_point_#t~ret39.base| |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,510 INFO L280 TraceCheckUtils]: 13: Hoare triple {406#(bvult |h_safe_#res.base| |#StackHeapBarrier|)} assume true; {406#(bvult |h_safe_#res.base| |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,511 INFO L280 TraceCheckUtils]: 12: Hoare triple {413#(bvult |h_safe_#t~ret38.base| |#StackHeapBarrier|)} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {406#(bvult |h_safe_#res.base| |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,512 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {420#(bvult |ldv_malloc_#res.base| |#StackHeapBarrier|)} {324#true} #445#return; {413#(bvult |h_safe_#t~ret38.base| |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,513 INFO L280 TraceCheckUtils]: 10: Hoare triple {420#(bvult |ldv_malloc_#res.base| |#StackHeapBarrier|)} assume true; {420#(bvult |ldv_malloc_#res.base| |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,513 INFO L280 TraceCheckUtils]: 9: Hoare triple {324#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset; {420#(bvult |ldv_malloc_#res.base| |#StackHeapBarrier|)} is VALID [2020-07-29 01:05:56,513 INFO L280 TraceCheckUtils]: 8: Hoare triple {324#true} ~size := #in~size; {324#true} is VALID [2020-07-29 01:05:56,514 INFO L263 TraceCheckUtils]: 7: Hoare triple {324#true} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {324#true} is VALID [2020-07-29 01:05:56,514 INFO L263 TraceCheckUtils]: 6: Hoare triple {324#true} call #t~ret39.base, #t~ret39.offset := h_safe(); {324#true} is VALID [2020-07-29 01:05:56,514 INFO L263 TraceCheckUtils]: 5: Hoare triple {324#true} call entry_point(); {324#true} is VALID [2020-07-29 01:05:56,515 INFO L263 TraceCheckUtils]: 4: Hoare triple {324#true} call main(); {324#true} is VALID [2020-07-29 01:05:56,515 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {324#true} {324#true} #453#return; {324#true} is VALID [2020-07-29 01:05:56,515 INFO L280 TraceCheckUtils]: 2: Hoare triple {324#true} assume true; {324#true} is VALID [2020-07-29 01:05:56,515 INFO L280 TraceCheckUtils]: 1: Hoare triple {324#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {324#true} is VALID [2020-07-29 01:05:56,516 INFO L263 TraceCheckUtils]: 0: Hoare triple {324#true} call ULTIMATE.init(); {324#true} is VALID [2020-07-29 01:05:56,516 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:05:56,517 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1942639588] [2020-07-29 01:05:56,517 INFO L220 FreeRefinementEngine]: Constructing automaton from 2 perfect and 0 imperfect interpolant sequences. [2020-07-29 01:05:56,517 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7, 6] imperfect sequences [] total 12 [2020-07-29 01:05:56,517 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1714952679] [2020-07-29 01:05:56,519 INFO L78 Accepts]: Start accepts. Automaton has 13 states. Word has length 19 [2020-07-29 01:05:56,520 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 01:05:56,520 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states. [2020-07-29 01:05:56,611 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 37 edges. 37 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 01:05:56,611 INFO L459 AbstractCegarLoop]: Interpolant automaton has 13 states [2020-07-29 01:05:56,611 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2020-07-29 01:05:56,611 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 13 interpolants. [2020-07-29 01:05:56,612 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=38, Invalid=118, Unknown=0, NotChecked=0, Total=156 [2020-07-29 01:05:56,612 INFO L87 Difference]: Start difference. First operand 26 states and 27 transitions. Second operand 13 states. [2020-07-29 01:05:57,389 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:57,389 INFO L93 Difference]: Finished difference Result 37 states and 39 transitions. [2020-07-29 01:05:57,389 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2020-07-29 01:05:57,389 INFO L78 Accepts]: Start accepts. Automaton has 13 states. Word has length 19 [2020-07-29 01:05:57,390 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 01:05:57,390 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 13 states. [2020-07-29 01:05:57,394 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 42 transitions. [2020-07-29 01:05:57,394 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 13 states. [2020-07-29 01:05:57,397 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 42 transitions. [2020-07-29 01:05:57,397 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states and 42 transitions. [2020-07-29 01:05:57,473 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 01:05:57,475 INFO L225 Difference]: With dead ends: 37 [2020-07-29 01:05:57,475 INFO L226 Difference]: Without dead ends: 37 [2020-07-29 01:05:57,476 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 37 GetRequests, 26 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 10 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=38, Invalid=118, Unknown=0, NotChecked=0, Total=156 [2020-07-29 01:05:57,476 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 37 states. [2020-07-29 01:05:57,480 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 37 to 32. [2020-07-29 01:05:57,481 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 01:05:57,481 INFO L82 GeneralOperation]: Start isEquivalent. First operand 37 states. Second operand 32 states. [2020-07-29 01:05:57,481 INFO L74 IsIncluded]: Start isIncluded. First operand 37 states. Second operand 32 states. [2020-07-29 01:05:57,481 INFO L87 Difference]: Start difference. First operand 37 states. Second operand 32 states. [2020-07-29 01:05:57,484 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:57,484 INFO L93 Difference]: Finished difference Result 37 states and 39 transitions. [2020-07-29 01:05:57,485 INFO L276 IsEmpty]: Start isEmpty. Operand 37 states and 39 transitions. [2020-07-29 01:05:57,485 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:05:57,485 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:05:57,486 INFO L74 IsIncluded]: Start isIncluded. First operand 32 states. Second operand 37 states. [2020-07-29 01:05:57,486 INFO L87 Difference]: Start difference. First operand 32 states. Second operand 37 states. [2020-07-29 01:05:57,489 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:57,489 INFO L93 Difference]: Finished difference Result 37 states and 39 transitions. [2020-07-29 01:05:57,490 INFO L276 IsEmpty]: Start isEmpty. Operand 37 states and 39 transitions. [2020-07-29 01:05:57,490 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:05:57,490 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:05:57,490 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 01:05:57,491 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 01:05:57,491 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 32 states. [2020-07-29 01:05:57,493 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 32 states to 32 states and 33 transitions. [2020-07-29 01:05:57,493 INFO L78 Accepts]: Start accepts. Automaton has 32 states and 33 transitions. Word has length 19 [2020-07-29 01:05:57,493 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 01:05:57,493 INFO L479 AbstractCegarLoop]: Abstraction has 32 states and 33 transitions. [2020-07-29 01:05:57,493 INFO L480 AbstractCegarLoop]: Interpolant automaton has 13 states. [2020-07-29 01:05:57,494 INFO L276 IsEmpty]: Start isEmpty. Operand 32 states and 33 transitions. [2020-07-29 01:05:57,494 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2020-07-29 01:05:57,494 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 01:05:57,495 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 01:05:57,706 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 mathsat -unsat_core_generation=3 [2020-07-29 01:05:57,707 INFO L427 AbstractCegarLoop]: === Iteration 3 === [ldv_kref_initErr0REQUIRES_VIOLATION, ldv_kref_initErr1REQUIRES_VIOLATION, ldv_list_addErr1REQUIRES_VIOLATION, ldv_list_addErr0REQUIRES_VIOLATION, ldv_kobject_createErr1REQUIRES_VIOLATION, ldv_kobject_createErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr4REQUIRES_VIOLATION, ldv_destroy_msgsErr3REQUIRES_VIOLATION, ldv_destroy_msgsErr2REQUIRES_VIOLATION, ldv_destroy_msgsErr1REQUIRES_VIOLATION, ldv_destroy_msgsErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr5REQUIRES_VIOLATION, ldv_msg_fillErr1REQUIRES_VIOLATION, ldv_msg_fillErr5REQUIRES_VIOLATION, ldv_msg_fillErr0REQUIRES_VIOLATION, ldv_msg_fillErr4REQUIRES_VIOLATION, ldv_msg_fillErr2REQUIRES_VIOLATION, ldv_msg_fillErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr1REQUIRES_VIOLATION, ldv_atomic_add_returnErr0REQUIRES_VIOLATION, ldv_atomic_add_returnErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr2REQUIRES_VIOLATION, __ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_delErr1REQUIRES_VIOLATION, __ldv_list_delErr2REQUIRES_VIOLATION, __ldv_list_delErr3REQUIRES_VIOLATION, ldv_kobject_cleanupErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr1REQUIRES_VIOLATION, ldv_kobject_cleanupErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr0REQUIRES_VIOLATION, ldv_kobject_cleanupErr3ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr0ENSURES_VIOLATIONMEMORY_LEAK, LDV_INIT_LIST_HEADErr2REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr3REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr0REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr1REQUIRES_VIOLATION, ldv_list_delErr2REQUIRES_VIOLATION, ldv_list_delErr1REQUIRES_VIOLATION, ldv_list_delErr3REQUIRES_VIOLATION, ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_addErr5REQUIRES_VIOLATION, __ldv_list_addErr0REQUIRES_VIOLATION, __ldv_list_addErr1REQUIRES_VIOLATION, __ldv_list_addErr6REQUIRES_VIOLATION, __ldv_list_addErr7REQUIRES_VIOLATION, __ldv_list_addErr2REQUIRES_VIOLATION, __ldv_list_addErr3REQUIRES_VIOLATION, __ldv_list_addErr4REQUIRES_VIOLATION, ldv_dev_set_drvdataErr0REQUIRES_VIOLATION, ldv_dev_set_drvdataErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr0REQUIRES_VIOLATION, ldv_atomic_sub_returnErr3REQUIRES_VIOLATION, ldv_atomic_sub_returnErr2REQUIRES_VIOLATION, ldv_list_add_tailErr0REQUIRES_VIOLATION, ldv_list_add_tailErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr0REQUIRES_VIOLATION, entry_pointErr2ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr1ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr0ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_allocErr0REQUIRES_VIOLATION, ldv_msg_allocErr1REQUIRES_VIOLATION]=== [2020-07-29 01:05:57,708 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 01:05:57,708 INFO L82 PathProgramCache]: Analyzing trace with hash 1293135673, now seen corresponding path program 1 times [2020-07-29 01:05:57,710 INFO L163 FreeRefinementEngine]: Executing refinement strategy WOLF [2020-07-29 01:05:57,710 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2091348682] [2020-07-29 01:05:57,710 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat Starting monitored process 4 with mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with mathsat -unsat_core_generation=3 [2020-07-29 01:05:57,819 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:05:57,823 INFO L263 TraceCheckSpWp]: Trace formula consists of 78 conjuncts, 7 conjunts are in the unsatisfiable core [2020-07-29 01:05:57,834 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:05:57,836 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 01:05:57,890 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-29 01:05:57,891 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 01:05:57,895 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 01:05:57,896 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-29 01:05:57,896 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:6, output treesize:5 [2020-07-29 01:05:57,899 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 01:05:57,900 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#valid_142|]. (= |#valid| (store |v_#valid_142| |ldv_malloc_#res.base| (_ bv1 1))) [2020-07-29 01:05:57,900 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (= (select |#valid| |ldv_malloc_#res.base|) (_ bv1 1)) [2020-07-29 01:05:57,985 INFO L263 TraceCheckUtils]: 0: Hoare triple {593#true} call ULTIMATE.init(); {593#true} is VALID [2020-07-29 01:05:57,985 INFO L280 TraceCheckUtils]: 1: Hoare triple {593#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {593#true} is VALID [2020-07-29 01:05:57,986 INFO L280 TraceCheckUtils]: 2: Hoare triple {593#true} assume true; {593#true} is VALID [2020-07-29 01:05:57,986 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {593#true} {593#true} #453#return; {593#true} is VALID [2020-07-29 01:05:57,986 INFO L263 TraceCheckUtils]: 4: Hoare triple {593#true} call main(); {593#true} is VALID [2020-07-29 01:05:57,986 INFO L263 TraceCheckUtils]: 5: Hoare triple {593#true} call entry_point(); {593#true} is VALID [2020-07-29 01:05:57,987 INFO L263 TraceCheckUtils]: 6: Hoare triple {593#true} call #t~ret39.base, #t~ret39.offset := h_safe(); {593#true} is VALID [2020-07-29 01:05:57,987 INFO L263 TraceCheckUtils]: 7: Hoare triple {593#true} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {593#true} is VALID [2020-07-29 01:05:57,987 INFO L280 TraceCheckUtils]: 8: Hoare triple {593#true} ~size := #in~size; {593#true} is VALID [2020-07-29 01:05:57,990 INFO L280 TraceCheckUtils]: 9: Hoare triple {593#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset; {625#(= (bvadd (select |#valid| |ldv_malloc_#res.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:57,991 INFO L280 TraceCheckUtils]: 10: Hoare triple {625#(= (bvadd (select |#valid| |ldv_malloc_#res.base|) (_ bv1 1)) (_ bv0 1))} assume true; {625#(= (bvadd (select |#valid| |ldv_malloc_#res.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:57,993 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {625#(= (bvadd (select |#valid| |ldv_malloc_#res.base|) (_ bv1 1)) (_ bv0 1))} {593#true} #445#return; {632#(= (_ bv1 1) (select |#valid| |h_safe_#t~ret38.base|))} is VALID [2020-07-29 01:05:57,994 INFO L280 TraceCheckUtils]: 12: Hoare triple {632#(= (_ bv1 1) (select |#valid| |h_safe_#t~ret38.base|))} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {636#(= (bvadd (select |#valid| |h_safe_#res.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:57,995 INFO L280 TraceCheckUtils]: 13: Hoare triple {636#(= (bvadd (select |#valid| |h_safe_#res.base|) (_ bv1 1)) (_ bv0 1))} assume true; {636#(= (bvadd (select |#valid| |h_safe_#res.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:57,996 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {636#(= (bvadd (select |#valid| |h_safe_#res.base|) (_ bv1 1)) (_ bv0 1))} {593#true} #441#return; {643#(= (bvadd (select |#valid| |entry_point_#t~ret39.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:57,997 INFO L280 TraceCheckUtils]: 15: Hoare triple {643#(= (bvadd (select |#valid| |entry_point_#t~ret39.base|) (_ bv1 1)) (_ bv0 1))} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:57,998 INFO L280 TraceCheckUtils]: 16: Hoare triple {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} assume ~p~0.base != 0bv32 || ~p~0.offset != 0bv32; {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:57,999 INFO L280 TraceCheckUtils]: 17: Hoare triple {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} assume 0bv32 == ~p~0.offset; {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:58,000 INFO L280 TraceCheckUtils]: 18: Hoare triple {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} assume ~bvult32(~p~0.base, #StackHeapBarrier); {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:58,001 INFO L280 TraceCheckUtils]: 19: Hoare triple {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} assume !(0bv32 == ~p~0.base || 1bv1 == #valid[~p~0.base]); {594#false} is VALID [2020-07-29 01:05:58,002 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:05:58,002 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2020-07-29 01:05:58,181 INFO L280 TraceCheckUtils]: 19: Hoare triple {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} assume !(0bv32 == ~p~0.base || 1bv1 == #valid[~p~0.base]); {594#false} is VALID [2020-07-29 01:05:58,182 INFO L280 TraceCheckUtils]: 18: Hoare triple {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} assume ~bvult32(~p~0.base, #StackHeapBarrier); {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:58,182 INFO L280 TraceCheckUtils]: 17: Hoare triple {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} assume 0bv32 == ~p~0.offset; {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:58,183 INFO L280 TraceCheckUtils]: 16: Hoare triple {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} assume ~p~0.base != 0bv32 || ~p~0.offset != 0bv32; {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:58,184 INFO L280 TraceCheckUtils]: 15: Hoare triple {643#(= (bvadd (select |#valid| |entry_point_#t~ret39.base|) (_ bv1 1)) (_ bv0 1))} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {647#(= (bvadd (select |#valid| entry_point_~p~0.base) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:58,186 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {636#(= (bvadd (select |#valid| |h_safe_#res.base|) (_ bv1 1)) (_ bv0 1))} {593#true} #441#return; {643#(= (bvadd (select |#valid| |entry_point_#t~ret39.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:58,187 INFO L280 TraceCheckUtils]: 13: Hoare triple {636#(= (bvadd (select |#valid| |h_safe_#res.base|) (_ bv1 1)) (_ bv0 1))} assume true; {636#(= (bvadd (select |#valid| |h_safe_#res.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:58,187 INFO L280 TraceCheckUtils]: 12: Hoare triple {632#(= (_ bv1 1) (select |#valid| |h_safe_#t~ret38.base|))} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {636#(= (bvadd (select |#valid| |h_safe_#res.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:58,189 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {625#(= (bvadd (select |#valid| |ldv_malloc_#res.base|) (_ bv1 1)) (_ bv0 1))} {593#true} #445#return; {632#(= (_ bv1 1) (select |#valid| |h_safe_#t~ret38.base|))} is VALID [2020-07-29 01:05:58,193 INFO L280 TraceCheckUtils]: 10: Hoare triple {625#(= (bvadd (select |#valid| |ldv_malloc_#res.base|) (_ bv1 1)) (_ bv0 1))} assume true; {625#(= (bvadd (select |#valid| |ldv_malloc_#res.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:58,196 INFO L280 TraceCheckUtils]: 9: Hoare triple {593#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset; {625#(= (bvadd (select |#valid| |ldv_malloc_#res.base|) (_ bv1 1)) (_ bv0 1))} is VALID [2020-07-29 01:05:58,196 INFO L280 TraceCheckUtils]: 8: Hoare triple {593#true} ~size := #in~size; {593#true} is VALID [2020-07-29 01:05:58,196 INFO L263 TraceCheckUtils]: 7: Hoare triple {593#true} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {593#true} is VALID [2020-07-29 01:05:58,196 INFO L263 TraceCheckUtils]: 6: Hoare triple {593#true} call #t~ret39.base, #t~ret39.offset := h_safe(); {593#true} is VALID [2020-07-29 01:05:58,197 INFO L263 TraceCheckUtils]: 5: Hoare triple {593#true} call entry_point(); {593#true} is VALID [2020-07-29 01:05:58,197 INFO L263 TraceCheckUtils]: 4: Hoare triple {593#true} call main(); {593#true} is VALID [2020-07-29 01:05:58,197 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {593#true} {593#true} #453#return; {593#true} is VALID [2020-07-29 01:05:58,197 INFO L280 TraceCheckUtils]: 2: Hoare triple {593#true} assume true; {593#true} is VALID [2020-07-29 01:05:58,197 INFO L280 TraceCheckUtils]: 1: Hoare triple {593#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {593#true} is VALID [2020-07-29 01:05:58,197 INFO L263 TraceCheckUtils]: 0: Hoare triple {593#true} call ULTIMATE.init(); {593#true} is VALID [2020-07-29 01:05:58,198 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:05:58,199 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2091348682] [2020-07-29 01:05:58,199 INFO L220 FreeRefinementEngine]: Constructing automaton from 2 perfect and 0 imperfect interpolant sequences. [2020-07-29 01:05:58,199 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6, 6] imperfect sequences [] total 6 [2020-07-29 01:05:58,199 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1618681347] [2020-07-29 01:05:58,200 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 20 [2020-07-29 01:05:58,200 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 01:05:58,200 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states. [2020-07-29 01:05:58,236 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 01:05:58,236 INFO L459 AbstractCegarLoop]: Interpolant automaton has 7 states [2020-07-29 01:05:58,237 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2020-07-29 01:05:58,237 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2020-07-29 01:05:58,238 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2020-07-29 01:05:58,238 INFO L87 Difference]: Start difference. First operand 32 states and 33 transitions. Second operand 7 states. [2020-07-29 01:05:58,546 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:58,547 INFO L93 Difference]: Finished difference Result 35 states and 36 transitions. [2020-07-29 01:05:58,547 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2020-07-29 01:05:58,547 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 20 [2020-07-29 01:05:58,547 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 01:05:58,547 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 01:05:58,550 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 37 transitions. [2020-07-29 01:05:58,550 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 01:05:58,552 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 37 transitions. [2020-07-29 01:05:58,553 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 37 transitions. [2020-07-29 01:05:58,615 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 37 edges. 37 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 01:05:58,618 INFO L225 Difference]: With dead ends: 35 [2020-07-29 01:05:58,618 INFO L226 Difference]: Without dead ends: 35 [2020-07-29 01:05:58,618 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 39 GetRequests, 33 SyntacticMatches, 1 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2020-07-29 01:05:58,619 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 35 states. [2020-07-29 01:05:58,622 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 35 to 35. [2020-07-29 01:05:58,622 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 01:05:58,623 INFO L82 GeneralOperation]: Start isEquivalent. First operand 35 states. Second operand 35 states. [2020-07-29 01:05:58,623 INFO L74 IsIncluded]: Start isIncluded. First operand 35 states. Second operand 35 states. [2020-07-29 01:05:58,623 INFO L87 Difference]: Start difference. First operand 35 states. Second operand 35 states. [2020-07-29 01:05:58,626 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:58,626 INFO L93 Difference]: Finished difference Result 35 states and 36 transitions. [2020-07-29 01:05:58,626 INFO L276 IsEmpty]: Start isEmpty. Operand 35 states and 36 transitions. [2020-07-29 01:05:58,627 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:05:58,627 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:05:58,627 INFO L74 IsIncluded]: Start isIncluded. First operand 35 states. Second operand 35 states. [2020-07-29 01:05:58,627 INFO L87 Difference]: Start difference. First operand 35 states. Second operand 35 states. [2020-07-29 01:05:58,630 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:58,630 INFO L93 Difference]: Finished difference Result 35 states and 36 transitions. [2020-07-29 01:05:58,630 INFO L276 IsEmpty]: Start isEmpty. Operand 35 states and 36 transitions. [2020-07-29 01:05:58,631 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:05:58,631 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:05:58,631 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 01:05:58,632 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 01:05:58,632 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 35 states. [2020-07-29 01:05:58,634 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 35 states to 35 states and 36 transitions. [2020-07-29 01:05:58,634 INFO L78 Accepts]: Start accepts. Automaton has 35 states and 36 transitions. Word has length 20 [2020-07-29 01:05:58,634 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 01:05:58,635 INFO L479 AbstractCegarLoop]: Abstraction has 35 states and 36 transitions. [2020-07-29 01:05:58,635 INFO L480 AbstractCegarLoop]: Interpolant automaton has 7 states. [2020-07-29 01:05:58,635 INFO L276 IsEmpty]: Start isEmpty. Operand 35 states and 36 transitions. [2020-07-29 01:05:58,636 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2020-07-29 01:05:58,636 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 01:05:58,636 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 01:05:58,847 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 mathsat -unsat_core_generation=3 [2020-07-29 01:05:58,849 INFO L427 AbstractCegarLoop]: === Iteration 4 === [ldv_kref_initErr0REQUIRES_VIOLATION, ldv_kref_initErr1REQUIRES_VIOLATION, ldv_list_addErr1REQUIRES_VIOLATION, ldv_list_addErr0REQUIRES_VIOLATION, ldv_kobject_createErr1REQUIRES_VIOLATION, ldv_kobject_createErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr4REQUIRES_VIOLATION, ldv_destroy_msgsErr3REQUIRES_VIOLATION, ldv_destroy_msgsErr2REQUIRES_VIOLATION, ldv_destroy_msgsErr1REQUIRES_VIOLATION, ldv_destroy_msgsErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr5REQUIRES_VIOLATION, ldv_msg_fillErr1REQUIRES_VIOLATION, ldv_msg_fillErr5REQUIRES_VIOLATION, ldv_msg_fillErr0REQUIRES_VIOLATION, ldv_msg_fillErr4REQUIRES_VIOLATION, ldv_msg_fillErr2REQUIRES_VIOLATION, ldv_msg_fillErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr1REQUIRES_VIOLATION, ldv_atomic_add_returnErr0REQUIRES_VIOLATION, ldv_atomic_add_returnErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr2REQUIRES_VIOLATION, __ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_delErr1REQUIRES_VIOLATION, __ldv_list_delErr2REQUIRES_VIOLATION, __ldv_list_delErr3REQUIRES_VIOLATION, ldv_kobject_cleanupErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr1REQUIRES_VIOLATION, ldv_kobject_cleanupErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr0REQUIRES_VIOLATION, ldv_kobject_cleanupErr3ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr0ENSURES_VIOLATIONMEMORY_LEAK, LDV_INIT_LIST_HEADErr2REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr3REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr0REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr1REQUIRES_VIOLATION, ldv_list_delErr2REQUIRES_VIOLATION, ldv_list_delErr1REQUIRES_VIOLATION, ldv_list_delErr3REQUIRES_VIOLATION, ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_addErr5REQUIRES_VIOLATION, __ldv_list_addErr0REQUIRES_VIOLATION, __ldv_list_addErr1REQUIRES_VIOLATION, __ldv_list_addErr6REQUIRES_VIOLATION, __ldv_list_addErr7REQUIRES_VIOLATION, __ldv_list_addErr2REQUIRES_VIOLATION, __ldv_list_addErr3REQUIRES_VIOLATION, __ldv_list_addErr4REQUIRES_VIOLATION, ldv_dev_set_drvdataErr0REQUIRES_VIOLATION, ldv_dev_set_drvdataErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr0REQUIRES_VIOLATION, ldv_atomic_sub_returnErr3REQUIRES_VIOLATION, ldv_atomic_sub_returnErr2REQUIRES_VIOLATION, ldv_list_add_tailErr0REQUIRES_VIOLATION, ldv_list_add_tailErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr0REQUIRES_VIOLATION, entry_pointErr2ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr1ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr0ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_allocErr0REQUIRES_VIOLATION, ldv_msg_allocErr1REQUIRES_VIOLATION]=== [2020-07-29 01:05:58,850 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 01:05:58,850 INFO L82 PathProgramCache]: Analyzing trace with hash -503815686, now seen corresponding path program 1 times [2020-07-29 01:05:58,851 INFO L163 FreeRefinementEngine]: Executing refinement strategy WOLF [2020-07-29 01:05:58,852 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [479606168] [2020-07-29 01:05:58,852 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat Starting monitored process 5 with mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with mathsat -unsat_core_generation=3 [2020-07-29 01:05:58,987 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:05:58,988 INFO L263 TraceCheckSpWp]: Trace formula consists of 72 conjuncts, 11 conjunts are in the unsatisfiable core [2020-07-29 01:05:59,005 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:05:59,007 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 01:05:59,155 INFO L263 TraceCheckUtils]: 0: Hoare triple {859#true} call ULTIMATE.init(); {859#true} is VALID [2020-07-29 01:05:59,155 INFO L280 TraceCheckUtils]: 1: Hoare triple {859#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {859#true} is VALID [2020-07-29 01:05:59,155 INFO L280 TraceCheckUtils]: 2: Hoare triple {859#true} assume true; {859#true} is VALID [2020-07-29 01:05:59,156 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {859#true} {859#true} #453#return; {859#true} is VALID [2020-07-29 01:05:59,156 INFO L263 TraceCheckUtils]: 4: Hoare triple {859#true} call main(); {859#true} is VALID [2020-07-29 01:05:59,156 INFO L263 TraceCheckUtils]: 5: Hoare triple {859#true} call entry_point(); {859#true} is VALID [2020-07-29 01:05:59,156 INFO L263 TraceCheckUtils]: 6: Hoare triple {859#true} call #t~ret39.base, #t~ret39.offset := h_safe(); {859#true} is VALID [2020-07-29 01:05:59,156 INFO L263 TraceCheckUtils]: 7: Hoare triple {859#true} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {859#true} is VALID [2020-07-29 01:05:59,157 INFO L280 TraceCheckUtils]: 8: Hoare triple {859#true} ~size := #in~size; {859#true} is VALID [2020-07-29 01:05:59,158 INFO L280 TraceCheckUtils]: 9: Hoare triple {859#true} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {891#(and (= (_ bv0 32) |ldv_malloc_#res.offset|) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2020-07-29 01:05:59,162 INFO L280 TraceCheckUtils]: 10: Hoare triple {891#(and (= (_ bv0 32) |ldv_malloc_#res.offset|) (= |ldv_malloc_#res.base| (_ bv0 32)))} assume true; {891#(and (= (_ bv0 32) |ldv_malloc_#res.offset|) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2020-07-29 01:05:59,165 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {891#(and (= (_ bv0 32) |ldv_malloc_#res.offset|) (= |ldv_malloc_#res.base| (_ bv0 32)))} {859#true} #445#return; {898#(and (= |h_safe_#t~ret38.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#t~ret38.offset|))} is VALID [2020-07-29 01:05:59,167 INFO L280 TraceCheckUtils]: 12: Hoare triple {898#(and (= |h_safe_#t~ret38.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#t~ret38.offset|))} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {902#(and (= |h_safe_#res.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#res.offset|))} is VALID [2020-07-29 01:05:59,168 INFO L280 TraceCheckUtils]: 13: Hoare triple {902#(and (= |h_safe_#res.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#res.offset|))} assume true; {902#(and (= |h_safe_#res.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#res.offset|))} is VALID [2020-07-29 01:05:59,169 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {902#(and (= |h_safe_#res.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#res.offset|))} {859#true} #441#return; {909#(and (= |entry_point_#t~ret39.offset| (_ bv0 32)) (= |entry_point_#t~ret39.base| (_ bv0 32)))} is VALID [2020-07-29 01:05:59,170 INFO L280 TraceCheckUtils]: 15: Hoare triple {909#(and (= |entry_point_#t~ret39.offset| (_ bv0 32)) (= |entry_point_#t~ret39.base| (_ bv0 32)))} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {913#(and (= entry_point_~p~0.base (_ bv0 32)) (= (_ bv0 32) entry_point_~p~0.offset))} is VALID [2020-07-29 01:05:59,171 INFO L280 TraceCheckUtils]: 16: Hoare triple {913#(and (= entry_point_~p~0.base (_ bv0 32)) (= (_ bv0 32) entry_point_~p~0.offset))} assume ~p~0.base != 0bv32 || ~p~0.offset != 0bv32; {860#false} is VALID [2020-07-29 01:05:59,172 INFO L280 TraceCheckUtils]: 17: Hoare triple {860#false} assume 0bv32 == ~p~0.offset; {860#false} is VALID [2020-07-29 01:05:59,172 INFO L280 TraceCheckUtils]: 18: Hoare triple {860#false} assume ~bvult32(~p~0.base, #StackHeapBarrier); {860#false} is VALID [2020-07-29 01:05:59,172 INFO L280 TraceCheckUtils]: 19: Hoare triple {860#false} assume !(0bv32 == ~p~0.base || 1bv1 == #valid[~p~0.base]); {860#false} is VALID [2020-07-29 01:05:59,173 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:05:59,173 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2020-07-29 01:05:59,360 INFO L280 TraceCheckUtils]: 19: Hoare triple {860#false} assume !(0bv32 == ~p~0.base || 1bv1 == #valid[~p~0.base]); {860#false} is VALID [2020-07-29 01:05:59,361 INFO L280 TraceCheckUtils]: 18: Hoare triple {860#false} assume ~bvult32(~p~0.base, #StackHeapBarrier); {860#false} is VALID [2020-07-29 01:05:59,361 INFO L280 TraceCheckUtils]: 17: Hoare triple {860#false} assume 0bv32 == ~p~0.offset; {860#false} is VALID [2020-07-29 01:05:59,362 INFO L280 TraceCheckUtils]: 16: Hoare triple {913#(and (= entry_point_~p~0.base (_ bv0 32)) (= (_ bv0 32) entry_point_~p~0.offset))} assume ~p~0.base != 0bv32 || ~p~0.offset != 0bv32; {860#false} is VALID [2020-07-29 01:05:59,363 INFO L280 TraceCheckUtils]: 15: Hoare triple {909#(and (= |entry_point_#t~ret39.offset| (_ bv0 32)) (= |entry_point_#t~ret39.base| (_ bv0 32)))} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {913#(and (= entry_point_~p~0.base (_ bv0 32)) (= (_ bv0 32) entry_point_~p~0.offset))} is VALID [2020-07-29 01:05:59,364 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {902#(and (= |h_safe_#res.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#res.offset|))} {859#true} #441#return; {909#(and (= |entry_point_#t~ret39.offset| (_ bv0 32)) (= |entry_point_#t~ret39.base| (_ bv0 32)))} is VALID [2020-07-29 01:05:59,365 INFO L280 TraceCheckUtils]: 13: Hoare triple {902#(and (= |h_safe_#res.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#res.offset|))} assume true; {902#(and (= |h_safe_#res.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#res.offset|))} is VALID [2020-07-29 01:05:59,366 INFO L280 TraceCheckUtils]: 12: Hoare triple {898#(and (= |h_safe_#t~ret38.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#t~ret38.offset|))} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {902#(and (= |h_safe_#res.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#res.offset|))} is VALID [2020-07-29 01:05:59,368 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {891#(and (= (_ bv0 32) |ldv_malloc_#res.offset|) (= |ldv_malloc_#res.base| (_ bv0 32)))} {859#true} #445#return; {898#(and (= |h_safe_#t~ret38.base| (_ bv0 32)) (= (_ bv0 32) |h_safe_#t~ret38.offset|))} is VALID [2020-07-29 01:05:59,369 INFO L280 TraceCheckUtils]: 10: Hoare triple {891#(and (= (_ bv0 32) |ldv_malloc_#res.offset|) (= |ldv_malloc_#res.base| (_ bv0 32)))} assume true; {891#(and (= (_ bv0 32) |ldv_malloc_#res.offset|) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2020-07-29 01:05:59,370 INFO L280 TraceCheckUtils]: 9: Hoare triple {859#true} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {891#(and (= (_ bv0 32) |ldv_malloc_#res.offset|) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2020-07-29 01:05:59,370 INFO L280 TraceCheckUtils]: 8: Hoare triple {859#true} ~size := #in~size; {859#true} is VALID [2020-07-29 01:05:59,370 INFO L263 TraceCheckUtils]: 7: Hoare triple {859#true} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {859#true} is VALID [2020-07-29 01:05:59,371 INFO L263 TraceCheckUtils]: 6: Hoare triple {859#true} call #t~ret39.base, #t~ret39.offset := h_safe(); {859#true} is VALID [2020-07-29 01:05:59,371 INFO L263 TraceCheckUtils]: 5: Hoare triple {859#true} call entry_point(); {859#true} is VALID [2020-07-29 01:05:59,373 INFO L263 TraceCheckUtils]: 4: Hoare triple {859#true} call main(); {859#true} is VALID [2020-07-29 01:05:59,373 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {859#true} {859#true} #453#return; {859#true} is VALID [2020-07-29 01:05:59,373 INFO L280 TraceCheckUtils]: 2: Hoare triple {859#true} assume true; {859#true} is VALID [2020-07-29 01:05:59,374 INFO L280 TraceCheckUtils]: 1: Hoare triple {859#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {859#true} is VALID [2020-07-29 01:05:59,374 INFO L263 TraceCheckUtils]: 0: Hoare triple {859#true} call ULTIMATE.init(); {859#true} is VALID [2020-07-29 01:05:59,375 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:05:59,376 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [479606168] [2020-07-29 01:05:59,376 INFO L220 FreeRefinementEngine]: Constructing automaton from 2 perfect and 0 imperfect interpolant sequences. [2020-07-29 01:05:59,376 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7, 7] imperfect sequences [] total 7 [2020-07-29 01:05:59,376 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [638799183] [2020-07-29 01:05:59,377 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 20 [2020-07-29 01:05:59,377 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 01:05:59,377 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states. [2020-07-29 01:05:59,413 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 01:05:59,413 INFO L459 AbstractCegarLoop]: Interpolant automaton has 7 states [2020-07-29 01:05:59,414 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2020-07-29 01:05:59,414 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2020-07-29 01:05:59,414 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2020-07-29 01:05:59,414 INFO L87 Difference]: Start difference. First operand 35 states and 36 transitions. Second operand 7 states. [2020-07-29 01:05:59,668 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:59,668 INFO L93 Difference]: Finished difference Result 33 states and 33 transitions. [2020-07-29 01:05:59,668 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2020-07-29 01:05:59,668 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 20 [2020-07-29 01:05:59,668 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 01:05:59,668 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 01:05:59,671 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 34 transitions. [2020-07-29 01:05:59,671 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 01:05:59,673 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 34 transitions. [2020-07-29 01:05:59,674 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 34 transitions. [2020-07-29 01:05:59,722 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 34 edges. 34 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 01:05:59,724 INFO L225 Difference]: With dead ends: 33 [2020-07-29 01:05:59,724 INFO L226 Difference]: Without dead ends: 33 [2020-07-29 01:05:59,724 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 39 GetRequests, 34 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2020-07-29 01:05:59,725 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 33 states. [2020-07-29 01:05:59,729 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 33 to 31. [2020-07-29 01:05:59,729 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 01:05:59,729 INFO L82 GeneralOperation]: Start isEquivalent. First operand 33 states. Second operand 31 states. [2020-07-29 01:05:59,730 INFO L74 IsIncluded]: Start isIncluded. First operand 33 states. Second operand 31 states. [2020-07-29 01:05:59,730 INFO L87 Difference]: Start difference. First operand 33 states. Second operand 31 states. [2020-07-29 01:05:59,732 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:59,732 INFO L93 Difference]: Finished difference Result 33 states and 33 transitions. [2020-07-29 01:05:59,732 INFO L276 IsEmpty]: Start isEmpty. Operand 33 states and 33 transitions. [2020-07-29 01:05:59,733 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:05:59,733 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:05:59,733 INFO L74 IsIncluded]: Start isIncluded. First operand 31 states. Second operand 33 states. [2020-07-29 01:05:59,733 INFO L87 Difference]: Start difference. First operand 31 states. Second operand 33 states. [2020-07-29 01:05:59,735 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:05:59,736 INFO L93 Difference]: Finished difference Result 33 states and 33 transitions. [2020-07-29 01:05:59,736 INFO L276 IsEmpty]: Start isEmpty. Operand 33 states and 33 transitions. [2020-07-29 01:05:59,736 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:05:59,736 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:05:59,737 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 01:05:59,737 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 01:05:59,737 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 31 states. [2020-07-29 01:05:59,738 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 31 states to 31 states and 31 transitions. [2020-07-29 01:05:59,738 INFO L78 Accepts]: Start accepts. Automaton has 31 states and 31 transitions. Word has length 20 [2020-07-29 01:05:59,739 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 01:05:59,739 INFO L479 AbstractCegarLoop]: Abstraction has 31 states and 31 transitions. [2020-07-29 01:05:59,739 INFO L480 AbstractCegarLoop]: Interpolant automaton has 7 states. [2020-07-29 01:05:59,739 INFO L276 IsEmpty]: Start isEmpty. Operand 31 states and 31 transitions. [2020-07-29 01:05:59,740 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2020-07-29 01:05:59,740 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 01:05:59,740 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 01:05:59,945 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 mathsat -unsat_core_generation=3 [2020-07-29 01:05:59,945 INFO L427 AbstractCegarLoop]: === Iteration 5 === [ldv_kref_initErr0REQUIRES_VIOLATION, ldv_kref_initErr1REQUIRES_VIOLATION, ldv_list_addErr1REQUIRES_VIOLATION, ldv_list_addErr0REQUIRES_VIOLATION, ldv_kobject_createErr1REQUIRES_VIOLATION, ldv_kobject_createErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr4REQUIRES_VIOLATION, ldv_destroy_msgsErr3REQUIRES_VIOLATION, ldv_destroy_msgsErr2REQUIRES_VIOLATION, ldv_destroy_msgsErr1REQUIRES_VIOLATION, ldv_destroy_msgsErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr5REQUIRES_VIOLATION, ldv_msg_fillErr1REQUIRES_VIOLATION, ldv_msg_fillErr5REQUIRES_VIOLATION, ldv_msg_fillErr0REQUIRES_VIOLATION, ldv_msg_fillErr4REQUIRES_VIOLATION, ldv_msg_fillErr2REQUIRES_VIOLATION, ldv_msg_fillErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr1REQUIRES_VIOLATION, ldv_atomic_add_returnErr0REQUIRES_VIOLATION, ldv_atomic_add_returnErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr2REQUIRES_VIOLATION, __ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_delErr1REQUIRES_VIOLATION, __ldv_list_delErr2REQUIRES_VIOLATION, __ldv_list_delErr3REQUIRES_VIOLATION, ldv_kobject_cleanupErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr1REQUIRES_VIOLATION, ldv_kobject_cleanupErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr0REQUIRES_VIOLATION, ldv_kobject_cleanupErr3ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr0ENSURES_VIOLATIONMEMORY_LEAK, LDV_INIT_LIST_HEADErr2REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr3REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr0REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr1REQUIRES_VIOLATION, ldv_list_delErr2REQUIRES_VIOLATION, ldv_list_delErr1REQUIRES_VIOLATION, ldv_list_delErr3REQUIRES_VIOLATION, ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_addErr5REQUIRES_VIOLATION, __ldv_list_addErr0REQUIRES_VIOLATION, __ldv_list_addErr1REQUIRES_VIOLATION, __ldv_list_addErr6REQUIRES_VIOLATION, __ldv_list_addErr7REQUIRES_VIOLATION, __ldv_list_addErr2REQUIRES_VIOLATION, __ldv_list_addErr3REQUIRES_VIOLATION, __ldv_list_addErr4REQUIRES_VIOLATION, ldv_dev_set_drvdataErr0REQUIRES_VIOLATION, ldv_dev_set_drvdataErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr0REQUIRES_VIOLATION, ldv_atomic_sub_returnErr3REQUIRES_VIOLATION, ldv_atomic_sub_returnErr2REQUIRES_VIOLATION, ldv_list_add_tailErr0REQUIRES_VIOLATION, ldv_list_add_tailErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr0REQUIRES_VIOLATION, entry_pointErr2ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr1ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr0ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_allocErr0REQUIRES_VIOLATION, ldv_msg_allocErr1REQUIRES_VIOLATION]=== [2020-07-29 01:05:59,946 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 01:05:59,946 INFO L82 PathProgramCache]: Analyzing trace with hash -503568140, now seen corresponding path program 1 times [2020-07-29 01:05:59,946 INFO L163 FreeRefinementEngine]: Executing refinement strategy WOLF [2020-07-29 01:05:59,947 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1237313806] [2020-07-29 01:05:59,947 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat Starting monitored process 6 with mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 6 with mathsat -unsat_core_generation=3 [2020-07-29 01:06:00,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:06:00,081 INFO L263 TraceCheckSpWp]: Trace formula consists of 72 conjuncts, 8 conjunts are in the unsatisfiable core [2020-07-29 01:06:00,089 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:06:00,091 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 01:06:00,126 INFO L263 TraceCheckUtils]: 0: Hoare triple {1115#true} call ULTIMATE.init(); {1115#true} is VALID [2020-07-29 01:06:00,126 INFO L280 TraceCheckUtils]: 1: Hoare triple {1115#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {1115#true} is VALID [2020-07-29 01:06:00,127 INFO L280 TraceCheckUtils]: 2: Hoare triple {1115#true} assume true; {1115#true} is VALID [2020-07-29 01:06:00,127 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1115#true} {1115#true} #453#return; {1115#true} is VALID [2020-07-29 01:06:00,128 INFO L263 TraceCheckUtils]: 4: Hoare triple {1115#true} call main(); {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,128 INFO L263 TraceCheckUtils]: 5: Hoare triple {1132#(= |#valid| |old(#valid)|)} call entry_point(); {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,129 INFO L263 TraceCheckUtils]: 6: Hoare triple {1132#(= |#valid| |old(#valid)|)} call #t~ret39.base, #t~ret39.offset := h_safe(); {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,129 INFO L263 TraceCheckUtils]: 7: Hoare triple {1132#(= |#valid| |old(#valid)|)} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,130 INFO L280 TraceCheckUtils]: 8: Hoare triple {1132#(= |#valid| |old(#valid)|)} ~size := #in~size; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,130 INFO L280 TraceCheckUtils]: 9: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,130 INFO L280 TraceCheckUtils]: 10: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume true; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,131 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {1132#(= |#valid| |old(#valid)|)} {1132#(= |#valid| |old(#valid)|)} #445#return; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,132 INFO L280 TraceCheckUtils]: 12: Hoare triple {1132#(= |#valid| |old(#valid)|)} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,133 INFO L280 TraceCheckUtils]: 13: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume true; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,134 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {1132#(= |#valid| |old(#valid)|)} {1132#(= |#valid| |old(#valid)|)} #441#return; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,135 INFO L280 TraceCheckUtils]: 15: Hoare triple {1132#(= |#valid| |old(#valid)|)} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,136 INFO L280 TraceCheckUtils]: 16: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume !(~p~0.base != 0bv32 || ~p~0.offset != 0bv32); {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,136 INFO L280 TraceCheckUtils]: 17: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume true; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,137 INFO L275 TraceCheckUtils]: 18: Hoare quadruple {1132#(= |#valid| |old(#valid)|)} {1132#(= |#valid| |old(#valid)|)} #415#return; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,137 INFO L280 TraceCheckUtils]: 19: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume !(#valid == old(#valid)); {1116#false} is VALID [2020-07-29 01:06:00,138 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:06:00,138 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2020-07-29 01:06:00,306 INFO L280 TraceCheckUtils]: 19: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume !(#valid == old(#valid)); {1116#false} is VALID [2020-07-29 01:06:00,307 INFO L275 TraceCheckUtils]: 18: Hoare quadruple {1132#(= |#valid| |old(#valid)|)} {1132#(= |#valid| |old(#valid)|)} #415#return; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,308 INFO L280 TraceCheckUtils]: 17: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume true; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,308 INFO L280 TraceCheckUtils]: 16: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume !(~p~0.base != 0bv32 || ~p~0.offset != 0bv32); {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,309 INFO L280 TraceCheckUtils]: 15: Hoare triple {1132#(= |#valid| |old(#valid)|)} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,310 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {1132#(= |#valid| |old(#valid)|)} {1132#(= |#valid| |old(#valid)|)} #441#return; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,311 INFO L280 TraceCheckUtils]: 13: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume true; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,311 INFO L280 TraceCheckUtils]: 12: Hoare triple {1132#(= |#valid| |old(#valid)|)} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,312 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {1132#(= |#valid| |old(#valid)|)} {1132#(= |#valid| |old(#valid)|)} #445#return; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,313 INFO L280 TraceCheckUtils]: 10: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume true; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,317 INFO L280 TraceCheckUtils]: 9: Hoare triple {1132#(= |#valid| |old(#valid)|)} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,318 INFO L280 TraceCheckUtils]: 8: Hoare triple {1132#(= |#valid| |old(#valid)|)} ~size := #in~size; {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,319 INFO L263 TraceCheckUtils]: 7: Hoare triple {1132#(= |#valid| |old(#valid)|)} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,319 INFO L263 TraceCheckUtils]: 6: Hoare triple {1132#(= |#valid| |old(#valid)|)} call #t~ret39.base, #t~ret39.offset := h_safe(); {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,320 INFO L263 TraceCheckUtils]: 5: Hoare triple {1132#(= |#valid| |old(#valid)|)} call entry_point(); {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,320 INFO L263 TraceCheckUtils]: 4: Hoare triple {1115#true} call main(); {1132#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:00,321 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1115#true} {1115#true} #453#return; {1115#true} is VALID [2020-07-29 01:06:00,321 INFO L280 TraceCheckUtils]: 2: Hoare triple {1115#true} assume true; {1115#true} is VALID [2020-07-29 01:06:00,321 INFO L280 TraceCheckUtils]: 1: Hoare triple {1115#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {1115#true} is VALID [2020-07-29 01:06:00,321 INFO L263 TraceCheckUtils]: 0: Hoare triple {1115#true} call ULTIMATE.init(); {1115#true} is VALID [2020-07-29 01:06:00,322 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:06:00,322 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1237313806] [2020-07-29 01:06:00,322 INFO L220 FreeRefinementEngine]: Constructing automaton from 2 perfect and 0 imperfect interpolant sequences. [2020-07-29 01:06:00,322 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2, 2] imperfect sequences [] total 2 [2020-07-29 01:06:00,323 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1468419615] [2020-07-29 01:06:00,323 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 20 [2020-07-29 01:06:00,323 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 01:06:00,323 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states. [2020-07-29 01:06:00,363 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 01:06:00,363 INFO L459 AbstractCegarLoop]: Interpolant automaton has 3 states [2020-07-29 01:06:00,363 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2020-07-29 01:06:00,364 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2020-07-29 01:06:00,364 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2020-07-29 01:06:00,364 INFO L87 Difference]: Start difference. First operand 31 states and 31 transitions. Second operand 3 states. [2020-07-29 01:06:00,437 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:06:00,437 INFO L93 Difference]: Finished difference Result 34 states and 33 transitions. [2020-07-29 01:06:00,437 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2020-07-29 01:06:00,437 INFO L78 Accepts]: Start accepts. Automaton has 3 states. Word has length 20 [2020-07-29 01:06:00,438 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 01:06:00,438 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2020-07-29 01:06:00,441 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 34 transitions. [2020-07-29 01:06:00,441 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 3 states. [2020-07-29 01:06:00,443 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 34 transitions. [2020-07-29 01:06:00,444 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 34 transitions. [2020-07-29 01:06:00,492 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 34 edges. 34 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 01:06:00,493 INFO L225 Difference]: With dead ends: 34 [2020-07-29 01:06:00,493 INFO L226 Difference]: Without dead ends: 24 [2020-07-29 01:06:00,494 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 39 GetRequests, 38 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2020-07-29 01:06:00,494 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 24 states. [2020-07-29 01:06:00,497 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 24 to 24. [2020-07-29 01:06:00,497 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 01:06:00,497 INFO L82 GeneralOperation]: Start isEquivalent. First operand 24 states. Second operand 24 states. [2020-07-29 01:06:00,497 INFO L74 IsIncluded]: Start isIncluded. First operand 24 states. Second operand 24 states. [2020-07-29 01:06:00,498 INFO L87 Difference]: Start difference. First operand 24 states. Second operand 24 states. [2020-07-29 01:06:00,499 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:06:00,499 INFO L93 Difference]: Finished difference Result 24 states and 23 transitions. [2020-07-29 01:06:00,499 INFO L276 IsEmpty]: Start isEmpty. Operand 24 states and 23 transitions. [2020-07-29 01:06:00,500 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:06:00,500 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:06:00,500 INFO L74 IsIncluded]: Start isIncluded. First operand 24 states. Second operand 24 states. [2020-07-29 01:06:00,500 INFO L87 Difference]: Start difference. First operand 24 states. Second operand 24 states. [2020-07-29 01:06:00,502 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:06:00,502 INFO L93 Difference]: Finished difference Result 24 states and 23 transitions. [2020-07-29 01:06:00,502 INFO L276 IsEmpty]: Start isEmpty. Operand 24 states and 23 transitions. [2020-07-29 01:06:00,502 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:06:00,503 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:06:00,503 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 01:06:00,503 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 01:06:00,503 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 24 states. [2020-07-29 01:06:00,504 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 24 states to 24 states and 23 transitions. [2020-07-29 01:06:00,504 INFO L78 Accepts]: Start accepts. Automaton has 24 states and 23 transitions. Word has length 20 [2020-07-29 01:06:00,505 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 01:06:00,505 INFO L479 AbstractCegarLoop]: Abstraction has 24 states and 23 transitions. [2020-07-29 01:06:00,505 INFO L480 AbstractCegarLoop]: Interpolant automaton has 3 states. [2020-07-29 01:06:00,505 INFO L276 IsEmpty]: Start isEmpty. Operand 24 states and 23 transitions. [2020-07-29 01:06:00,506 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 24 [2020-07-29 01:06:00,506 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 01:06:00,506 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 01:06:00,717 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 mathsat -unsat_core_generation=3 [2020-07-29 01:06:00,728 INFO L427 AbstractCegarLoop]: === Iteration 6 === [ldv_kref_initErr0REQUIRES_VIOLATION, ldv_kref_initErr1REQUIRES_VIOLATION, ldv_list_addErr1REQUIRES_VIOLATION, ldv_list_addErr0REQUIRES_VIOLATION, ldv_kobject_createErr1REQUIRES_VIOLATION, ldv_kobject_createErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr4REQUIRES_VIOLATION, ldv_destroy_msgsErr3REQUIRES_VIOLATION, ldv_destroy_msgsErr2REQUIRES_VIOLATION, ldv_destroy_msgsErr1REQUIRES_VIOLATION, ldv_destroy_msgsErr0REQUIRES_VIOLATION, ldv_destroy_msgsErr5REQUIRES_VIOLATION, ldv_msg_fillErr1REQUIRES_VIOLATION, ldv_msg_fillErr5REQUIRES_VIOLATION, ldv_msg_fillErr0REQUIRES_VIOLATION, ldv_msg_fillErr4REQUIRES_VIOLATION, ldv_msg_fillErr2REQUIRES_VIOLATION, ldv_msg_fillErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr1REQUIRES_VIOLATION, ldv_atomic_add_returnErr0REQUIRES_VIOLATION, ldv_atomic_add_returnErr3REQUIRES_VIOLATION, ldv_atomic_add_returnErr2REQUIRES_VIOLATION, __ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_delErr1REQUIRES_VIOLATION, __ldv_list_delErr2REQUIRES_VIOLATION, __ldv_list_delErr3REQUIRES_VIOLATION, ldv_kobject_cleanupErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr1REQUIRES_VIOLATION, ldv_kobject_cleanupErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_kobject_cleanupErr0REQUIRES_VIOLATION, ldv_kobject_cleanupErr3ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr6ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr7ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr4ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr5ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE, mainErr0ENSURES_VIOLATIONMEMORY_LEAK, LDV_INIT_LIST_HEADErr2REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr3REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr0REQUIRES_VIOLATION, LDV_INIT_LIST_HEADErr1REQUIRES_VIOLATION, ldv_list_delErr2REQUIRES_VIOLATION, ldv_list_delErr1REQUIRES_VIOLATION, ldv_list_delErr3REQUIRES_VIOLATION, ldv_list_delErr0REQUIRES_VIOLATION, __ldv_list_addErr5REQUIRES_VIOLATION, __ldv_list_addErr0REQUIRES_VIOLATION, __ldv_list_addErr1REQUIRES_VIOLATION, __ldv_list_addErr6REQUIRES_VIOLATION, __ldv_list_addErr7REQUIRES_VIOLATION, __ldv_list_addErr2REQUIRES_VIOLATION, __ldv_list_addErr3REQUIRES_VIOLATION, __ldv_list_addErr4REQUIRES_VIOLATION, ldv_dev_set_drvdataErr0REQUIRES_VIOLATION, ldv_dev_set_drvdataErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr1REQUIRES_VIOLATION, ldv_atomic_sub_returnErr0REQUIRES_VIOLATION, ldv_atomic_sub_returnErr3REQUIRES_VIOLATION, ldv_atomic_sub_returnErr2REQUIRES_VIOLATION, ldv_list_add_tailErr0REQUIRES_VIOLATION, ldv_list_add_tailErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr1REQUIRES_VIOLATION, ldv_dev_get_drvdataErr0REQUIRES_VIOLATION, entry_pointErr2ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr1ASSERT_VIOLATIONMEMORY_FREE, entry_pointErr0ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_allocErr0REQUIRES_VIOLATION, ldv_msg_allocErr1REQUIRES_VIOLATION]=== [2020-07-29 01:06:00,730 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 01:06:00,730 INFO L82 PathProgramCache]: Analyzing trace with hash -2051414223, now seen corresponding path program 1 times [2020-07-29 01:06:00,730 INFO L163 FreeRefinementEngine]: Executing refinement strategy WOLF [2020-07-29 01:06:00,731 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2008737409] [2020-07-29 01:06:00,731 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat Starting monitored process 7 with mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 7 with mathsat -unsat_core_generation=3 [2020-07-29 01:06:00,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:06:00,860 INFO L263 TraceCheckSpWp]: Trace formula consists of 81 conjuncts, 17 conjunts are in the unsatisfiable core [2020-07-29 01:06:00,874 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 01:06:00,875 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 01:06:03,092 INFO L263 TraceCheckUtils]: 0: Hoare triple {1343#true} call ULTIMATE.init(); {1343#true} is VALID [2020-07-29 01:06:03,092 INFO L280 TraceCheckUtils]: 1: Hoare triple {1343#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {1343#true} is VALID [2020-07-29 01:06:03,092 INFO L280 TraceCheckUtils]: 2: Hoare triple {1343#true} assume true; {1343#true} is VALID [2020-07-29 01:06:03,093 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1343#true} {1343#true} #453#return; {1343#true} is VALID [2020-07-29 01:06:03,095 INFO L263 TraceCheckUtils]: 4: Hoare triple {1343#true} call main(); {1360#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:03,096 INFO L263 TraceCheckUtils]: 5: Hoare triple {1360#(= |#valid| |old(#valid)|)} call entry_point(); {1360#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:03,099 INFO L263 TraceCheckUtils]: 6: Hoare triple {1360#(= |#valid| |old(#valid)|)} call #t~ret39.base, #t~ret39.offset := h_safe(); {1360#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:03,100 INFO L263 TraceCheckUtils]: 7: Hoare triple {1360#(= |#valid| |old(#valid)|)} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {1360#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:03,100 INFO L280 TraceCheckUtils]: 8: Hoare triple {1360#(= |#valid| |old(#valid)|)} ~size := #in~size; {1360#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 01:06:03,101 INFO L280 TraceCheckUtils]: 9: Hoare triple {1360#(= |#valid| |old(#valid)|)} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset; {1376#(and (= (select |old(#valid)| |ldv_malloc_#res.base|) (_ bv0 1)) (= |#valid| (store |old(#valid)| |ldv_malloc_#res.base| (_ bv1 1))))} is VALID [2020-07-29 01:06:03,101 INFO L280 TraceCheckUtils]: 10: Hoare triple {1376#(and (= (select |old(#valid)| |ldv_malloc_#res.base|) (_ bv0 1)) (= |#valid| (store |old(#valid)| |ldv_malloc_#res.base| (_ bv1 1))))} assume true; {1376#(and (= (select |old(#valid)| |ldv_malloc_#res.base|) (_ bv0 1)) (= |#valid| (store |old(#valid)| |ldv_malloc_#res.base| (_ bv1 1))))} is VALID [2020-07-29 01:06:03,103 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {1376#(and (= (select |old(#valid)| |ldv_malloc_#res.base|) (_ bv0 1)) (= |#valid| (store |old(#valid)| |ldv_malloc_#res.base| (_ bv1 1))))} {1360#(= |#valid| |old(#valid)|)} #445#return; {1383#(and (= (select |old(#valid)| |h_safe_#t~ret38.base|) (_ bv0 1)) (= |#valid| (store |old(#valid)| |h_safe_#t~ret38.base| (_ bv1 1))))} is VALID [2020-07-29 01:06:03,103 INFO L280 TraceCheckUtils]: 12: Hoare triple {1383#(and (= (select |old(#valid)| |h_safe_#t~ret38.base|) (_ bv0 1)) (= |#valid| (store |old(#valid)| |h_safe_#t~ret38.base| (_ bv1 1))))} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {1387#(and (= |#valid| (store |old(#valid)| |h_safe_#res.base| (_ bv1 1))) (= (_ bv0 1) (select |old(#valid)| |h_safe_#res.base|)))} is VALID [2020-07-29 01:06:03,104 INFO L280 TraceCheckUtils]: 13: Hoare triple {1387#(and (= |#valid| (store |old(#valid)| |h_safe_#res.base| (_ bv1 1))) (= (_ bv0 1) (select |old(#valid)| |h_safe_#res.base|)))} assume true; {1387#(and (= |#valid| (store |old(#valid)| |h_safe_#res.base| (_ bv1 1))) (= (_ bv0 1) (select |old(#valid)| |h_safe_#res.base|)))} is VALID [2020-07-29 01:06:03,106 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {1387#(and (= |#valid| (store |old(#valid)| |h_safe_#res.base| (_ bv1 1))) (= (_ bv0 1) (select |old(#valid)| |h_safe_#res.base|)))} {1360#(= |#valid| |old(#valid)|)} #441#return; {1394#(and (= (_ bv0 1) (select |old(#valid)| |entry_point_#t~ret39.base|)) (= |#valid| (store |old(#valid)| |entry_point_#t~ret39.base| (_ bv1 1))))} is VALID [2020-07-29 01:06:03,106 INFO L280 TraceCheckUtils]: 15: Hoare triple {1394#(and (= (_ bv0 1) (select |old(#valid)| |entry_point_#t~ret39.base|)) (= |#valid| (store |old(#valid)| |entry_point_#t~ret39.base| (_ bv1 1))))} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {1398#(and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv1 1))))} is VALID [2020-07-29 01:06:03,107 INFO L280 TraceCheckUtils]: 16: Hoare triple {1398#(and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv1 1))))} assume ~p~0.base != 0bv32 || ~p~0.offset != 0bv32; {1398#(and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv1 1))))} is VALID [2020-07-29 01:06:03,108 INFO L280 TraceCheckUtils]: 17: Hoare triple {1398#(and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv1 1))))} assume 0bv32 == ~p~0.offset; {1398#(and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv1 1))))} is VALID [2020-07-29 01:06:03,109 INFO L280 TraceCheckUtils]: 18: Hoare triple {1398#(and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv1 1))))} assume ~bvult32(~p~0.base, #StackHeapBarrier); {1398#(and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv1 1))))} is VALID [2020-07-29 01:06:03,111 INFO L280 TraceCheckUtils]: 19: Hoare triple {1398#(and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv1 1))))} assume 0bv32 == ~p~0.base || 1bv1 == #valid[~p~0.base];call ULTIMATE.dealloc(~p~0.base, ~p~0.offset); {1411#(exists ((entry_point_~p~0.base (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv0 1)))))} is VALID [2020-07-29 01:06:03,112 INFO L280 TraceCheckUtils]: 20: Hoare triple {1411#(exists ((entry_point_~p~0.base (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv0 1)))))} assume true; {1411#(exists ((entry_point_~p~0.base (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv0 1)))))} is VALID [2020-07-29 01:06:03,113 INFO L275 TraceCheckUtils]: 21: Hoare quadruple {1411#(exists ((entry_point_~p~0.base (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv0 1)))))} {1360#(= |#valid| |old(#valid)|)} #415#return; {1411#(exists ((entry_point_~p~0.base (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv0 1)))))} is VALID [2020-07-29 01:06:03,114 INFO L280 TraceCheckUtils]: 22: Hoare triple {1411#(exists ((entry_point_~p~0.base (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| entry_point_~p~0.base)) (= |#valid| (store |old(#valid)| entry_point_~p~0.base (_ bv0 1)))))} assume !(#valid == old(#valid)); {1344#false} is VALID [2020-07-29 01:06:03,117 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:06:03,117 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2020-07-29 01:06:16,617 WARN L838 $PredicateComparison]: unable to prove that (forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |c_#valid| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (not (= (select |c_#valid| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |c_old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1)))))))) is different from false [2020-07-29 01:06:16,658 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 6 [2020-07-29 01:06:16,685 INFO L440 ElimStorePlain]: Different costs {0=[|v_old(#valid)_BEFORE_CALL_10|], 5=[|v_old(#valid)_BEFORE_CALL_11|]} [2020-07-29 01:06:16,709 WARN L838 $PredicateComparison]: unable to prove that (forall ((|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (= (store |c_#valid| |c_h_safe_#res.base| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |c_old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |c_old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1)))))))) is different from false [2020-07-29 01:06:16,743 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 6 [2020-07-29 01:06:16,767 INFO L440 ElimStorePlain]: Different costs {0=[|v_old(#valid)_BEFORE_CALL_10|], 5=[|v_old(#valid)_BEFORE_CALL_11|]} [2020-07-29 01:06:16,836 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 6 [2020-07-29 01:06:16,860 INFO L440 ElimStorePlain]: Different costs {0=[|v_old(#valid)_BEFORE_CALL_10|], 5=[|v_old(#valid)_BEFORE_CALL_11|]} [2020-07-29 01:06:16,872 WARN L838 $PredicateComparison]: unable to prove that (forall ((|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |c_old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |c_old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1)))))) (= |v_old(#valid)_BEFORE_CALL_10| (store |c_#valid| |c_h_safe_#t~ret38.base| (_ bv0 1))))) is different from false [2020-07-29 01:06:16,877 WARN L860 $PredicateComparison]: unable to prove that (forall ((|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |c_old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |c_old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1)))))) (= |v_old(#valid)_BEFORE_CALL_10| (store |c_#valid| |c_h_safe_#t~ret38.base| (_ bv0 1))))) is different from true [2020-07-29 01:06:16,988 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 6 [2020-07-29 01:06:17,009 INFO L440 ElimStorePlain]: Different costs {0=[|v_old(#valid)_BEFORE_CALL_10|], 5=[|v_old(#valid)_BEFORE_CALL_11|]} [2020-07-29 01:06:17,036 WARN L860 $PredicateComparison]: unable to prove that (forall ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (not (= (select |c_#valid| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |c_old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |c_old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1)))))) (= (store |c_#valid| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|))) is different from true [2020-07-29 01:06:17,157 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 30 [2020-07-29 01:06:17,247 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 6 [2020-07-29 01:06:17,279 INFO L440 ElimStorePlain]: Different costs {0=[v_prenex_1, v_prenex_4], 5=[v_prenex_3]} [2020-07-29 01:06:17,321 INFO L440 ElimStorePlain]: Different costs {0=[|v_old(#valid)_BEFORE_CALL_10|], 5=[|v_old(#valid)_BEFORE_CALL_11|]} [2020-07-29 01:06:17,394 WARN L838 $PredicateComparison]: unable to prove that (forall ((|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1)))) (or (forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1)))) (or (= v_prenex_4 (store |c_#valid| |c_ldv_malloc_#res.base| (_ bv0 1))) (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |c_old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |c_old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1)))))) is different from false [2020-07-29 01:06:17,401 WARN L860 $PredicateComparison]: unable to prove that (forall ((|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1)))) (or (forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1)))) (or (= v_prenex_4 (store |c_#valid| |c_ldv_malloc_#res.base| (_ bv0 1))) (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |c_old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |c_old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1)))))) is different from true [2020-07-29 01:06:17,468 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 9 [2020-07-29 01:06:17,510 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 24 [2020-07-29 01:06:17,541 INFO L440 ElimStorePlain]: Different costs {0=[v_prenex_5, |v_old(#valid)_BEFORE_CALL_10|], 5=[|v_old(#valid)_BEFORE_CALL_11|]} [2020-07-29 01:06:17,574 INFO L440 ElimStorePlain]: Different costs {0=[v_prenex_4], 5=[v_prenex_3, |v_old(#valid)_BEFORE_CALL_12|]} [2020-07-29 01:06:17,688 WARN L838 $PredicateComparison]: unable to prove that (forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= v_prenex_4 (store |c_#valid| |c_ldv_malloc_#res.base| (_ bv0 1))) (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |c_old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |c_old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1)))))) is different from false [2020-07-29 01:06:17,697 WARN L860 $PredicateComparison]: unable to prove that (forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= v_prenex_4 (store |c_#valid| |c_ldv_malloc_#res.base| (_ bv0 1))) (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |c_old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |c_old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1)))))) is different from true [2020-07-29 01:06:19,805 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 8 [2020-07-29 01:06:19,831 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 12 [2020-07-29 01:06:19,860 INFO L440 ElimStorePlain]: Different costs {0=[v_prenex_5, |v_old(#valid)_BEFORE_CALL_10|], 5=[|v_old(#valid)_BEFORE_CALL_11|]} [2020-07-29 01:06:19,892 INFO L440 ElimStorePlain]: Different costs {0=[v_prenex_4], 5=[v_prenex_3, |v_old(#valid)_BEFORE_CALL_12|]} [2020-07-29 01:06:19,966 WARN L838 $PredicateComparison]: unable to prove that (forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1))) (|v_ldv_malloc_#res.base_55| (_ BitVec 32))) (or (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (= v_prenex_4 (store |c_#valid| |v_ldv_malloc_#res.base_55| (_ bv0 1))) (not (= (_ bv0 1) (select |c_#valid| |v_ldv_malloc_#res.base_55|))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |c_old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |c_old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1)))))) is different from false [2020-07-29 01:06:19,978 WARN L860 $PredicateComparison]: unable to prove that (forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1))) (|v_ldv_malloc_#res.base_55| (_ BitVec 32))) (or (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (= v_prenex_4 (store |c_#valid| |v_ldv_malloc_#res.base_55| (_ bv0 1))) (not (= (_ bv0 1) (select |c_#valid| |v_ldv_malloc_#res.base_55|))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |c_old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |c_old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1)))))) is different from true [2020-07-29 01:06:20,055 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 8 [2020-07-29 01:06:20,090 WARN L138 XnfTransformerHelper]: expecting exponential blowup for input size 12 [2020-07-29 01:06:20,140 INFO L440 ElimStorePlain]: Different costs {0=[v_prenex_5, |v_old(#valid)_BEFORE_CALL_10|], 5=[|v_old(#valid)_BEFORE_CALL_11|]} [2020-07-29 01:06:20,185 INFO L440 ElimStorePlain]: Different costs {0=[v_prenex_4], 5=[v_prenex_3, |v_old(#valid)_BEFORE_CALL_12|]} [2020-07-29 01:06:20,241 INFO L280 TraceCheckUtils]: 22: Hoare triple {1360#(= |#valid| |old(#valid)|)} assume !(#valid == old(#valid)); {1344#false} is VALID [2020-07-29 01:06:20,253 INFO L275 TraceCheckUtils]: 21: Hoare quadruple {1428#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |#valid| |v_old(#valid)_BEFORE_CALL_10|) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} {1424#(forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (not (= (select |#valid| v_entry_point_~p~0.base_18) (_ bv0 1))) (= (store |#valid| v_entry_point_~p~0.base_18 (_ bv0 1)) |old(#valid)|)))} #415#return; {1360#(= |#valid| |old(#valid)|)} is UNKNOWN [2020-07-29 01:06:20,272 INFO L280 TraceCheckUtils]: 20: Hoare triple {1428#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |#valid| |v_old(#valid)_BEFORE_CALL_10|) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} assume true; {1428#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |#valid| |v_old(#valid)_BEFORE_CALL_10|) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} is VALID [2020-07-29 01:06:20,300 INFO L280 TraceCheckUtils]: 19: Hoare triple {1435#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| entry_point_~p~0.base (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} assume 0bv32 == ~p~0.base || 1bv1 == #valid[~p~0.base];call ULTIMATE.dealloc(~p~0.base, ~p~0.offset); {1428#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |#valid| |v_old(#valid)_BEFORE_CALL_10|) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} is UNKNOWN [2020-07-29 01:06:20,318 INFO L280 TraceCheckUtils]: 18: Hoare triple {1435#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| entry_point_~p~0.base (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} assume ~bvult32(~p~0.base, #StackHeapBarrier); {1435#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| entry_point_~p~0.base (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} is VALID [2020-07-29 01:06:20,339 INFO L280 TraceCheckUtils]: 17: Hoare triple {1435#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| entry_point_~p~0.base (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} assume 0bv32 == ~p~0.offset; {1435#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| entry_point_~p~0.base (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} is VALID [2020-07-29 01:06:20,358 INFO L280 TraceCheckUtils]: 16: Hoare triple {1435#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| entry_point_~p~0.base (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} assume ~p~0.base != 0bv32 || ~p~0.offset != 0bv32; {1435#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| entry_point_~p~0.base (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} is VALID [2020-07-29 01:06:20,376 INFO L280 TraceCheckUtils]: 15: Hoare triple {1448#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| |entry_point_#t~ret39.base| (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} ~p~0.base, ~p~0.offset := #t~ret39.base, #t~ret39.offset;havoc #t~ret39.base, #t~ret39.offset; {1435#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| entry_point_~p~0.base (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} is VALID [2020-07-29 01:06:20,397 INFO L275 TraceCheckUtils]: 14: Hoare quadruple {1456#(forall ((|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (= (store |#valid| |h_safe_#res.base| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1))))))))} {1452#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (not (= (select |#valid| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} #441#return; {1448#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| |entry_point_#t~ret39.base| (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} is UNKNOWN [2020-07-29 01:06:20,419 INFO L280 TraceCheckUtils]: 13: Hoare triple {1456#(forall ((|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (= (store |#valid| |h_safe_#res.base| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1))))))))} assume true; {1456#(forall ((|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (= (store |#valid| |h_safe_#res.base| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1))))))))} is VALID [2020-07-29 01:06:20,439 INFO L280 TraceCheckUtils]: 12: Hoare triple {1463#(forall ((|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1)))))) (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| |h_safe_#t~ret38.base| (_ bv0 1)))))} #res.base, #res.offset := #t~ret38.base, #t~ret38.offset;havoc #t~ret38.base, #t~ret38.offset; {1456#(forall ((|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (= (store |#valid| |h_safe_#res.base| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1))))))))} is UNKNOWN [2020-07-29 01:06:20,474 INFO L275 TraceCheckUtils]: 11: Hoare quadruple {1471#(forall ((|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1)))) (or (forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1)))) (or (= v_prenex_4 (store |#valid| |ldv_malloc_#res.base| (_ bv0 1))) (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))))))} {1467#(forall ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (not (= (select |#valid| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1)))))) (= (store |#valid| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)))} #445#return; {1463#(forall ((|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1)))))) (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| |h_safe_#t~ret38.base| (_ bv0 1)))))} is UNKNOWN [2020-07-29 01:06:20,515 INFO L280 TraceCheckUtils]: 10: Hoare triple {1475#(forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= v_prenex_4 (store |#valid| |ldv_malloc_#res.base| (_ bv0 1))) (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))))))} assume true; {1471#(forall ((|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1)))) (or (forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1)))) (or (= v_prenex_4 (store |#valid| |ldv_malloc_#res.base| (_ bv0 1))) (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))))))} is UNKNOWN [2020-07-29 01:06:20,563 INFO L280 TraceCheckUtils]: 9: Hoare triple {1479#(forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1))) (|v_ldv_malloc_#res.base_55| (_ BitVec 32))) (or (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (= v_prenex_4 (store |#valid| |v_ldv_malloc_#res.base_55| (_ bv0 1))) (not (= (_ bv0 1) (select |#valid| |v_ldv_malloc_#res.base_55|))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))))))} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset; {1475#(forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= v_prenex_4 (store |#valid| |ldv_malloc_#res.base| (_ bv0 1))) (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))))))} is UNKNOWN [2020-07-29 01:06:20,565 INFO L280 TraceCheckUtils]: 8: Hoare triple {1479#(forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1))) (|v_ldv_malloc_#res.base_55| (_ BitVec 32))) (or (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (= v_prenex_4 (store |#valid| |v_ldv_malloc_#res.base_55| (_ bv0 1))) (not (= (_ bv0 1) (select |#valid| |v_ldv_malloc_#res.base_55|))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))))))} ~size := #in~size; {1479#(forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1))) (|v_ldv_malloc_#res.base_55| (_ BitVec 32))) (or (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (= v_prenex_4 (store |#valid| |v_ldv_malloc_#res.base_55| (_ bv0 1))) (not (= (_ bv0 1) (select |#valid| |v_ldv_malloc_#res.base_55|))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))))))} is VALID [2020-07-29 01:06:20,595 INFO L263 TraceCheckUtils]: 7: Hoare triple {1467#(forall ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (not (= (select |#valid| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1)))))) (= (store |#valid| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)))} call #t~ret38.base, #t~ret38.offset := ldv_malloc(4bv32); {1479#(forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1))) (|v_ldv_malloc_#res.base_55| (_ BitVec 32))) (or (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (= v_prenex_4 (store |#valid| |v_ldv_malloc_#res.base_55| (_ bv0 1))) (not (= (_ bv0 1) (select |#valid| |v_ldv_malloc_#res.base_55|))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))))))} is UNKNOWN [2020-07-29 01:06:20,603 INFO L263 TraceCheckUtils]: 6: Hoare triple {1452#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (not (= (select |#valid| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} call #t~ret39.base, #t~ret39.offset := h_safe(); {1467#(forall ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (not (= (select |#valid| |v_h_safe_#t~ret38.base_66|) (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1)))))) (= (store |#valid| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)))} is UNKNOWN [2020-07-29 01:06:20,606 INFO L263 TraceCheckUtils]: 5: Hoare triple {1424#(forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (not (= (select |#valid| v_entry_point_~p~0.base_18) (_ bv0 1))) (= (store |#valid| v_entry_point_~p~0.base_18 (_ bv0 1)) |old(#valid)|)))} call entry_point(); {1452#(forall ((|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= |v_old(#valid)_BEFORE_CALL_10| (store |#valid| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (not (= (select |#valid| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))) (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (= (_ bv0 1) (select |old(#valid)| v_entry_point_~p~0.base_18)) (not (= |v_old(#valid)_BEFORE_CALL_10| (store |old(#valid)| v_entry_point_~p~0.base_18 (_ bv0 1))))))))} is VALID [2020-07-29 01:06:20,609 INFO L263 TraceCheckUtils]: 4: Hoare triple {1343#true} call main(); {1424#(forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (not (= (select |#valid| v_entry_point_~p~0.base_18) (_ bv0 1))) (= (store |#valid| v_entry_point_~p~0.base_18 (_ bv0 1)) |old(#valid)|)))} is VALID [2020-07-29 01:06:20,610 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1343#true} {1343#true} #453#return; {1343#true} is VALID [2020-07-29 01:06:20,610 INFO L280 TraceCheckUtils]: 2: Hoare triple {1343#true} assume true; {1343#true} is VALID [2020-07-29 01:06:20,610 INFO L280 TraceCheckUtils]: 1: Hoare triple {1343#true} #NULL.base, #NULL.offset := 0bv32, 0bv32;#valid := #valid[0bv32 := 0bv1];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;call ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := #Ultimate.allocOnStack(8bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {1343#true} is VALID [2020-07-29 01:06:20,611 INFO L263 TraceCheckUtils]: 0: Hoare triple {1343#true} call ULTIMATE.init(); {1343#true} is VALID [2020-07-29 01:06:20,618 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 01:06:20,618 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2008737409] [2020-07-29 01:06:20,619 INFO L220 FreeRefinementEngine]: Constructing automaton from 2 perfect and 0 imperfect interpolant sequences. [2020-07-29 01:06:20,619 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8, 13] imperfect sequences [] total 19 [2020-07-29 01:06:20,619 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [355687309] [2020-07-29 01:06:20,620 INFO L78 Accepts]: Start accepts. Automaton has 20 states. Word has length 23 [2020-07-29 01:06:20,620 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 01:06:20,620 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 20 states. [2020-07-29 01:06:20,982 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 26 inductive. 0 not inductive. 16 times theorem prover too weak to decide inductivity. [2020-07-29 01:06:20,983 INFO L459 AbstractCegarLoop]: Interpolant automaton has 20 states [2020-07-29 01:06:20,983 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2020-07-29 01:06:20,983 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 20 interpolants. [2020-07-29 01:06:20,983 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=43, Invalid=107, Unknown=34, NotChecked=196, Total=380 [2020-07-29 01:06:20,983 INFO L87 Difference]: Start difference. First operand 24 states and 23 transitions. Second operand 20 states. [2020-07-29 01:06:48,817 WARN L838 $PredicateComparison]: unable to prove that (and (forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1)))) (or (= v_prenex_4 (store |c_#valid| |c_ldv_malloc_#res.base| (_ bv0 1))) (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |c_old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |c_old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1)))))) (= (select |c_old(#valid)| |c_ldv_malloc_#res.base|) (_ bv0 1)) (= |c_#valid| (store |c_old(#valid)| |c_ldv_malloc_#res.base| (_ bv1 1)))) is different from false [2020-07-29 01:06:49,111 WARN L838 $PredicateComparison]: unable to prove that (and (forall ((|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1)))) (or (forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1)))) (or (= v_prenex_4 (store |c_#valid| |c_ldv_malloc_#res.base| (_ bv0 1))) (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |c_old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |c_old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1)))))) (= (select |c_old(#valid)| |c_ldv_malloc_#res.base|) (_ bv0 1)) (= |c_#valid| (store |c_old(#valid)| |c_ldv_malloc_#res.base| (_ bv1 1)))) is different from false [2020-07-29 01:06:49,118 WARN L860 $PredicateComparison]: unable to prove that (and (forall ((|v_old(#valid)_BEFORE_CALL_12| (Array (_ BitVec 32) (_ BitVec 1)))) (or (forall ((v_prenex_3 (Array (_ BitVec 32) (_ BitVec 1))) (v_prenex_4 (Array (_ BitVec 32) (_ BitVec 1)))) (or (= v_prenex_4 (store |c_#valid| |c_ldv_malloc_#res.base| (_ bv0 1))) (exists ((v_prenex_7 (_ BitVec 32)) (v_prenex_5 (Array (_ BitVec 32) (_ BitVec 1)))) (and (= (select |v_old(#valid)_BEFORE_CALL_12| v_prenex_7) (_ bv0 1)) (forall ((v_prenex_8 (_ BitVec 32))) (or (= v_prenex_5 (store v_prenex_3 v_prenex_8 (_ bv0 1))) (not (= (select v_prenex_3 v_prenex_8) (_ bv0 1))))) (not (= v_prenex_5 (store |v_old(#valid)_BEFORE_CALL_12| v_prenex_7 (_ bv0 1)))))) (exists ((v_prenex_6 (_ BitVec 32))) (and (= (select v_prenex_3 v_prenex_6) (_ bv0 1)) (not (= (store v_prenex_3 v_prenex_6 (_ bv0 1)) v_prenex_4)))))) (exists ((|v_h_safe_#t~ret38.base_66| (_ BitVec 32)) (|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (and (forall ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (or (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36| (_ bv0 1))) (exists ((v_prenex_2 (_ BitVec 32))) (and (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1)) (not (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1)))))) (not (= (select |v_old(#valid)_BEFORE_CALL_12| |v_entry_point_#t~ret39.base_36|) (_ bv0 1))))) (forall ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (or (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1))))) (not (= (store |c_old(#valid)| |v_h_safe_#t~ret38.base_66| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |c_old(#valid)| |v_h_safe_#t~ret38.base_66|) (_ bv0 1)))))) (= (select |c_old(#valid)| |c_ldv_malloc_#res.base|) (_ bv0 1)) (= |c_#valid| (store |c_old(#valid)| |c_ldv_malloc_#res.base| (_ bv1 1)))) is different from true [2020-07-29 01:06:49,718 WARN L838 $PredicateComparison]: unable to prove that (and (= (select |c_old(#valid)| |c_h_safe_#t~ret38.base|) (_ bv0 1)) (forall ((|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |c_old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |c_old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1)))))) (= |v_old(#valid)_BEFORE_CALL_10| (store |c_#valid| |c_h_safe_#t~ret38.base| (_ bv0 1))))) (= |c_#valid| (store |c_old(#valid)| |c_h_safe_#t~ret38.base| (_ bv1 1)))) is different from false [2020-07-29 01:06:49,900 WARN L838 $PredicateComparison]: unable to prove that (and (forall ((|v_old(#valid)_BEFORE_CALL_11| (Array (_ BitVec 32) (_ BitVec 1))) (|v_old(#valid)_BEFORE_CALL_10| (Array (_ BitVec 32) (_ BitVec 1)))) (or (exists ((v_entry_point_~p~0.base_18 (_ BitVec 32))) (and (not (= (store |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18 (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|)) (= (select |v_old(#valid)_BEFORE_CALL_11| v_entry_point_~p~0.base_18) (_ bv0 1)))) (= (store |c_#valid| |c_h_safe_#res.base| (_ bv0 1)) |v_old(#valid)_BEFORE_CALL_10|) (exists ((v_prenex_1 (Array (_ BitVec 32) (_ BitVec 1))) (|v_entry_point_#t~ret39.base_36| (_ BitVec 32))) (and (forall ((v_prenex_2 (_ BitVec 32))) (or (not (= (select |v_old(#valid)_BEFORE_CALL_11| v_prenex_2) (_ bv0 1))) (= v_prenex_1 (store |v_old(#valid)_BEFORE_CALL_11| v_prenex_2 (_ bv0 1))))) (= (select |c_old(#valid)| |v_entry_point_#t~ret39.base_36|) (_ bv0 1)) (not (= v_prenex_1 (store |c_old(#valid)| |v_entry_point_#t~ret39.base_36| (_ bv0 1)))))))) (= |c_#valid| (store |c_old(#valid)| |c_h_safe_#res.base| (_ bv1 1))) (= (_ bv0 1) (select |c_old(#valid)| |c_h_safe_#res.base|))) is different from false [2020-07-29 01:06:50,985 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:06:50,985 INFO L93 Difference]: Finished difference Result 23 states and 22 transitions. [2020-07-29 01:06:50,986 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2020-07-29 01:06:50,986 INFO L78 Accepts]: Start accepts. Automaton has 20 states. Word has length 23 [2020-07-29 01:06:50,986 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 01:06:50,986 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 20 states. [2020-07-29 01:06:50,988 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 23 transitions. [2020-07-29 01:06:50,988 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 20 states. [2020-07-29 01:06:50,989 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 23 transitions. [2020-07-29 01:06:50,990 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states and 23 transitions. [2020-07-29 01:06:51,238 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 23 edges. 14 inductive. 0 not inductive. 9 times theorem prover too weak to decide inductivity. [2020-07-29 01:06:51,238 INFO L225 Difference]: With dead ends: 23 [2020-07-29 01:06:51,238 INFO L226 Difference]: Without dead ends: 0 [2020-07-29 01:06:51,239 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 54 GetRequests, 28 SyntacticMatches, 1 SemanticMatches, 25 ConstructedPredicates, 11 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 14.1s TimeCoverageRelationStatistics Valid=66, Invalid=141, Unknown=77, NotChecked=418, Total=702 [2020-07-29 01:06:51,239 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2020-07-29 01:06:51,240 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2020-07-29 01:06:51,240 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 01:06:51,240 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand 0 states. [2020-07-29 01:06:51,240 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand 0 states. [2020-07-29 01:06:51,240 INFO L87 Difference]: Start difference. First operand 0 states. Second operand 0 states. [2020-07-29 01:06:51,241 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:06:51,241 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2020-07-29 01:06:51,241 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2020-07-29 01:06:51,241 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:06:51,241 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:06:51,241 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand 0 states. [2020-07-29 01:06:51,242 INFO L87 Difference]: Start difference. First operand 0 states. Second operand 0 states. [2020-07-29 01:06:51,242 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 01:06:51,242 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2020-07-29 01:06:51,242 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2020-07-29 01:06:51,242 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:06:51,242 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 01:06:51,242 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 01:06:51,242 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 01:06:51,243 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 0 states. [2020-07-29 01:06:51,243 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2020-07-29 01:06:51,243 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 23 [2020-07-29 01:06:51,243 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 01:06:51,243 INFO L479 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2020-07-29 01:06:51,243 INFO L480 AbstractCegarLoop]: Interpolant automaton has 20 states. [2020-07-29 01:06:51,243 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2020-07-29 01:06:51,243 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 01:06:51,444 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 mathsat -unsat_core_generation=3 [2020-07-29 01:06:51,453 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 29.07 01:06:51 BoogieIcfgContainer [2020-07-29 01:06:51,453 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2020-07-29 01:06:51,454 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2020-07-29 01:06:51,454 INFO L271 PluginConnector]: Initializing Witness Printer... [2020-07-29 01:06:51,454 INFO L275 PluginConnector]: Witness Printer initialized [2020-07-29 01:06:51,455 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 01:05:54" (3/4) ... [2020-07-29 01:06:51,458 INFO L137 WitnessPrinter]: Generating witness for correct program [2020-07-29 01:06:51,466 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_submit_msg [2020-07-29 01:06:51,466 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ULTIMATE.setCurrentRoundingMode [2020-07-29 01:06:51,466 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kobject_create [2020-07-29 01:06:51,466 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kobject_del [2020-07-29 01:06:51,466 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_positive [2020-07-29 01:06:51,467 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __ldv_list_del [2020-07-29 01:06:51,467 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __bswap_64 [2020-07-29 01:06:51,467 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __uint64_identity [2020-07-29 01:06:51,467 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_msg_free [2020-07-29 01:06:51,467 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure main [2020-07-29 01:06:51,467 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_list_del [2020-07-29 01:06:51,468 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kref_get [2020-07-29 01:06:51,468 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kobject_put [2020-07-29 01:06:51,468 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __uint32_identity [2020-07-29 01:06:51,468 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kobject_init [2020-07-29 01:06:51,468 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ##fun~$Pointer$~TO~VOID [2020-07-29 01:06:51,468 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_atomic_sub_return [2020-07-29 01:06:51,469 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_list_add_tail [2020-07-29 01:06:51,469 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __uint16_identity [2020-07-29 01:06:51,469 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_nonpositive [2020-07-29 01:06:51,469 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure #Ultimate.meminit [2020-07-29 01:06:51,469 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure entry_point [2020-07-29 01:06:51,469 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_msg_alloc [2020-07-29 01:06:51,470 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kobject_init_internal [2020-07-29 01:06:51,470 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kref_init [2020-07-29 01:06:51,470 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_list_add [2020-07-29 01:06:51,470 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_destroy_msgs [2020-07-29 01:06:51,470 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_msg_fill [2020-07-29 01:06:51,470 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kref_sub [2020-07-29 01:06:51,471 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure #Ultimate.C_memset [2020-07-29 01:06:51,471 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_atomic_add_return [2020-07-29 01:06:51,471 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure f [2020-07-29 01:06:51,471 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kobject_release [2020-07-29 01:06:51,471 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure g [2020-07-29 01:06:51,471 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __bswap_32 [2020-07-29 01:06:51,472 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kobject_cleanup [2020-07-29 01:06:51,472 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure #Ultimate.C_memcpy [2020-07-29 01:06:51,472 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure LDV_INIT_LIST_HEAD [2020-07-29 01:06:51,472 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure h_safe [2020-07-29 01:06:51,472 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __ldv_list_add [2020-07-29 01:06:51,472 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ULTIMATE.init [2020-07-29 01:06:51,472 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_malloc [2020-07-29 01:06:51,473 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_dev_set_drvdata [2020-07-29 01:06:51,473 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_zalloc [2020-07-29 01:06:51,473 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kref_put [2020-07-29 01:06:51,473 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_kobject_get [2020-07-29 01:06:51,474 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ldv_dev_get_drvdata [2020-07-29 01:06:51,483 INFO L902 BoogieBacktranslator]: Reduced CFG by removing 36 nodes and edges [2020-07-29 01:06:51,483 INFO L902 BoogieBacktranslator]: Reduced CFG by removing 9 nodes and edges [2020-07-29 01:06:51,484 INFO L902 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2020-07-29 01:06:51,484 INFO L902 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2020-07-29 01:06:51,484 INFO L902 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2020-07-29 01:06:51,581 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2020-07-29 01:06:51,582 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2020-07-29 01:06:51,584 INFO L168 Benchmark]: Toolchain (without parser) took 60379.28 ms. Allocated memory was 1.0 GB in the beginning and 1.4 GB in the end (delta: 340.3 MB). Free memory was 953.5 MB in the beginning and 1.1 GB in the end (delta: -134.7 MB). Peak memory consumption was 205.5 MB. Max. memory is 11.5 GB. [2020-07-29 01:06:51,584 INFO L168 Benchmark]: CDTParser took 0.29 ms. Allocated memory is still 1.0 GB. Free memory is still 981.7 MB. There was no memory consumed. Max. memory is 11.5 GB. [2020-07-29 01:06:51,585 INFO L168 Benchmark]: CACSL2BoogieTranslator took 987.60 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 144.7 MB). Free memory was 948.1 MB in the beginning and 1.1 GB in the end (delta: -151.1 MB). Peak memory consumption was 20.9 MB. Max. memory is 11.5 GB. [2020-07-29 01:06:51,585 INFO L168 Benchmark]: Boogie Preprocessor took 153.57 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 6.6 MB). Peak memory consumption was 6.6 MB. Max. memory is 11.5 GB. [2020-07-29 01:06:51,586 INFO L168 Benchmark]: RCFGBuilder took 1927.31 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 927.9 MB in the end (delta: 164.7 MB). Peak memory consumption was 164.7 MB. Max. memory is 11.5 GB. [2020-07-29 01:06:51,586 INFO L168 Benchmark]: TraceAbstraction took 57172.90 ms. Allocated memory was 1.2 GB in the beginning and 1.4 GB in the end (delta: 195.6 MB). Free memory was 921.3 MB in the beginning and 1.1 GB in the end (delta: -176.4 MB). Peak memory consumption was 19.2 MB. Max. memory is 11.5 GB. [2020-07-29 01:06:51,587 INFO L168 Benchmark]: Witness Printer took 128.13 ms. Allocated memory is still 1.4 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 9.4 MB). Peak memory consumption was 9.4 MB. Max. memory is 11.5 GB. [2020-07-29 01:06:51,588 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.29 ms. Allocated memory is still 1.0 GB. Free memory is still 981.7 MB. There was no memory consumed. Max. memory is 11.5 GB. * CACSL2BoogieTranslator took 987.60 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 144.7 MB). Free memory was 948.1 MB in the beginning and 1.1 GB in the end (delta: -151.1 MB). Peak memory consumption was 20.9 MB. Max. memory is 11.5 GB. * Boogie Preprocessor took 153.57 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 6.6 MB). Peak memory consumption was 6.6 MB. Max. memory is 11.5 GB. * RCFGBuilder took 1927.31 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 927.9 MB in the end (delta: 164.7 MB). Peak memory consumption was 164.7 MB. Max. memory is 11.5 GB. * TraceAbstraction took 57172.90 ms. Allocated memory was 1.2 GB in the beginning and 1.4 GB in the end (delta: 195.6 MB). Free memory was 921.3 MB in the beginning and 1.1 GB in the end (delta: -176.4 MB). Peak memory consumption was 19.2 MB. Max. memory is 11.5 GB. * Witness Printer took 128.13 ms. Allocated memory is still 1.4 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 9.4 MB). Peak memory consumption was 9.4 MB. Max. memory is 11.5 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - PositiveResult [Line: 682]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 682]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 559]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 559]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 744]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 744]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 607]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 607]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 607]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 607]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 607]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 607]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 587]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 588]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 587]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 588]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 587]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 587]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 658]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 658]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 660]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 660]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 554]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 554]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 555]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 555]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 700]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 702]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 702]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 702]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 699]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 700]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 699]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 700]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 594]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 594]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 593]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 593]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 593]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 594]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 593]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 593]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 764]: all allocated memory was freed For all program executions holds that all allocated memory was freed at this location - PositiveResult [Line: 541]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 541]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 540]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 540]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 567]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 567]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 567]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 567]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 549]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 547]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 547]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 550]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 550]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 548]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 548]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 549]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 623]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 623]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 666]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 666]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 668]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 668]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 563]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 563]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 619]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 619]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 762]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 762]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 762]: free always succeeds For all program executions holds that free always succeeds at this location - PositiveResult [Line: 578]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 578]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - AllSpecificationsHoldResult: All specifications hold 74 specifications checked. All of them hold - StatisticsResult: Ultimate Automizer benchmark data CFG has 48 procedures, 340 locations, 74 error locations. Started 1 CEGAR loops. VerificationResult: SAFE, OverallTime: 57.0s, OverallIterations: 6, TraceHistogramMax: 1, AutomataDifference: 32.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 131 SDtfs, 34 SDslu, 436 SDs, 0 SdLazy, 340 SolverSat, 13 SolverUnsat, 21 SolverUnknown, 0 SolverNotchecked, 16.8s Time, PredicateUnifierStatistics: 0 DeclaredPredicates, 243 GetRequests, 189 SyntacticMatches, 2 SemanticMatches, 52 ConstructedPredicates, 11 IntricatePredicates, 0 DeprecatedPredicates, 19 ImplicationChecksByTransitivity, 14.6s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=100occurred in iteration=0, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.1s AutomataMinimizationTime, 6 MinimizatonAttempts, 7 StatesRemovedByMinimization, 2 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 21.8s InterpolantComputationTime, 120 NumberOfCodeBlocks, 120 NumberOfCodeBlocksAsserted, 6 NumberOfCheckSat, 228 ConstructedInterpolants, 20 QuantifiedInterpolants, 33040 SizeOfPredicates, 8 NumberOfNonLiveVariables, 454 ConjunctsInSsa, 59 ConjunctsInUnsatCore, 12 InterpolantComputations, 12 PerfectInterpolantSequences, 0/0 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available RESULT: Ultimate proved your program to be correct! Received shutdown request...