./Ultimate.py --spec ../sv-benchmarks/c/properties/valid-memsafety.prp --file ../sv-benchmarks/c/array-memsafety/strreplace-alloca-2.i --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version 8bd4bc60 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx12G -Xms1G -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/array-memsafety/strreplace-alloca-2.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 50bdaf600d03af0a677a59daf6a875dbe69c10b2 ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... Execution finished normally Writing output log to file Ultimate.log Result: TRUE --- Real Ultimate output --- This is Ultimate 0.1.25-8bd4bc6 [2020-07-29 00:52:38,278 INFO L177 SettingsManager]: Resetting all preferences to default values... [2020-07-29 00:52:38,283 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2020-07-29 00:52:38,300 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2020-07-29 00:52:38,301 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2020-07-29 00:52:38,303 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2020-07-29 00:52:38,305 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2020-07-29 00:52:38,316 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2020-07-29 00:52:38,321 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2020-07-29 00:52:38,323 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2020-07-29 00:52:38,325 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2020-07-29 00:52:38,327 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2020-07-29 00:52:38,327 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2020-07-29 00:52:38,331 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2020-07-29 00:52:38,332 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2020-07-29 00:52:38,333 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2020-07-29 00:52:38,335 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2020-07-29 00:52:38,336 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2020-07-29 00:52:38,338 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2020-07-29 00:52:38,342 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2020-07-29 00:52:38,347 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2020-07-29 00:52:38,351 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2020-07-29 00:52:38,353 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2020-07-29 00:52:38,354 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2020-07-29 00:52:38,357 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2020-07-29 00:52:38,357 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2020-07-29 00:52:38,357 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2020-07-29 00:52:38,359 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2020-07-29 00:52:38,360 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2020-07-29 00:52:38,361 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2020-07-29 00:52:38,362 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2020-07-29 00:52:38,363 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2020-07-29 00:52:38,364 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2020-07-29 00:52:38,365 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2020-07-29 00:52:38,366 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2020-07-29 00:52:38,367 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2020-07-29 00:52:38,367 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2020-07-29 00:52:38,368 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2020-07-29 00:52:38,368 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2020-07-29 00:52:38,369 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2020-07-29 00:52:38,370 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2020-07-29 00:52:38,371 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2020-07-29 00:52:38,402 INFO L113 SettingsManager]: Loading preferences was successful [2020-07-29 00:52:38,403 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2020-07-29 00:52:38,410 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2020-07-29 00:52:38,410 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2020-07-29 00:52:38,410 INFO L138 SettingsManager]: * Use SBE=true [2020-07-29 00:52:38,410 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2020-07-29 00:52:38,411 INFO L138 SettingsManager]: * sizeof long=4 [2020-07-29 00:52:38,412 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2020-07-29 00:52:38,412 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2020-07-29 00:52:38,412 INFO L138 SettingsManager]: * sizeof POINTER=4 [2020-07-29 00:52:38,412 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2020-07-29 00:52:38,413 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2020-07-29 00:52:38,413 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2020-07-29 00:52:38,413 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2020-07-29 00:52:38,414 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2020-07-29 00:52:38,414 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2020-07-29 00:52:38,414 INFO L138 SettingsManager]: * sizeof long double=12 [2020-07-29 00:52:38,414 INFO L138 SettingsManager]: * Use constant arrays=true [2020-07-29 00:52:38,415 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2020-07-29 00:52:38,415 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2020-07-29 00:52:38,415 INFO L138 SettingsManager]: * To the following directory=./dump/ [2020-07-29 00:52:38,416 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2020-07-29 00:52:38,416 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-29 00:52:38,416 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2020-07-29 00:52:38,416 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2020-07-29 00:52:38,417 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2020-07-29 00:52:38,417 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2020-07-29 00:52:38,417 INFO L138 SettingsManager]: * Trace refinement exception blacklist=NONE [2020-07-29 00:52:38,417 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 50bdaf600d03af0a677a59daf6a875dbe69c10b2 [2020-07-29 00:52:38,715 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2020-07-29 00:52:38,728 INFO L258 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2020-07-29 00:52:38,731 INFO L214 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2020-07-29 00:52:38,733 INFO L271 PluginConnector]: Initializing CDTParser... [2020-07-29 00:52:38,734 INFO L275 PluginConnector]: CDTParser initialized [2020-07-29 00:52:38,734 INFO L429 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/array-memsafety/strreplace-alloca-2.i [2020-07-29 00:52:38,813 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/46f1da572/168a149a229d474da6497b54985b3160/FLAGe225c7999 [2020-07-29 00:52:39,317 INFO L306 CDTParser]: Found 1 translation units. [2020-07-29 00:52:39,317 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/array-memsafety/strreplace-alloca-2.i [2020-07-29 00:52:39,329 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/46f1da572/168a149a229d474da6497b54985b3160/FLAGe225c7999 [2020-07-29 00:52:39,617 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/46f1da572/168a149a229d474da6497b54985b3160 [2020-07-29 00:52:39,621 INFO L296 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2020-07-29 00:52:39,623 INFO L131 ToolchainWalker]: Walking toolchain with 5 elements. [2020-07-29 00:52:39,624 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2020-07-29 00:52:39,624 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2020-07-29 00:52:39,628 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2020-07-29 00:52:39,630 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 29.07 12:52:39" (1/1) ... [2020-07-29 00:52:39,633 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@65311a1d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:52:39, skipping insertion in model container [2020-07-29 00:52:39,633 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 29.07 12:52:39" (1/1) ... [2020-07-29 00:52:39,639 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2020-07-29 00:52:39,691 INFO L178 MainTranslator]: Built tables and reachable declarations [2020-07-29 00:52:40,099 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-29 00:52:40,117 INFO L203 MainTranslator]: Completed pre-run [2020-07-29 00:52:40,186 INFO L206 PostProcessor]: Analyzing one entry point: main [2020-07-29 00:52:40,243 INFO L208 MainTranslator]: Completed translation [2020-07-29 00:52:40,244 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:52:40 WrapperNode [2020-07-29 00:52:40,244 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2020-07-29 00:52:40,245 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2020-07-29 00:52:40,245 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2020-07-29 00:52:40,245 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2020-07-29 00:52:40,259 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:52:40" (1/1) ... [2020-07-29 00:52:40,259 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:52:40" (1/1) ... [2020-07-29 00:52:40,287 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:52:40" (1/1) ... [2020-07-29 00:52:40,287 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:52:40" (1/1) ... [2020-07-29 00:52:40,314 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:52:40" (1/1) ... [2020-07-29 00:52:40,327 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:52:40" (1/1) ... [2020-07-29 00:52:40,332 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:52:40" (1/1) ... [2020-07-29 00:52:40,341 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2020-07-29 00:52:40,342 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2020-07-29 00:52:40,343 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2020-07-29 00:52:40,343 INFO L275 PluginConnector]: RCFGBuilder initialized [2020-07-29 00:52:40,344 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:52:40" (1/1) ... No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 1 with z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2020-07-29 00:52:40,415 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.init [2020-07-29 00:52:40,415 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2020-07-29 00:52:40,415 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_32 [2020-07-29 00:52:40,415 INFO L138 BoogieDeclarations]: Found implementation of procedure __bswap_64 [2020-07-29 00:52:40,416 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint16_identity [2020-07-29 00:52:40,416 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint32_identity [2020-07-29 00:52:40,416 INFO L138 BoogieDeclarations]: Found implementation of procedure __uint64_identity [2020-07-29 00:52:40,416 INFO L138 BoogieDeclarations]: Found implementation of procedure cstrreplace [2020-07-29 00:52:40,416 INFO L138 BoogieDeclarations]: Found implementation of procedure main [2020-07-29 00:52:40,416 INFO L130 BoogieDeclarations]: Found specification of procedure __ctype_get_mb_cur_max [2020-07-29 00:52:40,417 INFO L130 BoogieDeclarations]: Found specification of procedure atof [2020-07-29 00:52:40,417 INFO L130 BoogieDeclarations]: Found specification of procedure atoi [2020-07-29 00:52:40,417 INFO L130 BoogieDeclarations]: Found specification of procedure atol [2020-07-29 00:52:40,417 INFO L130 BoogieDeclarations]: Found specification of procedure atoll [2020-07-29 00:52:40,417 INFO L130 BoogieDeclarations]: Found specification of procedure strtod [2020-07-29 00:52:40,418 INFO L130 BoogieDeclarations]: Found specification of procedure strtof [2020-07-29 00:52:40,418 INFO L130 BoogieDeclarations]: Found specification of procedure strtold [2020-07-29 00:52:40,418 INFO L130 BoogieDeclarations]: Found specification of procedure strtol [2020-07-29 00:52:40,418 INFO L130 BoogieDeclarations]: Found specification of procedure strtoul [2020-07-29 00:52:40,418 INFO L130 BoogieDeclarations]: Found specification of procedure strtoq [2020-07-29 00:52:40,418 INFO L130 BoogieDeclarations]: Found specification of procedure strtouq [2020-07-29 00:52:40,419 INFO L130 BoogieDeclarations]: Found specification of procedure strtoll [2020-07-29 00:52:40,419 INFO L130 BoogieDeclarations]: Found specification of procedure strtoull [2020-07-29 00:52:40,419 INFO L130 BoogieDeclarations]: Found specification of procedure l64a [2020-07-29 00:52:40,419 INFO L130 BoogieDeclarations]: Found specification of procedure a64l [2020-07-29 00:52:40,419 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_32 [2020-07-29 00:52:40,419 INFO L130 BoogieDeclarations]: Found specification of procedure __bswap_64 [2020-07-29 00:52:40,420 INFO L130 BoogieDeclarations]: Found specification of procedure __uint16_identity [2020-07-29 00:52:40,420 INFO L130 BoogieDeclarations]: Found specification of procedure __uint32_identity [2020-07-29 00:52:40,420 INFO L130 BoogieDeclarations]: Found specification of procedure __uint64_identity [2020-07-29 00:52:40,420 INFO L130 BoogieDeclarations]: Found specification of procedure select [2020-07-29 00:52:40,420 INFO L130 BoogieDeclarations]: Found specification of procedure pselect [2020-07-29 00:52:40,420 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_major [2020-07-29 00:52:40,420 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_minor [2020-07-29 00:52:40,421 INFO L130 BoogieDeclarations]: Found specification of procedure gnu_dev_makedev [2020-07-29 00:52:40,421 INFO L130 BoogieDeclarations]: Found specification of procedure random [2020-07-29 00:52:40,421 INFO L130 BoogieDeclarations]: Found specification of procedure srandom [2020-07-29 00:52:40,421 INFO L130 BoogieDeclarations]: Found specification of procedure initstate [2020-07-29 00:52:40,421 INFO L130 BoogieDeclarations]: Found specification of procedure setstate [2020-07-29 00:52:40,421 INFO L130 BoogieDeclarations]: Found specification of procedure random_r [2020-07-29 00:52:40,421 INFO L130 BoogieDeclarations]: Found specification of procedure srandom_r [2020-07-29 00:52:40,421 INFO L130 BoogieDeclarations]: Found specification of procedure initstate_r [2020-07-29 00:52:40,422 INFO L130 BoogieDeclarations]: Found specification of procedure setstate_r [2020-07-29 00:52:40,422 INFO L130 BoogieDeclarations]: Found specification of procedure rand [2020-07-29 00:52:40,422 INFO L130 BoogieDeclarations]: Found specification of procedure srand [2020-07-29 00:52:40,422 INFO L130 BoogieDeclarations]: Found specification of procedure rand_r [2020-07-29 00:52:40,422 INFO L130 BoogieDeclarations]: Found specification of procedure drand48 [2020-07-29 00:52:40,423 INFO L130 BoogieDeclarations]: Found specification of procedure erand48 [2020-07-29 00:52:40,423 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48 [2020-07-29 00:52:40,423 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48 [2020-07-29 00:52:40,423 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48 [2020-07-29 00:52:40,423 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48 [2020-07-29 00:52:40,424 INFO L130 BoogieDeclarations]: Found specification of procedure srand48 [2020-07-29 00:52:40,424 INFO L130 BoogieDeclarations]: Found specification of procedure seed48 [2020-07-29 00:52:40,424 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48 [2020-07-29 00:52:40,424 INFO L130 BoogieDeclarations]: Found specification of procedure drand48_r [2020-07-29 00:52:40,425 INFO L130 BoogieDeclarations]: Found specification of procedure erand48_r [2020-07-29 00:52:40,425 INFO L130 BoogieDeclarations]: Found specification of procedure lrand48_r [2020-07-29 00:52:40,425 INFO L130 BoogieDeclarations]: Found specification of procedure nrand48_r [2020-07-29 00:52:40,425 INFO L130 BoogieDeclarations]: Found specification of procedure mrand48_r [2020-07-29 00:52:40,425 INFO L130 BoogieDeclarations]: Found specification of procedure jrand48_r [2020-07-29 00:52:40,426 INFO L130 BoogieDeclarations]: Found specification of procedure srand48_r [2020-07-29 00:52:40,426 INFO L130 BoogieDeclarations]: Found specification of procedure seed48_r [2020-07-29 00:52:40,426 INFO L130 BoogieDeclarations]: Found specification of procedure lcong48_r [2020-07-29 00:52:40,426 INFO L130 BoogieDeclarations]: Found specification of procedure malloc [2020-07-29 00:52:40,426 INFO L130 BoogieDeclarations]: Found specification of procedure calloc [2020-07-29 00:52:40,426 INFO L130 BoogieDeclarations]: Found specification of procedure realloc [2020-07-29 00:52:40,426 INFO L130 BoogieDeclarations]: Found specification of procedure free [2020-07-29 00:52:40,427 INFO L130 BoogieDeclarations]: Found specification of procedure alloca [2020-07-29 00:52:40,427 INFO L130 BoogieDeclarations]: Found specification of procedure valloc [2020-07-29 00:52:40,427 INFO L130 BoogieDeclarations]: Found specification of procedure posix_memalign [2020-07-29 00:52:40,427 INFO L130 BoogieDeclarations]: Found specification of procedure aligned_alloc [2020-07-29 00:52:40,427 INFO L130 BoogieDeclarations]: Found specification of procedure abort [2020-07-29 00:52:40,427 INFO L130 BoogieDeclarations]: Found specification of procedure atexit [2020-07-29 00:52:40,428 INFO L130 BoogieDeclarations]: Found specification of procedure at_quick_exit [2020-07-29 00:52:40,428 INFO L130 BoogieDeclarations]: Found specification of procedure on_exit [2020-07-29 00:52:40,428 INFO L130 BoogieDeclarations]: Found specification of procedure exit [2020-07-29 00:52:40,428 INFO L130 BoogieDeclarations]: Found specification of procedure quick_exit [2020-07-29 00:52:40,428 INFO L130 BoogieDeclarations]: Found specification of procedure _Exit [2020-07-29 00:52:40,428 INFO L130 BoogieDeclarations]: Found specification of procedure getenv [2020-07-29 00:52:40,429 INFO L130 BoogieDeclarations]: Found specification of procedure putenv [2020-07-29 00:52:40,429 INFO L130 BoogieDeclarations]: Found specification of procedure setenv [2020-07-29 00:52:40,429 INFO L130 BoogieDeclarations]: Found specification of procedure unsetenv [2020-07-29 00:52:40,429 INFO L130 BoogieDeclarations]: Found specification of procedure clearenv [2020-07-29 00:52:40,429 INFO L130 BoogieDeclarations]: Found specification of procedure mktemp [2020-07-29 00:52:40,430 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemp [2020-07-29 00:52:40,430 INFO L130 BoogieDeclarations]: Found specification of procedure mkstemps [2020-07-29 00:52:40,430 INFO L130 BoogieDeclarations]: Found specification of procedure mkdtemp [2020-07-29 00:52:40,430 INFO L130 BoogieDeclarations]: Found specification of procedure system [2020-07-29 00:52:40,430 INFO L130 BoogieDeclarations]: Found specification of procedure realpath [2020-07-29 00:52:40,430 INFO L130 BoogieDeclarations]: Found specification of procedure bsearch [2020-07-29 00:52:40,430 INFO L130 BoogieDeclarations]: Found specification of procedure qsort [2020-07-29 00:52:40,431 INFO L130 BoogieDeclarations]: Found specification of procedure abs [2020-07-29 00:52:40,431 INFO L130 BoogieDeclarations]: Found specification of procedure labs [2020-07-29 00:52:40,431 INFO L130 BoogieDeclarations]: Found specification of procedure llabs [2020-07-29 00:52:40,431 INFO L130 BoogieDeclarations]: Found specification of procedure div [2020-07-29 00:52:40,431 INFO L130 BoogieDeclarations]: Found specification of procedure ldiv [2020-07-29 00:52:40,431 INFO L130 BoogieDeclarations]: Found specification of procedure lldiv [2020-07-29 00:52:40,431 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt [2020-07-29 00:52:40,432 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt [2020-07-29 00:52:40,432 INFO L130 BoogieDeclarations]: Found specification of procedure gcvt [2020-07-29 00:52:40,432 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt [2020-07-29 00:52:40,432 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt [2020-07-29 00:52:40,432 INFO L130 BoogieDeclarations]: Found specification of procedure qgcvt [2020-07-29 00:52:40,432 INFO L130 BoogieDeclarations]: Found specification of procedure ecvt_r [2020-07-29 00:52:40,432 INFO L130 BoogieDeclarations]: Found specification of procedure fcvt_r [2020-07-29 00:52:40,433 INFO L130 BoogieDeclarations]: Found specification of procedure qecvt_r [2020-07-29 00:52:40,433 INFO L130 BoogieDeclarations]: Found specification of procedure qfcvt_r [2020-07-29 00:52:40,433 INFO L130 BoogieDeclarations]: Found specification of procedure mblen [2020-07-29 00:52:40,433 INFO L130 BoogieDeclarations]: Found specification of procedure mbtowc [2020-07-29 00:52:40,433 INFO L130 BoogieDeclarations]: Found specification of procedure wctomb [2020-07-29 00:52:40,433 INFO L130 BoogieDeclarations]: Found specification of procedure mbstowcs [2020-07-29 00:52:40,433 INFO L130 BoogieDeclarations]: Found specification of procedure wcstombs [2020-07-29 00:52:40,433 INFO L130 BoogieDeclarations]: Found specification of procedure rpmatch [2020-07-29 00:52:40,434 INFO L130 BoogieDeclarations]: Found specification of procedure getsubopt [2020-07-29 00:52:40,434 INFO L130 BoogieDeclarations]: Found specification of procedure getloadavg [2020-07-29 00:52:40,434 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_int [2020-07-29 00:52:40,434 INFO L130 BoogieDeclarations]: Found specification of procedure __VERIFIER_nondet_char [2020-07-29 00:52:40,434 INFO L130 BoogieDeclarations]: Found specification of procedure cstrreplace [2020-07-29 00:52:40,434 INFO L130 BoogieDeclarations]: Found specification of procedure read~int [2020-07-29 00:52:40,434 INFO L130 BoogieDeclarations]: Found specification of procedure write~int [2020-07-29 00:52:40,435 INFO L130 BoogieDeclarations]: Found specification of procedure main [2020-07-29 00:52:40,435 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnStack [2020-07-29 00:52:40,435 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2020-07-29 00:52:40,435 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.init [2020-07-29 00:52:40,435 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2020-07-29 00:52:41,074 INFO L290 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2020-07-29 00:52:41,074 INFO L295 CfgBuilder]: Removed 2 assume(true) statements. [2020-07-29 00:52:41,078 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 12:52:41 BoogieIcfgContainer [2020-07-29 00:52:41,078 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2020-07-29 00:52:41,079 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2020-07-29 00:52:41,080 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2020-07-29 00:52:41,083 INFO L275 PluginConnector]: TraceAbstraction initialized [2020-07-29 00:52:41,083 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 29.07 12:52:39" (1/3) ... [2020-07-29 00:52:41,084 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@de0df07 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 29.07 12:52:41, skipping insertion in model container [2020-07-29 00:52:41,084 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 29.07 12:52:40" (2/3) ... [2020-07-29 00:52:41,085 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@de0df07 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 29.07 12:52:41, skipping insertion in model container [2020-07-29 00:52:41,085 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 12:52:41" (3/3) ... [2020-07-29 00:52:41,087 INFO L109 eAbstractionObserver]: Analyzing ICFG strreplace-alloca-2.i [2020-07-29 00:52:41,098 INFO L157 ceAbstractionStarter]: Automizer settings: Hoare:false NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2020-07-29 00:52:41,107 INFO L169 ceAbstractionStarter]: Appying trace abstraction to program that has 11 error locations. [2020-07-29 00:52:41,122 INFO L251 AbstractCegarLoop]: Starting to check reachability of 11 error locations. [2020-07-29 00:52:41,145 INFO L375 AbstractCegarLoop]: Interprodecural is true [2020-07-29 00:52:41,145 INFO L376 AbstractCegarLoop]: Hoare is false [2020-07-29 00:52:41,145 INFO L377 AbstractCegarLoop]: Compute interpolants for FPandBP [2020-07-29 00:52:41,145 INFO L378 AbstractCegarLoop]: Backedges is STRAIGHT_LINE [2020-07-29 00:52:41,146 INFO L379 AbstractCegarLoop]: Determinization is PREDICATE_ABSTRACTION [2020-07-29 00:52:41,146 INFO L380 AbstractCegarLoop]: Difference is false [2020-07-29 00:52:41,146 INFO L381 AbstractCegarLoop]: Minimize is MINIMIZE_SEVPA [2020-07-29 00:52:41,146 INFO L385 AbstractCegarLoop]: ======== Iteration 0==of CEGAR loop == AllErrorsAtOnce======== [2020-07-29 00:52:41,163 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states. [2020-07-29 00:52:41,173 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 11 [2020-07-29 00:52:41,173 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:41,174 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:41,175 INFO L427 AbstractCegarLoop]: === Iteration 1 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:41,181 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:41,182 INFO L82 PathProgramCache]: Analyzing trace with hash -610270170, now seen corresponding path program 1 times [2020-07-29 00:52:41,193 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:41,193 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1461598888] [2020-07-29 00:52:41,194 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:41,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:41,408 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:41,410 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:41,426 INFO L280 TraceCheckUtils]: 0: Hoare triple {51#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {45#true} is VALID [2020-07-29 00:52:41,427 INFO L280 TraceCheckUtils]: 1: Hoare triple {45#true} assume true; {45#true} is VALID [2020-07-29 00:52:41,427 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {45#true} {45#true} #83#return; {45#true} is VALID [2020-07-29 00:52:41,431 INFO L263 TraceCheckUtils]: 0: Hoare triple {45#true} call ULTIMATE.init(); {51#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:41,432 INFO L280 TraceCheckUtils]: 1: Hoare triple {51#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {45#true} is VALID [2020-07-29 00:52:41,432 INFO L280 TraceCheckUtils]: 2: Hoare triple {45#true} assume true; {45#true} is VALID [2020-07-29 00:52:41,432 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {45#true} {45#true} #83#return; {45#true} is VALID [2020-07-29 00:52:41,433 INFO L263 TraceCheckUtils]: 4: Hoare triple {45#true} call #t~ret13 := main(); {45#true} is VALID [2020-07-29 00:52:41,433 INFO L280 TraceCheckUtils]: 5: Hoare triple {45#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {45#true} is VALID [2020-07-29 00:52:41,434 INFO L280 TraceCheckUtils]: 6: Hoare triple {45#true} assume ~length1~0 < 1;~length1~0 := 1; {45#true} is VALID [2020-07-29 00:52:41,435 INFO L280 TraceCheckUtils]: 7: Hoare triple {45#true} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {50#(= 1 (select |#valid| main_~nondetString1~0.base))} is VALID [2020-07-29 00:52:41,436 INFO L280 TraceCheckUtils]: 8: Hoare triple {50#(= 1 (select |#valid| main_~nondetString1~0.base))} assume !(~i~0 < ~length1~0 - 1); {50#(= 1 (select |#valid| main_~nondetString1~0.base))} is VALID [2020-07-29 00:52:41,437 INFO L280 TraceCheckUtils]: 9: Hoare triple {50#(= 1 (select |#valid| main_~nondetString1~0.base))} assume !(1 == #valid[~nondetString1~0.base]); {46#false} is VALID [2020-07-29 00:52:41,439 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:41,440 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1461598888] [2020-07-29 00:52:41,440 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:52:41,441 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2020-07-29 00:52:41,442 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [381113166] [2020-07-29 00:52:41,448 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 10 [2020-07-29 00:52:41,451 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:41,455 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states. [2020-07-29 00:52:41,477 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 10 edges. 10 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:41,477 INFO L459 AbstractCegarLoop]: Interpolant automaton has 4 states [2020-07-29 00:52:41,478 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:41,488 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2020-07-29 00:52:41,488 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-29 00:52:41,491 INFO L87 Difference]: Start difference. First operand 42 states. Second operand 4 states. [2020-07-29 00:52:41,772 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:41,773 INFO L93 Difference]: Finished difference Result 40 states and 43 transitions. [2020-07-29 00:52:41,773 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2020-07-29 00:52:41,773 INFO L78 Accepts]: Start accepts. Automaton has 4 states. Word has length 10 [2020-07-29 00:52:41,774 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:52:41,775 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-29 00:52:41,790 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 47 transitions. [2020-07-29 00:52:41,790 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 4 states. [2020-07-29 00:52:41,794 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 47 transitions. [2020-07-29 00:52:41,794 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 47 transitions. [2020-07-29 00:52:41,880 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 47 edges. 47 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:41,893 INFO L225 Difference]: With dead ends: 40 [2020-07-29 00:52:41,893 INFO L226 Difference]: Without dead ends: 37 [2020-07-29 00:52:41,895 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2020-07-29 00:52:41,914 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 37 states. [2020-07-29 00:52:41,930 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 37 to 37. [2020-07-29 00:52:41,930 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:52:41,931 INFO L82 GeneralOperation]: Start isEquivalent. First operand 37 states. Second operand 37 states. [2020-07-29 00:52:41,931 INFO L74 IsIncluded]: Start isIncluded. First operand 37 states. Second operand 37 states. [2020-07-29 00:52:41,932 INFO L87 Difference]: Start difference. First operand 37 states. Second operand 37 states. [2020-07-29 00:52:41,937 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:41,937 INFO L93 Difference]: Finished difference Result 37 states and 40 transitions. [2020-07-29 00:52:41,937 INFO L276 IsEmpty]: Start isEmpty. Operand 37 states and 40 transitions. [2020-07-29 00:52:41,938 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:41,939 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:41,939 INFO L74 IsIncluded]: Start isIncluded. First operand 37 states. Second operand 37 states. [2020-07-29 00:52:41,939 INFO L87 Difference]: Start difference. First operand 37 states. Second operand 37 states. [2020-07-29 00:52:41,944 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:41,944 INFO L93 Difference]: Finished difference Result 37 states and 40 transitions. [2020-07-29 00:52:41,944 INFO L276 IsEmpty]: Start isEmpty. Operand 37 states and 40 transitions. [2020-07-29 00:52:41,945 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:41,945 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:41,946 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:52:41,946 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:52:41,946 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 37 states. [2020-07-29 00:52:41,949 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 37 states to 37 states and 40 transitions. [2020-07-29 00:52:41,951 INFO L78 Accepts]: Start accepts. Automaton has 37 states and 40 transitions. Word has length 10 [2020-07-29 00:52:41,951 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:52:41,952 INFO L479 AbstractCegarLoop]: Abstraction has 37 states and 40 transitions. [2020-07-29 00:52:41,952 INFO L480 AbstractCegarLoop]: Interpolant automaton has 4 states. [2020-07-29 00:52:41,952 INFO L276 IsEmpty]: Start isEmpty. Operand 37 states and 40 transitions. [2020-07-29 00:52:41,952 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 11 [2020-07-29 00:52:41,953 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:41,953 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:41,953 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2020-07-29 00:52:41,953 INFO L427 AbstractCegarLoop]: === Iteration 2 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:41,954 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:41,954 INFO L82 PathProgramCache]: Analyzing trace with hash -610270169, now seen corresponding path program 1 times [2020-07-29 00:52:41,954 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:41,955 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [161582729] [2020-07-29 00:52:41,955 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:41,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:42,062 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:42,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:42,071 INFO L280 TraceCheckUtils]: 0: Hoare triple {212#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {205#true} is VALID [2020-07-29 00:52:42,072 INFO L280 TraceCheckUtils]: 1: Hoare triple {205#true} assume true; {205#true} is VALID [2020-07-29 00:52:42,072 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {205#true} {205#true} #83#return; {205#true} is VALID [2020-07-29 00:52:42,074 INFO L263 TraceCheckUtils]: 0: Hoare triple {205#true} call ULTIMATE.init(); {212#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:42,074 INFO L280 TraceCheckUtils]: 1: Hoare triple {212#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {205#true} is VALID [2020-07-29 00:52:42,074 INFO L280 TraceCheckUtils]: 2: Hoare triple {205#true} assume true; {205#true} is VALID [2020-07-29 00:52:42,075 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {205#true} {205#true} #83#return; {205#true} is VALID [2020-07-29 00:52:42,075 INFO L263 TraceCheckUtils]: 4: Hoare triple {205#true} call #t~ret13 := main(); {205#true} is VALID [2020-07-29 00:52:42,075 INFO L280 TraceCheckUtils]: 5: Hoare triple {205#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {205#true} is VALID [2020-07-29 00:52:42,076 INFO L280 TraceCheckUtils]: 6: Hoare triple {205#true} assume ~length1~0 < 1;~length1~0 := 1; {210#(<= 1 main_~length1~0)} is VALID [2020-07-29 00:52:42,078 INFO L280 TraceCheckUtils]: 7: Hoare triple {210#(<= 1 main_~length1~0)} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {211#(and (<= 1 main_~length1~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:42,079 INFO L280 TraceCheckUtils]: 8: Hoare triple {211#(and (<= 1 main_~length1~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} assume !(~i~0 < ~length1~0 - 1); {211#(and (<= 1 main_~length1~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:42,080 INFO L280 TraceCheckUtils]: 9: Hoare triple {211#(and (<= 1 main_~length1~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} assume !(1 + (~nondetString1~0.offset + (~length1~0 - 1)) <= #length[~nondetString1~0.base] && 0 <= ~nondetString1~0.offset + (~length1~0 - 1)); {206#false} is VALID [2020-07-29 00:52:42,082 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:42,082 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [161582729] [2020-07-29 00:52:42,082 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:52:42,083 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2020-07-29 00:52:42,083 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1054552438] [2020-07-29 00:52:42,085 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 10 [2020-07-29 00:52:42,085 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:42,085 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2020-07-29 00:52:42,100 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 10 edges. 10 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:42,100 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2020-07-29 00:52:42,100 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:42,101 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2020-07-29 00:52:42,101 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2020-07-29 00:52:42,101 INFO L87 Difference]: Start difference. First operand 37 states and 40 transitions. Second operand 5 states. [2020-07-29 00:52:42,332 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:42,333 INFO L93 Difference]: Finished difference Result 36 states and 39 transitions. [2020-07-29 00:52:42,333 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2020-07-29 00:52:42,333 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 10 [2020-07-29 00:52:42,333 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:52:42,333 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:52:42,336 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 40 transitions. [2020-07-29 00:52:42,337 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:52:42,339 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 40 transitions. [2020-07-29 00:52:42,339 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 40 transitions. [2020-07-29 00:52:42,407 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:42,409 INFO L225 Difference]: With dead ends: 36 [2020-07-29 00:52:42,409 INFO L226 Difference]: Without dead ends: 36 [2020-07-29 00:52:42,410 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=12, Invalid=18, Unknown=0, NotChecked=0, Total=30 [2020-07-29 00:52:42,411 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 36 states. [2020-07-29 00:52:42,414 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 36 to 36. [2020-07-29 00:52:42,415 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:52:42,415 INFO L82 GeneralOperation]: Start isEquivalent. First operand 36 states. Second operand 36 states. [2020-07-29 00:52:42,415 INFO L74 IsIncluded]: Start isIncluded. First operand 36 states. Second operand 36 states. [2020-07-29 00:52:42,415 INFO L87 Difference]: Start difference. First operand 36 states. Second operand 36 states. [2020-07-29 00:52:42,419 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:42,419 INFO L93 Difference]: Finished difference Result 36 states and 39 transitions. [2020-07-29 00:52:42,419 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 39 transitions. [2020-07-29 00:52:42,420 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:42,420 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:42,421 INFO L74 IsIncluded]: Start isIncluded. First operand 36 states. Second operand 36 states. [2020-07-29 00:52:42,421 INFO L87 Difference]: Start difference. First operand 36 states. Second operand 36 states. [2020-07-29 00:52:42,424 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:42,424 INFO L93 Difference]: Finished difference Result 36 states and 39 transitions. [2020-07-29 00:52:42,425 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 39 transitions. [2020-07-29 00:52:42,426 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:42,426 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:42,426 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:52:42,426 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:52:42,426 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 36 states. [2020-07-29 00:52:42,429 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 39 transitions. [2020-07-29 00:52:42,430 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 39 transitions. Word has length 10 [2020-07-29 00:52:42,430 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:52:42,430 INFO L479 AbstractCegarLoop]: Abstraction has 36 states and 39 transitions. [2020-07-29 00:52:42,430 INFO L480 AbstractCegarLoop]: Interpolant automaton has 5 states. [2020-07-29 00:52:42,430 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 39 transitions. [2020-07-29 00:52:42,431 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 11 [2020-07-29 00:52:42,431 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:42,431 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:42,432 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2020-07-29 00:52:42,432 INFO L427 AbstractCegarLoop]: === Iteration 3 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:42,432 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:42,432 INFO L82 PathProgramCache]: Analyzing trace with hash -610270116, now seen corresponding path program 1 times [2020-07-29 00:52:42,433 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:42,433 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2095122948] [2020-07-29 00:52:42,433 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:42,450 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:42,521 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:42,523 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:42,537 INFO L280 TraceCheckUtils]: 0: Hoare triple {368#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {361#true} is VALID [2020-07-29 00:52:42,538 INFO L280 TraceCheckUtils]: 1: Hoare triple {361#true} assume true; {361#true} is VALID [2020-07-29 00:52:42,538 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {361#true} {361#true} #83#return; {361#true} is VALID [2020-07-29 00:52:42,540 INFO L263 TraceCheckUtils]: 0: Hoare triple {361#true} call ULTIMATE.init(); {368#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:42,541 INFO L280 TraceCheckUtils]: 1: Hoare triple {368#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {361#true} is VALID [2020-07-29 00:52:42,542 INFO L280 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2020-07-29 00:52:42,542 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {361#true} {361#true} #83#return; {361#true} is VALID [2020-07-29 00:52:42,543 INFO L263 TraceCheckUtils]: 4: Hoare triple {361#true} call #t~ret13 := main(); {361#true} is VALID [2020-07-29 00:52:42,544 INFO L280 TraceCheckUtils]: 5: Hoare triple {361#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {361#true} is VALID [2020-07-29 00:52:42,546 INFO L280 TraceCheckUtils]: 6: Hoare triple {361#true} assume ~length1~0 < 1;~length1~0 := 1; {366#(<= main_~length1~0 1)} is VALID [2020-07-29 00:52:42,547 INFO L280 TraceCheckUtils]: 7: Hoare triple {366#(<= main_~length1~0 1)} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {367#(and (= 0 main_~i~0) (<= main_~length1~0 1))} is VALID [2020-07-29 00:52:42,548 INFO L280 TraceCheckUtils]: 8: Hoare triple {367#(and (= 0 main_~i~0) (<= main_~length1~0 1))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {362#false} is VALID [2020-07-29 00:52:42,548 INFO L280 TraceCheckUtils]: 9: Hoare triple {362#false} assume !(1 + (~nondetString1~0.offset + ~i~0) <= #length[~nondetString1~0.base] && 0 <= ~nondetString1~0.offset + ~i~0); {362#false} is VALID [2020-07-29 00:52:42,549 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:42,549 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2095122948] [2020-07-29 00:52:42,550 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:52:42,550 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2020-07-29 00:52:42,550 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [914412435] [2020-07-29 00:52:42,551 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 10 [2020-07-29 00:52:42,551 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:42,552 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2020-07-29 00:52:42,566 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 10 edges. 10 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:42,566 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2020-07-29 00:52:42,566 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:42,567 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2020-07-29 00:52:42,567 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2020-07-29 00:52:42,567 INFO L87 Difference]: Start difference. First operand 36 states and 39 transitions. Second operand 5 states. [2020-07-29 00:52:42,862 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:42,862 INFO L93 Difference]: Finished difference Result 44 states and 47 transitions. [2020-07-29 00:52:42,862 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2020-07-29 00:52:42,862 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 10 [2020-07-29 00:52:42,862 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:52:42,863 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:52:42,867 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 48 transitions. [2020-07-29 00:52:42,868 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:52:42,871 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 48 transitions. [2020-07-29 00:52:42,874 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 48 transitions. [2020-07-29 00:52:42,944 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:42,947 INFO L225 Difference]: With dead ends: 44 [2020-07-29 00:52:42,947 INFO L226 Difference]: Without dead ends: 44 [2020-07-29 00:52:42,950 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=12, Invalid=18, Unknown=0, NotChecked=0, Total=30 [2020-07-29 00:52:42,950 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 44 states. [2020-07-29 00:52:42,956 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 44 to 38. [2020-07-29 00:52:42,957 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:52:42,957 INFO L82 GeneralOperation]: Start isEquivalent. First operand 44 states. Second operand 38 states. [2020-07-29 00:52:42,957 INFO L74 IsIncluded]: Start isIncluded. First operand 44 states. Second operand 38 states. [2020-07-29 00:52:42,958 INFO L87 Difference]: Start difference. First operand 44 states. Second operand 38 states. [2020-07-29 00:52:42,970 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:42,970 INFO L93 Difference]: Finished difference Result 44 states and 47 transitions. [2020-07-29 00:52:42,970 INFO L276 IsEmpty]: Start isEmpty. Operand 44 states and 47 transitions. [2020-07-29 00:52:42,971 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:42,971 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:42,972 INFO L74 IsIncluded]: Start isIncluded. First operand 38 states. Second operand 44 states. [2020-07-29 00:52:42,972 INFO L87 Difference]: Start difference. First operand 38 states. Second operand 44 states. [2020-07-29 00:52:42,979 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:42,979 INFO L93 Difference]: Finished difference Result 44 states and 47 transitions. [2020-07-29 00:52:42,980 INFO L276 IsEmpty]: Start isEmpty. Operand 44 states and 47 transitions. [2020-07-29 00:52:42,984 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:42,984 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:42,985 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:52:42,985 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:52:42,985 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 38 states. [2020-07-29 00:52:42,990 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 38 states to 38 states and 41 transitions. [2020-07-29 00:52:42,991 INFO L78 Accepts]: Start accepts. Automaton has 38 states and 41 transitions. Word has length 10 [2020-07-29 00:52:42,991 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:52:42,991 INFO L479 AbstractCegarLoop]: Abstraction has 38 states and 41 transitions. [2020-07-29 00:52:42,991 INFO L480 AbstractCegarLoop]: Interpolant automaton has 5 states. [2020-07-29 00:52:42,991 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states and 41 transitions. [2020-07-29 00:52:42,992 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 11 [2020-07-29 00:52:42,992 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:42,992 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:42,993 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2020-07-29 00:52:42,993 INFO L427 AbstractCegarLoop]: === Iteration 4 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:42,993 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:42,998 INFO L82 PathProgramCache]: Analyzing trace with hash -610210534, now seen corresponding path program 1 times [2020-07-29 00:52:42,998 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:42,999 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [506969787] [2020-07-29 00:52:42,999 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:43,034 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:43,119 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:43,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:43,127 INFO L280 TraceCheckUtils]: 0: Hoare triple {550#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {543#true} is VALID [2020-07-29 00:52:43,128 INFO L280 TraceCheckUtils]: 1: Hoare triple {543#true} assume true; {543#true} is VALID [2020-07-29 00:52:43,128 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {543#true} {543#true} #83#return; {543#true} is VALID [2020-07-29 00:52:43,130 INFO L263 TraceCheckUtils]: 0: Hoare triple {543#true} call ULTIMATE.init(); {550#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:43,130 INFO L280 TraceCheckUtils]: 1: Hoare triple {550#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {543#true} is VALID [2020-07-29 00:52:43,130 INFO L280 TraceCheckUtils]: 2: Hoare triple {543#true} assume true; {543#true} is VALID [2020-07-29 00:52:43,131 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {543#true} {543#true} #83#return; {543#true} is VALID [2020-07-29 00:52:43,131 INFO L263 TraceCheckUtils]: 4: Hoare triple {543#true} call #t~ret13 := main(); {543#true} is VALID [2020-07-29 00:52:43,131 INFO L280 TraceCheckUtils]: 5: Hoare triple {543#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {543#true} is VALID [2020-07-29 00:52:43,133 INFO L280 TraceCheckUtils]: 6: Hoare triple {543#true} assume !(~length1~0 < 1); {548#(<= 1 main_~length1~0)} is VALID [2020-07-29 00:52:43,135 INFO L280 TraceCheckUtils]: 7: Hoare triple {548#(<= 1 main_~length1~0)} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {549#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} is VALID [2020-07-29 00:52:43,137 INFO L280 TraceCheckUtils]: 8: Hoare triple {549#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {549#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} is VALID [2020-07-29 00:52:43,138 INFO L280 TraceCheckUtils]: 9: Hoare triple {549#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} assume !(1 + (~nondetString1~0.offset + ~i~0) <= #length[~nondetString1~0.base] && 0 <= ~nondetString1~0.offset + ~i~0); {544#false} is VALID [2020-07-29 00:52:43,139 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:43,139 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [506969787] [2020-07-29 00:52:43,140 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:52:43,140 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2020-07-29 00:52:43,140 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [648113708] [2020-07-29 00:52:43,140 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 10 [2020-07-29 00:52:43,141 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:43,141 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states. [2020-07-29 00:52:43,161 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 10 edges. 10 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:43,161 INFO L459 AbstractCegarLoop]: Interpolant automaton has 5 states [2020-07-29 00:52:43,161 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:43,162 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2020-07-29 00:52:43,162 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2020-07-29 00:52:43,162 INFO L87 Difference]: Start difference. First operand 38 states and 41 transitions. Second operand 5 states. [2020-07-29 00:52:43,565 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:43,565 INFO L93 Difference]: Finished difference Result 48 states and 52 transitions. [2020-07-29 00:52:43,565 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2020-07-29 00:52:43,565 INFO L78 Accepts]: Start accepts. Automaton has 5 states. Word has length 10 [2020-07-29 00:52:43,565 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:52:43,566 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:52:43,571 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 51 transitions. [2020-07-29 00:52:43,571 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 5 states. [2020-07-29 00:52:43,576 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 51 transitions. [2020-07-29 00:52:43,576 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 51 transitions. [2020-07-29 00:52:43,653 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 51 edges. 51 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:43,655 INFO L225 Difference]: With dead ends: 48 [2020-07-29 00:52:43,655 INFO L226 Difference]: Without dead ends: 48 [2020-07-29 00:52:43,655 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2020-07-29 00:52:43,656 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 48 states. [2020-07-29 00:52:43,659 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 48 to 40. [2020-07-29 00:52:43,659 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:52:43,659 INFO L82 GeneralOperation]: Start isEquivalent. First operand 48 states. Second operand 40 states. [2020-07-29 00:52:43,659 INFO L74 IsIncluded]: Start isIncluded. First operand 48 states. Second operand 40 states. [2020-07-29 00:52:43,660 INFO L87 Difference]: Start difference. First operand 48 states. Second operand 40 states. [2020-07-29 00:52:43,663 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:43,663 INFO L93 Difference]: Finished difference Result 48 states and 52 transitions. [2020-07-29 00:52:43,663 INFO L276 IsEmpty]: Start isEmpty. Operand 48 states and 52 transitions. [2020-07-29 00:52:43,664 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:43,664 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:43,664 INFO L74 IsIncluded]: Start isIncluded. First operand 40 states. Second operand 48 states. [2020-07-29 00:52:43,664 INFO L87 Difference]: Start difference. First operand 40 states. Second operand 48 states. [2020-07-29 00:52:43,667 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:43,668 INFO L93 Difference]: Finished difference Result 48 states and 52 transitions. [2020-07-29 00:52:43,668 INFO L276 IsEmpty]: Start isEmpty. Operand 48 states and 52 transitions. [2020-07-29 00:52:43,669 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:43,669 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:43,669 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:52:43,669 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:52:43,669 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 40 states. [2020-07-29 00:52:43,671 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 40 states to 40 states and 44 transitions. [2020-07-29 00:52:43,671 INFO L78 Accepts]: Start accepts. Automaton has 40 states and 44 transitions. Word has length 10 [2020-07-29 00:52:43,671 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:52:43,672 INFO L479 AbstractCegarLoop]: Abstraction has 40 states and 44 transitions. [2020-07-29 00:52:43,672 INFO L480 AbstractCegarLoop]: Interpolant automaton has 5 states. [2020-07-29 00:52:43,672 INFO L276 IsEmpty]: Start isEmpty. Operand 40 states and 44 transitions. [2020-07-29 00:52:43,672 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 15 [2020-07-29 00:52:43,672 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:43,672 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:43,673 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2020-07-29 00:52:43,673 INFO L427 AbstractCegarLoop]: === Iteration 5 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:43,673 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:43,673 INFO L82 PathProgramCache]: Analyzing trace with hash 1176041719, now seen corresponding path program 1 times [2020-07-29 00:52:43,673 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:43,674 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [934049998] [2020-07-29 00:52:43,674 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:43,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:43,751 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:43,753 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:43,762 INFO L280 TraceCheckUtils]: 0: Hoare triple {749#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {741#true} is VALID [2020-07-29 00:52:43,762 INFO L280 TraceCheckUtils]: 1: Hoare triple {741#true} assume true; {741#true} is VALID [2020-07-29 00:52:43,762 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {741#true} {741#true} #83#return; {741#true} is VALID [2020-07-29 00:52:43,766 INFO L263 TraceCheckUtils]: 0: Hoare triple {741#true} call ULTIMATE.init(); {749#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:43,767 INFO L280 TraceCheckUtils]: 1: Hoare triple {749#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {741#true} is VALID [2020-07-29 00:52:43,767 INFO L280 TraceCheckUtils]: 2: Hoare triple {741#true} assume true; {741#true} is VALID [2020-07-29 00:52:43,767 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {741#true} {741#true} #83#return; {741#true} is VALID [2020-07-29 00:52:43,768 INFO L263 TraceCheckUtils]: 4: Hoare triple {741#true} call #t~ret13 := main(); {741#true} is VALID [2020-07-29 00:52:43,768 INFO L280 TraceCheckUtils]: 5: Hoare triple {741#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {741#true} is VALID [2020-07-29 00:52:43,768 INFO L280 TraceCheckUtils]: 6: Hoare triple {741#true} assume ~length1~0 < 1;~length1~0 := 1; {741#true} is VALID [2020-07-29 00:52:43,768 INFO L280 TraceCheckUtils]: 7: Hoare triple {741#true} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {741#true} is VALID [2020-07-29 00:52:43,769 INFO L280 TraceCheckUtils]: 8: Hoare triple {741#true} assume !(~i~0 < ~length1~0 - 1); {741#true} is VALID [2020-07-29 00:52:43,770 INFO L280 TraceCheckUtils]: 9: Hoare triple {741#true} SUMMARY for call write~int(0, ~nondetString1~0.base, ~nondetString1~0.offset + (~length1~0 - 1), 1); srcloc: L533-4 {746#(= 1 (select |#valid| main_~nondetString1~0.base))} is VALID [2020-07-29 00:52:43,770 INFO L280 TraceCheckUtils]: 10: Hoare triple {746#(= 1 (select |#valid| main_~nondetString1~0.base))} assume -2147483648 <= #t~nondet10 && #t~nondet10 <= 2147483647;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; {746#(= 1 (select |#valid| main_~nondetString1~0.base))} is VALID [2020-07-29 00:52:43,772 INFO L263 TraceCheckUtils]: 11: Hoare triple {746#(= 1 (select |#valid| main_~nondetString1~0.base))} call #t~ret12 := cstrreplace(~nondetString1~0.base, ~nondetString1~0.offset, (if #t~nondet10 % 256 <= 127 then #t~nondet10 % 256 else #t~nondet10 % 256 - 256), (if #t~nondet11 % 256 <= 127 then #t~nondet11 % 256 else #t~nondet11 % 256 - 256)); {747#(= 1 (select |#valid| |cstrreplace_#in~s.base|))} is VALID [2020-07-29 00:52:43,774 INFO L280 TraceCheckUtils]: 12: Hoare triple {747#(= 1 (select |#valid| |cstrreplace_#in~s.base|))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {748#(= 1 (select |#valid| cstrreplace_~p~0.base))} is VALID [2020-07-29 00:52:43,775 INFO L280 TraceCheckUtils]: 13: Hoare triple {748#(= 1 (select |#valid| cstrreplace_~p~0.base))} assume !(1 == #valid[~p~0.base]); {742#false} is VALID [2020-07-29 00:52:43,775 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:43,776 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [934049998] [2020-07-29 00:52:43,776 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:52:43,776 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2020-07-29 00:52:43,777 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1387355865] [2020-07-29 00:52:43,777 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 14 [2020-07-29 00:52:43,777 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:43,777 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2020-07-29 00:52:43,795 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 14 edges. 14 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:43,795 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2020-07-29 00:52:43,795 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:43,795 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2020-07-29 00:52:43,795 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2020-07-29 00:52:43,796 INFO L87 Difference]: Start difference. First operand 40 states and 44 transitions. Second operand 6 states. [2020-07-29 00:52:44,127 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:44,127 INFO L93 Difference]: Finished difference Result 37 states and 41 transitions. [2020-07-29 00:52:44,128 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2020-07-29 00:52:44,128 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 14 [2020-07-29 00:52:44,128 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:52:44,131 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-29 00:52:44,133 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 39 transitions. [2020-07-29 00:52:44,133 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-29 00:52:44,136 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 39 transitions. [2020-07-29 00:52:44,136 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 39 transitions. [2020-07-29 00:52:44,193 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:44,195 INFO L225 Difference]: With dead ends: 37 [2020-07-29 00:52:44,195 INFO L226 Difference]: Without dead ends: 37 [2020-07-29 00:52:44,197 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2020-07-29 00:52:44,198 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 37 states. [2020-07-29 00:52:44,203 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 37 to 37. [2020-07-29 00:52:44,203 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:52:44,203 INFO L82 GeneralOperation]: Start isEquivalent. First operand 37 states. Second operand 37 states. [2020-07-29 00:52:44,203 INFO L74 IsIncluded]: Start isIncluded. First operand 37 states. Second operand 37 states. [2020-07-29 00:52:44,203 INFO L87 Difference]: Start difference. First operand 37 states. Second operand 37 states. [2020-07-29 00:52:44,205 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:44,206 INFO L93 Difference]: Finished difference Result 37 states and 41 transitions. [2020-07-29 00:52:44,206 INFO L276 IsEmpty]: Start isEmpty. Operand 37 states and 41 transitions. [2020-07-29 00:52:44,206 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:44,206 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:44,206 INFO L74 IsIncluded]: Start isIncluded. First operand 37 states. Second operand 37 states. [2020-07-29 00:52:44,207 INFO L87 Difference]: Start difference. First operand 37 states. Second operand 37 states. [2020-07-29 00:52:44,208 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:44,209 INFO L93 Difference]: Finished difference Result 37 states and 41 transitions. [2020-07-29 00:52:44,209 INFO L276 IsEmpty]: Start isEmpty. Operand 37 states and 41 transitions. [2020-07-29 00:52:44,209 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:44,209 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:44,209 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:52:44,210 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:52:44,210 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 37 states. [2020-07-29 00:52:44,211 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 37 states to 37 states and 41 transitions. [2020-07-29 00:52:44,211 INFO L78 Accepts]: Start accepts. Automaton has 37 states and 41 transitions. Word has length 14 [2020-07-29 00:52:44,212 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:52:44,212 INFO L479 AbstractCegarLoop]: Abstraction has 37 states and 41 transitions. [2020-07-29 00:52:44,212 INFO L480 AbstractCegarLoop]: Interpolant automaton has 6 states. [2020-07-29 00:52:44,212 INFO L276 IsEmpty]: Start isEmpty. Operand 37 states and 41 transitions. [2020-07-29 00:52:44,212 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 15 [2020-07-29 00:52:44,213 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:44,213 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:44,213 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2020-07-29 00:52:44,213 INFO L427 AbstractCegarLoop]: === Iteration 6 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:44,213 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:44,213 INFO L82 PathProgramCache]: Analyzing trace with hash 1176041720, now seen corresponding path program 1 times [2020-07-29 00:52:44,214 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:44,214 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [675923390] [2020-07-29 00:52:44,214 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:44,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:44,322 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:44,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:44,327 INFO L280 TraceCheckUtils]: 0: Hoare triple {913#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {904#true} is VALID [2020-07-29 00:52:44,328 INFO L280 TraceCheckUtils]: 1: Hoare triple {904#true} assume true; {904#true} is VALID [2020-07-29 00:52:44,328 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {904#true} {904#true} #83#return; {904#true} is VALID [2020-07-29 00:52:44,329 INFO L263 TraceCheckUtils]: 0: Hoare triple {904#true} call ULTIMATE.init(); {913#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:44,329 INFO L280 TraceCheckUtils]: 1: Hoare triple {913#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {904#true} is VALID [2020-07-29 00:52:44,330 INFO L280 TraceCheckUtils]: 2: Hoare triple {904#true} assume true; {904#true} is VALID [2020-07-29 00:52:44,330 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {904#true} {904#true} #83#return; {904#true} is VALID [2020-07-29 00:52:44,330 INFO L263 TraceCheckUtils]: 4: Hoare triple {904#true} call #t~ret13 := main(); {904#true} is VALID [2020-07-29 00:52:44,330 INFO L280 TraceCheckUtils]: 5: Hoare triple {904#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {904#true} is VALID [2020-07-29 00:52:44,331 INFO L280 TraceCheckUtils]: 6: Hoare triple {904#true} assume ~length1~0 < 1;~length1~0 := 1; {909#(<= 1 main_~length1~0)} is VALID [2020-07-29 00:52:44,332 INFO L280 TraceCheckUtils]: 7: Hoare triple {909#(<= 1 main_~length1~0)} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {910#(and (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} is VALID [2020-07-29 00:52:44,333 INFO L280 TraceCheckUtils]: 8: Hoare triple {910#(and (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} assume !(~i~0 < ~length1~0 - 1); {910#(and (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} is VALID [2020-07-29 00:52:44,334 INFO L280 TraceCheckUtils]: 9: Hoare triple {910#(and (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} SUMMARY for call write~int(0, ~nondetString1~0.base, ~nondetString1~0.offset + (~length1~0 - 1), 1); srcloc: L533-4 {910#(and (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} is VALID [2020-07-29 00:52:44,335 INFO L280 TraceCheckUtils]: 10: Hoare triple {910#(and (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} assume -2147483648 <= #t~nondet10 && #t~nondet10 <= 2147483647;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; {910#(and (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} is VALID [2020-07-29 00:52:44,337 INFO L263 TraceCheckUtils]: 11: Hoare triple {910#(and (= 0 main_~nondetString1~0.offset) (<= 1 (select |#length| main_~nondetString1~0.base)))} call #t~ret12 := cstrreplace(~nondetString1~0.base, ~nondetString1~0.offset, (if #t~nondet10 % 256 <= 127 then #t~nondet10 % 256 else #t~nondet10 % 256 - 256), (if #t~nondet11 % 256 <= 127 then #t~nondet11 % 256 else #t~nondet11 % 256 - 256)); {911#(and (<= 1 (select |#length| |cstrreplace_#in~s.base|)) (= |cstrreplace_#in~s.offset| 0))} is VALID [2020-07-29 00:52:44,338 INFO L280 TraceCheckUtils]: 12: Hoare triple {911#(and (<= 1 (select |#length| |cstrreplace_#in~s.base|)) (= |cstrreplace_#in~s.offset| 0))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {912#(and (= 0 cstrreplace_~p~0.offset) (<= 1 (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:44,339 INFO L280 TraceCheckUtils]: 13: Hoare triple {912#(and (= 0 cstrreplace_~p~0.offset) (<= 1 (select |#length| cstrreplace_~p~0.base)))} assume !(1 + ~p~0.offset <= #length[~p~0.base] && 0 <= ~p~0.offset); {905#false} is VALID [2020-07-29 00:52:44,339 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:44,340 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [675923390] [2020-07-29 00:52:44,340 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:52:44,340 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2020-07-29 00:52:44,340 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [300438310] [2020-07-29 00:52:44,341 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 14 [2020-07-29 00:52:44,341 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:44,341 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states. [2020-07-29 00:52:44,359 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 14 edges. 14 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:44,359 INFO L459 AbstractCegarLoop]: Interpolant automaton has 7 states [2020-07-29 00:52:44,359 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:44,359 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2020-07-29 00:52:44,359 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2020-07-29 00:52:44,360 INFO L87 Difference]: Start difference. First operand 37 states and 41 transitions. Second operand 7 states. [2020-07-29 00:52:44,857 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:44,857 INFO L93 Difference]: Finished difference Result 47 states and 53 transitions. [2020-07-29 00:52:44,857 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2020-07-29 00:52:44,857 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 14 [2020-07-29 00:52:44,857 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:52:44,858 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 00:52:44,861 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 51 transitions. [2020-07-29 00:52:44,861 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 00:52:44,864 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 51 transitions. [2020-07-29 00:52:44,866 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 51 transitions. [2020-07-29 00:52:44,938 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 51 edges. 51 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:44,939 INFO L225 Difference]: With dead ends: 47 [2020-07-29 00:52:44,939 INFO L226 Difference]: Without dead ends: 47 [2020-07-29 00:52:44,940 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=29, Invalid=81, Unknown=0, NotChecked=0, Total=110 [2020-07-29 00:52:44,940 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 47 states. [2020-07-29 00:52:44,945 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 47 to 42. [2020-07-29 00:52:44,945 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:52:44,945 INFO L82 GeneralOperation]: Start isEquivalent. First operand 47 states. Second operand 42 states. [2020-07-29 00:52:44,946 INFO L74 IsIncluded]: Start isIncluded. First operand 47 states. Second operand 42 states. [2020-07-29 00:52:44,946 INFO L87 Difference]: Start difference. First operand 47 states. Second operand 42 states. [2020-07-29 00:52:44,949 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:44,950 INFO L93 Difference]: Finished difference Result 47 states and 53 transitions. [2020-07-29 00:52:44,950 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 53 transitions. [2020-07-29 00:52:44,950 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:44,950 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:44,951 INFO L74 IsIncluded]: Start isIncluded. First operand 42 states. Second operand 47 states. [2020-07-29 00:52:44,951 INFO L87 Difference]: Start difference. First operand 42 states. Second operand 47 states. [2020-07-29 00:52:44,954 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:44,954 INFO L93 Difference]: Finished difference Result 47 states and 53 transitions. [2020-07-29 00:52:44,954 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 53 transitions. [2020-07-29 00:52:44,954 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:44,955 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:44,955 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:52:44,955 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:52:44,955 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 42 states. [2020-07-29 00:52:44,957 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 42 states to 42 states and 48 transitions. [2020-07-29 00:52:44,957 INFO L78 Accepts]: Start accepts. Automaton has 42 states and 48 transitions. Word has length 14 [2020-07-29 00:52:44,957 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:52:44,957 INFO L479 AbstractCegarLoop]: Abstraction has 42 states and 48 transitions. [2020-07-29 00:52:44,957 INFO L480 AbstractCegarLoop]: Interpolant automaton has 7 states. [2020-07-29 00:52:44,958 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 48 transitions. [2020-07-29 00:52:44,958 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 15 [2020-07-29 00:52:44,958 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:44,958 INFO L422 BasicCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:44,959 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2020-07-29 00:52:44,959 INFO L427 AbstractCegarLoop]: === Iteration 7 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:44,959 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:44,959 INFO L82 PathProgramCache]: Analyzing trace with hash 415323869, now seen corresponding path program 1 times [2020-07-29 00:52:44,959 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:44,960 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [31366885] [2020-07-29 00:52:44,960 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:44,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:45,106 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:45,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:45,112 INFO L280 TraceCheckUtils]: 0: Hoare triple {1115#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1107#true} is VALID [2020-07-29 00:52:45,112 INFO L280 TraceCheckUtils]: 1: Hoare triple {1107#true} assume true; {1107#true} is VALID [2020-07-29 00:52:45,113 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1107#true} {1107#true} #83#return; {1107#true} is VALID [2020-07-29 00:52:45,114 INFO L263 TraceCheckUtils]: 0: Hoare triple {1107#true} call ULTIMATE.init(); {1115#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:45,114 INFO L280 TraceCheckUtils]: 1: Hoare triple {1115#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1107#true} is VALID [2020-07-29 00:52:45,114 INFO L280 TraceCheckUtils]: 2: Hoare triple {1107#true} assume true; {1107#true} is VALID [2020-07-29 00:52:45,115 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1107#true} {1107#true} #83#return; {1107#true} is VALID [2020-07-29 00:52:45,115 INFO L263 TraceCheckUtils]: 4: Hoare triple {1107#true} call #t~ret13 := main(); {1107#true} is VALID [2020-07-29 00:52:45,115 INFO L280 TraceCheckUtils]: 5: Hoare triple {1107#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {1107#true} is VALID [2020-07-29 00:52:45,116 INFO L280 TraceCheckUtils]: 6: Hoare triple {1107#true} assume !(~length1~0 < 1); {1107#true} is VALID [2020-07-29 00:52:45,117 INFO L280 TraceCheckUtils]: 7: Hoare triple {1107#true} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {1112#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:45,118 INFO L280 TraceCheckUtils]: 8: Hoare triple {1112#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {1112#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:45,120 INFO L280 TraceCheckUtils]: 9: Hoare triple {1112#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(#t~nondet9, ~nondetString1~0.base, ~nondetString1~0.offset + ~i~0, 1); srcloc: L535 {1112#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:45,121 INFO L280 TraceCheckUtils]: 10: Hoare triple {1112#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} havoc #t~nondet9; {1112#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:45,122 INFO L280 TraceCheckUtils]: 11: Hoare triple {1112#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} #t~post8 := ~i~0;~i~0 := 1 + #t~post8;havoc #t~post8; {1113#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset) (<= 1 main_~i~0))} is VALID [2020-07-29 00:52:45,123 INFO L280 TraceCheckUtils]: 12: Hoare triple {1113#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset) (<= 1 main_~i~0))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {1114#(and (= 0 main_~nondetString1~0.offset) (<= 1 main_~i~0) (<= (+ main_~i~0 2) (select |#length| main_~nondetString1~0.base)))} is VALID [2020-07-29 00:52:45,124 INFO L280 TraceCheckUtils]: 13: Hoare triple {1114#(and (= 0 main_~nondetString1~0.offset) (<= 1 main_~i~0) (<= (+ main_~i~0 2) (select |#length| main_~nondetString1~0.base)))} assume !(1 + (~nondetString1~0.offset + ~i~0) <= #length[~nondetString1~0.base] && 0 <= ~nondetString1~0.offset + ~i~0); {1108#false} is VALID [2020-07-29 00:52:45,125 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:45,125 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [31366885] [2020-07-29 00:52:45,126 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [451886728] [2020-07-29 00:52:45,126 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 2 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:52:45,207 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:45,210 INFO L263 TraceCheckSpWp]: Trace formula consists of 62 conjuncts, 11 conjunts are in the unsatisfiable core [2020-07-29 00:52:45,217 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:45,223 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 00:52:45,302 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-29 00:52:45,303 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:52:45,311 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:52:45,311 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-29 00:52:45,311 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:13, output treesize:12 [2020-07-29 00:52:45,315 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:52:45,315 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#length_15|]. (and (<= 0 main_~i~0) (= |#length| (store |v_#length_15| main_~nondetString1~0.base main_~length1~0)) (= 0 main_~nondetString1~0.offset)) [2020-07-29 00:52:45,316 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (<= 0 main_~i~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset)) [2020-07-29 00:52:45,400 INFO L263 TraceCheckUtils]: 0: Hoare triple {1107#true} call ULTIMATE.init(); {1107#true} is VALID [2020-07-29 00:52:45,401 INFO L280 TraceCheckUtils]: 1: Hoare triple {1107#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1107#true} is VALID [2020-07-29 00:52:45,401 INFO L280 TraceCheckUtils]: 2: Hoare triple {1107#true} assume true; {1107#true} is VALID [2020-07-29 00:52:45,401 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1107#true} {1107#true} #83#return; {1107#true} is VALID [2020-07-29 00:52:45,402 INFO L263 TraceCheckUtils]: 4: Hoare triple {1107#true} call #t~ret13 := main(); {1107#true} is VALID [2020-07-29 00:52:45,402 INFO L280 TraceCheckUtils]: 5: Hoare triple {1107#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {1107#true} is VALID [2020-07-29 00:52:45,402 INFO L280 TraceCheckUtils]: 6: Hoare triple {1107#true} assume !(~length1~0 < 1); {1107#true} is VALID [2020-07-29 00:52:45,403 INFO L280 TraceCheckUtils]: 7: Hoare triple {1107#true} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {1140#(and (<= 0 main_~i~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:45,404 INFO L280 TraceCheckUtils]: 8: Hoare triple {1140#(and (<= 0 main_~i~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {1140#(and (<= 0 main_~i~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:45,405 INFO L280 TraceCheckUtils]: 9: Hoare triple {1140#(and (<= 0 main_~i~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(#t~nondet9, ~nondetString1~0.base, ~nondetString1~0.offset + ~i~0, 1); srcloc: L535 {1140#(and (<= 0 main_~i~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:45,406 INFO L280 TraceCheckUtils]: 10: Hoare triple {1140#(and (<= 0 main_~i~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} havoc #t~nondet9; {1140#(and (<= 0 main_~i~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:45,407 INFO L280 TraceCheckUtils]: 11: Hoare triple {1140#(and (<= 0 main_~i~0) (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset))} #t~post8 := ~i~0;~i~0 := 1 + #t~post8;havoc #t~post8; {1113#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset) (<= 1 main_~i~0))} is VALID [2020-07-29 00:52:45,408 INFO L280 TraceCheckUtils]: 12: Hoare triple {1113#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~nondetString1~0.offset) (<= 1 main_~i~0))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {1114#(and (= 0 main_~nondetString1~0.offset) (<= 1 main_~i~0) (<= (+ main_~i~0 2) (select |#length| main_~nondetString1~0.base)))} is VALID [2020-07-29 00:52:45,409 INFO L280 TraceCheckUtils]: 13: Hoare triple {1114#(and (= 0 main_~nondetString1~0.offset) (<= 1 main_~i~0) (<= (+ main_~i~0 2) (select |#length| main_~nondetString1~0.base)))} assume !(1 + (~nondetString1~0.offset + ~i~0) <= #length[~nondetString1~0.base] && 0 <= ~nondetString1~0.offset + ~i~0); {1108#false} is VALID [2020-07-29 00:52:45,410 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:45,411 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-29 00:52:45,411 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [5, 4] total 6 [2020-07-29 00:52:45,411 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [278597970] [2020-07-29 00:52:45,411 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 14 [2020-07-29 00:52:45,412 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:45,412 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states. [2020-07-29 00:52:45,436 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 21 edges. 21 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:45,436 INFO L459 AbstractCegarLoop]: Interpolant automaton has 7 states [2020-07-29 00:52:45,436 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:45,437 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2020-07-29 00:52:45,437 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2020-07-29 00:52:45,437 INFO L87 Difference]: Start difference. First operand 42 states and 48 transitions. Second operand 7 states. [2020-07-29 00:52:45,897 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:45,897 INFO L93 Difference]: Finished difference Result 49 states and 55 transitions. [2020-07-29 00:52:45,897 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2020-07-29 00:52:45,898 INFO L78 Accepts]: Start accepts. Automaton has 7 states. Word has length 14 [2020-07-29 00:52:45,898 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:52:45,898 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 00:52:45,900 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 47 transitions. [2020-07-29 00:52:45,900 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 7 states. [2020-07-29 00:52:45,902 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 47 transitions. [2020-07-29 00:52:45,902 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 47 transitions. [2020-07-29 00:52:45,975 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 47 edges. 47 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:45,977 INFO L225 Difference]: With dead ends: 49 [2020-07-29 00:52:45,977 INFO L226 Difference]: Without dead ends: 49 [2020-07-29 00:52:45,978 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 20 GetRequests, 13 SyntacticMatches, 1 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=18, Invalid=38, Unknown=0, NotChecked=0, Total=56 [2020-07-29 00:52:45,978 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 49 states. [2020-07-29 00:52:45,981 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 49 to 39. [2020-07-29 00:52:45,981 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:52:45,981 INFO L82 GeneralOperation]: Start isEquivalent. First operand 49 states. Second operand 39 states. [2020-07-29 00:52:45,982 INFO L74 IsIncluded]: Start isIncluded. First operand 49 states. Second operand 39 states. [2020-07-29 00:52:45,982 INFO L87 Difference]: Start difference. First operand 49 states. Second operand 39 states. [2020-07-29 00:52:45,985 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:45,985 INFO L93 Difference]: Finished difference Result 49 states and 55 transitions. [2020-07-29 00:52:45,985 INFO L276 IsEmpty]: Start isEmpty. Operand 49 states and 55 transitions. [2020-07-29 00:52:45,985 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:45,986 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:45,986 INFO L74 IsIncluded]: Start isIncluded. First operand 39 states. Second operand 49 states. [2020-07-29 00:52:45,986 INFO L87 Difference]: Start difference. First operand 39 states. Second operand 49 states. [2020-07-29 00:52:45,989 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:45,989 INFO L93 Difference]: Finished difference Result 49 states and 55 transitions. [2020-07-29 00:52:45,989 INFO L276 IsEmpty]: Start isEmpty. Operand 49 states and 55 transitions. [2020-07-29 00:52:45,990 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:45,990 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:45,990 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:52:45,990 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:52:45,990 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 39 states. [2020-07-29 00:52:45,992 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 39 states to 39 states and 44 transitions. [2020-07-29 00:52:45,992 INFO L78 Accepts]: Start accepts. Automaton has 39 states and 44 transitions. Word has length 14 [2020-07-29 00:52:45,993 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:52:45,993 INFO L479 AbstractCegarLoop]: Abstraction has 39 states and 44 transitions. [2020-07-29 00:52:45,993 INFO L480 AbstractCegarLoop]: Interpolant automaton has 7 states. [2020-07-29 00:52:45,993 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 44 transitions. [2020-07-29 00:52:45,994 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2020-07-29 00:52:45,994 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:45,994 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:46,209 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable6 [2020-07-29 00:52:46,210 INFO L427 AbstractCegarLoop]: === Iteration 8 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:46,211 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:46,211 INFO L82 PathProgramCache]: Analyzing trace with hash -1580673573, now seen corresponding path program 1 times [2020-07-29 00:52:46,212 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:46,212 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [895078395] [2020-07-29 00:52:46,213 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:46,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:46,436 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:46,438 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:46,447 INFO L280 TraceCheckUtils]: 0: Hoare triple {1357#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1346#true} is VALID [2020-07-29 00:52:46,447 INFO L280 TraceCheckUtils]: 1: Hoare triple {1346#true} assume true; {1346#true} is VALID [2020-07-29 00:52:46,447 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1346#true} {1346#true} #83#return; {1346#true} is VALID [2020-07-29 00:52:46,464 INFO L263 TraceCheckUtils]: 0: Hoare triple {1346#true} call ULTIMATE.init(); {1357#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:46,465 INFO L280 TraceCheckUtils]: 1: Hoare triple {1357#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1346#true} is VALID [2020-07-29 00:52:46,465 INFO L280 TraceCheckUtils]: 2: Hoare triple {1346#true} assume true; {1346#true} is VALID [2020-07-29 00:52:46,465 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1346#true} {1346#true} #83#return; {1346#true} is VALID [2020-07-29 00:52:46,465 INFO L263 TraceCheckUtils]: 4: Hoare triple {1346#true} call #t~ret13 := main(); {1346#true} is VALID [2020-07-29 00:52:46,466 INFO L280 TraceCheckUtils]: 5: Hoare triple {1346#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {1346#true} is VALID [2020-07-29 00:52:46,467 INFO L280 TraceCheckUtils]: 6: Hoare triple {1346#true} assume ~length1~0 < 1;~length1~0 := 1; {1351#(and (<= 1 main_~length1~0) (<= main_~length1~0 1))} is VALID [2020-07-29 00:52:46,468 INFO L280 TraceCheckUtils]: 7: Hoare triple {1351#(and (<= 1 main_~length1~0) (<= main_~length1~0 1))} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {1352#(and (<= 1 main_~length1~0) (<= main_~length1~0 1) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:46,472 INFO L280 TraceCheckUtils]: 8: Hoare triple {1352#(and (<= 1 main_~length1~0) (<= main_~length1~0 1) (= 0 main_~nondetString1~0.offset))} assume !(~i~0 < ~length1~0 - 1); {1352#(and (<= 1 main_~length1~0) (<= main_~length1~0 1) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:46,473 INFO L280 TraceCheckUtils]: 9: Hoare triple {1352#(and (<= 1 main_~length1~0) (<= main_~length1~0 1) (= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(0, ~nondetString1~0.base, ~nondetString1~0.offset + (~length1~0 - 1), 1); srcloc: L533-4 {1353#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) main_~nondetString1~0.offset)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:46,474 INFO L280 TraceCheckUtils]: 10: Hoare triple {1353#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) main_~nondetString1~0.offset)) (= 0 main_~nondetString1~0.offset))} assume -2147483648 <= #t~nondet10 && #t~nondet10 <= 2147483647;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; {1353#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) main_~nondetString1~0.offset)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:46,476 INFO L263 TraceCheckUtils]: 11: Hoare triple {1353#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) main_~nondetString1~0.offset)) (= 0 main_~nondetString1~0.offset))} call #t~ret12 := cstrreplace(~nondetString1~0.base, ~nondetString1~0.offset, (if #t~nondet10 % 256 <= 127 then #t~nondet10 % 256 else #t~nondet10 % 256 - 256), (if #t~nondet11 % 256 <= 127 then #t~nondet11 % 256 else #t~nondet11 % 256 - 256)); {1354#(= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) |cstrreplace_#in~s.offset|))} is VALID [2020-07-29 00:52:46,477 INFO L280 TraceCheckUtils]: 12: Hoare triple {1354#(= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) |cstrreplace_#in~s.offset|))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {1355#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) cstrreplace_~p~0.offset))} is VALID [2020-07-29 00:52:46,478 INFO L280 TraceCheckUtils]: 13: Hoare triple {1355#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) cstrreplace_~p~0.offset))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {1356#(= |cstrreplace_#t~mem2| 0)} is VALID [2020-07-29 00:52:46,479 INFO L280 TraceCheckUtils]: 14: Hoare triple {1356#(= |cstrreplace_#t~mem2| 0)} assume !!(0 != #t~mem2);havoc #t~mem2; {1347#false} is VALID [2020-07-29 00:52:46,479 INFO L280 TraceCheckUtils]: 15: Hoare triple {1347#false} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {1347#false} is VALID [2020-07-29 00:52:46,479 INFO L280 TraceCheckUtils]: 16: Hoare triple {1347#false} assume !(#t~mem3 == ~old);havoc #t~mem3; {1347#false} is VALID [2020-07-29 00:52:46,479 INFO L280 TraceCheckUtils]: 17: Hoare triple {1347#false} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {1347#false} is VALID [2020-07-29 00:52:46,480 INFO L280 TraceCheckUtils]: 18: Hoare triple {1347#false} assume !(1 + ~p~0.offset <= #length[~p~0.base] && 0 <= ~p~0.offset); {1347#false} is VALID [2020-07-29 00:52:46,481 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:46,481 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [895078395] [2020-07-29 00:52:46,481 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:52:46,481 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2020-07-29 00:52:46,482 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1916578209] [2020-07-29 00:52:46,482 INFO L78 Accepts]: Start accepts. Automaton has 9 states. Word has length 19 [2020-07-29 00:52:46,483 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:46,483 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states. [2020-07-29 00:52:46,506 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:46,506 INFO L459 AbstractCegarLoop]: Interpolant automaton has 9 states [2020-07-29 00:52:46,506 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:46,506 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2020-07-29 00:52:46,507 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=56, Unknown=0, NotChecked=0, Total=72 [2020-07-29 00:52:46,507 INFO L87 Difference]: Start difference. First operand 39 states and 44 transitions. Second operand 9 states. [2020-07-29 00:52:47,145 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:47,145 INFO L93 Difference]: Finished difference Result 51 states and 55 transitions. [2020-07-29 00:52:47,145 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2020-07-29 00:52:47,145 INFO L78 Accepts]: Start accepts. Automaton has 9 states. Word has length 19 [2020-07-29 00:52:47,146 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:52:47,146 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 9 states. [2020-07-29 00:52:47,147 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 49 transitions. [2020-07-29 00:52:47,148 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 9 states. [2020-07-29 00:52:47,149 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 49 transitions. [2020-07-29 00:52:47,149 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 49 transitions. [2020-07-29 00:52:47,223 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 49 edges. 49 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:47,226 INFO L225 Difference]: With dead ends: 51 [2020-07-29 00:52:47,226 INFO L226 Difference]: Without dead ends: 51 [2020-07-29 00:52:47,227 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=43, Invalid=139, Unknown=0, NotChecked=0, Total=182 [2020-07-29 00:52:47,227 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 51 states. [2020-07-29 00:52:47,230 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 51 to 48. [2020-07-29 00:52:47,230 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:52:47,230 INFO L82 GeneralOperation]: Start isEquivalent. First operand 51 states. Second operand 48 states. [2020-07-29 00:52:47,231 INFO L74 IsIncluded]: Start isIncluded. First operand 51 states. Second operand 48 states. [2020-07-29 00:52:47,231 INFO L87 Difference]: Start difference. First operand 51 states. Second operand 48 states. [2020-07-29 00:52:47,233 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:47,233 INFO L93 Difference]: Finished difference Result 51 states and 55 transitions. [2020-07-29 00:52:47,233 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 55 transitions. [2020-07-29 00:52:47,233 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:47,233 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:47,234 INFO L74 IsIncluded]: Start isIncluded. First operand 48 states. Second operand 51 states. [2020-07-29 00:52:47,234 INFO L87 Difference]: Start difference. First operand 48 states. Second operand 51 states. [2020-07-29 00:52:47,236 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:47,236 INFO L93 Difference]: Finished difference Result 51 states and 55 transitions. [2020-07-29 00:52:47,236 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 55 transitions. [2020-07-29 00:52:47,236 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:47,236 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:47,236 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:52:47,237 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:52:47,237 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 48 states. [2020-07-29 00:52:47,238 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 48 states to 48 states and 53 transitions. [2020-07-29 00:52:47,239 INFO L78 Accepts]: Start accepts. Automaton has 48 states and 53 transitions. Word has length 19 [2020-07-29 00:52:47,239 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:52:47,239 INFO L479 AbstractCegarLoop]: Abstraction has 48 states and 53 transitions. [2020-07-29 00:52:47,239 INFO L480 AbstractCegarLoop]: Interpolant automaton has 9 states. [2020-07-29 00:52:47,239 INFO L276 IsEmpty]: Start isEmpty. Operand 48 states and 53 transitions. [2020-07-29 00:52:47,239 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2020-07-29 00:52:47,240 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:47,240 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:47,240 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2020-07-29 00:52:47,240 INFO L427 AbstractCegarLoop]: === Iteration 9 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:47,240 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:47,240 INFO L82 PathProgramCache]: Analyzing trace with hash 2127487709, now seen corresponding path program 1 times [2020-07-29 00:52:47,241 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:47,241 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [670554477] [2020-07-29 00:52:47,241 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:47,257 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:47,471 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:47,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:47,482 INFO L280 TraceCheckUtils]: 0: Hoare triple {1583#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1571#true} is VALID [2020-07-29 00:52:47,482 INFO L280 TraceCheckUtils]: 1: Hoare triple {1571#true} assume true; {1571#true} is VALID [2020-07-29 00:52:47,482 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1571#true} {1571#true} #83#return; {1571#true} is VALID [2020-07-29 00:52:47,484 INFO L263 TraceCheckUtils]: 0: Hoare triple {1571#true} call ULTIMATE.init(); {1583#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:47,484 INFO L280 TraceCheckUtils]: 1: Hoare triple {1583#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1571#true} is VALID [2020-07-29 00:52:47,484 INFO L280 TraceCheckUtils]: 2: Hoare triple {1571#true} assume true; {1571#true} is VALID [2020-07-29 00:52:47,484 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1571#true} {1571#true} #83#return; {1571#true} is VALID [2020-07-29 00:52:47,485 INFO L263 TraceCheckUtils]: 4: Hoare triple {1571#true} call #t~ret13 := main(); {1571#true} is VALID [2020-07-29 00:52:47,485 INFO L280 TraceCheckUtils]: 5: Hoare triple {1571#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {1571#true} is VALID [2020-07-29 00:52:47,486 INFO L280 TraceCheckUtils]: 6: Hoare triple {1571#true} assume !(~length1~0 < 1); {1576#(<= 1 main_~length1~0)} is VALID [2020-07-29 00:52:47,488 INFO L280 TraceCheckUtils]: 7: Hoare triple {1576#(<= 1 main_~length1~0)} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {1577#(and (or (= 1 (+ main_~nondetString1~0.offset main_~length1~0)) (= 0 main_~i~0)) (<= 1 main_~length1~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:47,489 INFO L280 TraceCheckUtils]: 8: Hoare triple {1577#(and (or (= 1 (+ main_~nondetString1~0.offset main_~length1~0)) (= 0 main_~i~0)) (<= 1 main_~length1~0) (= 0 main_~nondetString1~0.offset))} assume !(~i~0 < ~length1~0 - 1); {1578#(and (<= 1 main_~length1~0) (<= main_~length1~0 1) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:47,490 INFO L280 TraceCheckUtils]: 9: Hoare triple {1578#(and (<= 1 main_~length1~0) (<= main_~length1~0 1) (= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(0, ~nondetString1~0.base, ~nondetString1~0.offset + (~length1~0 - 1), 1); srcloc: L533-4 {1579#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) main_~nondetString1~0.offset)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:47,491 INFO L280 TraceCheckUtils]: 10: Hoare triple {1579#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) main_~nondetString1~0.offset)) (= 0 main_~nondetString1~0.offset))} assume -2147483648 <= #t~nondet10 && #t~nondet10 <= 2147483647;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; {1579#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) main_~nondetString1~0.offset)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:47,493 INFO L263 TraceCheckUtils]: 11: Hoare triple {1579#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) main_~nondetString1~0.offset)) (= 0 main_~nondetString1~0.offset))} call #t~ret12 := cstrreplace(~nondetString1~0.base, ~nondetString1~0.offset, (if #t~nondet10 % 256 <= 127 then #t~nondet10 % 256 else #t~nondet10 % 256 - 256), (if #t~nondet11 % 256 <= 127 then #t~nondet11 % 256 else #t~nondet11 % 256 - 256)); {1580#(= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) |cstrreplace_#in~s.offset|))} is VALID [2020-07-29 00:52:47,494 INFO L280 TraceCheckUtils]: 12: Hoare triple {1580#(= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) |cstrreplace_#in~s.offset|))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {1581#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) cstrreplace_~p~0.offset))} is VALID [2020-07-29 00:52:47,495 INFO L280 TraceCheckUtils]: 13: Hoare triple {1581#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) cstrreplace_~p~0.offset))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {1582#(= |cstrreplace_#t~mem2| 0)} is VALID [2020-07-29 00:52:47,496 INFO L280 TraceCheckUtils]: 14: Hoare triple {1582#(= |cstrreplace_#t~mem2| 0)} assume !!(0 != #t~mem2);havoc #t~mem2; {1572#false} is VALID [2020-07-29 00:52:47,496 INFO L280 TraceCheckUtils]: 15: Hoare triple {1572#false} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {1572#false} is VALID [2020-07-29 00:52:47,496 INFO L280 TraceCheckUtils]: 16: Hoare triple {1572#false} assume !(#t~mem3 == ~old);havoc #t~mem3; {1572#false} is VALID [2020-07-29 00:52:47,496 INFO L280 TraceCheckUtils]: 17: Hoare triple {1572#false} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {1572#false} is VALID [2020-07-29 00:52:47,497 INFO L280 TraceCheckUtils]: 18: Hoare triple {1572#false} assume !(1 + ~p~0.offset <= #length[~p~0.base] && 0 <= ~p~0.offset); {1572#false} is VALID [2020-07-29 00:52:47,498 INFO L134 CoverageAnalysis]: Checked inductivity of 1 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:47,498 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [670554477] [2020-07-29 00:52:47,498 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:52:47,499 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2020-07-29 00:52:47,499 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1728349378] [2020-07-29 00:52:47,500 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 19 [2020-07-29 00:52:47,500 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:47,500 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states. [2020-07-29 00:52:47,521 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:47,521 INFO L459 AbstractCegarLoop]: Interpolant automaton has 10 states [2020-07-29 00:52:47,521 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:47,521 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2020-07-29 00:52:47,521 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=20, Invalid=70, Unknown=0, NotChecked=0, Total=90 [2020-07-29 00:52:47,522 INFO L87 Difference]: Start difference. First operand 48 states and 53 transitions. Second operand 10 states. [2020-07-29 00:52:48,207 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:48,207 INFO L93 Difference]: Finished difference Result 64 states and 69 transitions. [2020-07-29 00:52:48,207 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2020-07-29 00:52:48,207 INFO L78 Accepts]: Start accepts. Automaton has 10 states. Word has length 19 [2020-07-29 00:52:48,207 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:52:48,207 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-29 00:52:48,210 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 52 transitions. [2020-07-29 00:52:48,210 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 10 states. [2020-07-29 00:52:48,212 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 52 transitions. [2020-07-29 00:52:48,212 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 52 transitions. [2020-07-29 00:52:48,291 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 52 edges. 52 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:48,294 INFO L225 Difference]: With dead ends: 64 [2020-07-29 00:52:48,294 INFO L226 Difference]: Without dead ends: 64 [2020-07-29 00:52:48,295 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=48, Invalid=162, Unknown=0, NotChecked=0, Total=210 [2020-07-29 00:52:48,295 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 64 states. [2020-07-29 00:52:48,298 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 64 to 49. [2020-07-29 00:52:48,298 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:52:48,299 INFO L82 GeneralOperation]: Start isEquivalent. First operand 64 states. Second operand 49 states. [2020-07-29 00:52:48,299 INFO L74 IsIncluded]: Start isIncluded. First operand 64 states. Second operand 49 states. [2020-07-29 00:52:48,299 INFO L87 Difference]: Start difference. First operand 64 states. Second operand 49 states. [2020-07-29 00:52:48,301 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:48,301 INFO L93 Difference]: Finished difference Result 64 states and 69 transitions. [2020-07-29 00:52:48,301 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 69 transitions. [2020-07-29 00:52:48,302 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:48,302 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:48,302 INFO L74 IsIncluded]: Start isIncluded. First operand 49 states. Second operand 64 states. [2020-07-29 00:52:48,302 INFO L87 Difference]: Start difference. First operand 49 states. Second operand 64 states. [2020-07-29 00:52:48,304 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:48,304 INFO L93 Difference]: Finished difference Result 64 states and 69 transitions. [2020-07-29 00:52:48,305 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 69 transitions. [2020-07-29 00:52:48,305 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:48,305 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:48,305 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:52:48,305 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:52:48,305 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 49 states. [2020-07-29 00:52:48,307 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 49 states to 49 states and 55 transitions. [2020-07-29 00:52:48,307 INFO L78 Accepts]: Start accepts. Automaton has 49 states and 55 transitions. Word has length 19 [2020-07-29 00:52:48,308 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:52:48,308 INFO L479 AbstractCegarLoop]: Abstraction has 49 states and 55 transitions. [2020-07-29 00:52:48,308 INFO L480 AbstractCegarLoop]: Interpolant automaton has 10 states. [2020-07-29 00:52:48,308 INFO L276 IsEmpty]: Start isEmpty. Operand 49 states and 55 transitions. [2020-07-29 00:52:48,308 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2020-07-29 00:52:48,308 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:48,309 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:48,309 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2020-07-29 00:52:48,309 INFO L427 AbstractCegarLoop]: === Iteration 10 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:48,309 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:48,309 INFO L82 PathProgramCache]: Analyzing trace with hash -1797581199, now seen corresponding path program 1 times [2020-07-29 00:52:48,310 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:48,310 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [927942473] [2020-07-29 00:52:48,310 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:48,327 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:48,390 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:48,391 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:48,401 INFO L280 TraceCheckUtils]: 0: Hoare triple {1850#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1837#true} is VALID [2020-07-29 00:52:48,401 INFO L280 TraceCheckUtils]: 1: Hoare triple {1837#true} assume true; {1837#true} is VALID [2020-07-29 00:52:48,401 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {1837#true} {1837#true} #83#return; {1837#true} is VALID [2020-07-29 00:52:48,411 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2020-07-29 00:52:48,415 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:48,422 INFO L280 TraceCheckUtils]: 0: Hoare triple {1851#(= |#memory_int| |old(#memory_int)|)} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {1837#true} is VALID [2020-07-29 00:52:48,423 INFO L280 TraceCheckUtils]: 1: Hoare triple {1837#true} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {1837#true} is VALID [2020-07-29 00:52:48,423 INFO L280 TraceCheckUtils]: 2: Hoare triple {1837#true} assume !(0 != #t~mem2);havoc #t~mem2; {1837#true} is VALID [2020-07-29 00:52:48,423 INFO L280 TraceCheckUtils]: 3: Hoare triple {1837#true} #res := ~numReplaced~0; {1837#true} is VALID [2020-07-29 00:52:48,423 INFO L280 TraceCheckUtils]: 4: Hoare triple {1837#true} assume true; {1837#true} is VALID [2020-07-29 00:52:48,425 INFO L275 TraceCheckUtils]: 5: Hoare quadruple {1837#true} {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} #81#return; {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} is VALID [2020-07-29 00:52:48,427 INFO L263 TraceCheckUtils]: 0: Hoare triple {1837#true} call ULTIMATE.init(); {1850#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:48,427 INFO L280 TraceCheckUtils]: 1: Hoare triple {1850#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {1837#true} is VALID [2020-07-29 00:52:48,427 INFO L280 TraceCheckUtils]: 2: Hoare triple {1837#true} assume true; {1837#true} is VALID [2020-07-29 00:52:48,427 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {1837#true} {1837#true} #83#return; {1837#true} is VALID [2020-07-29 00:52:48,428 INFO L263 TraceCheckUtils]: 4: Hoare triple {1837#true} call #t~ret13 := main(); {1842#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 00:52:48,429 INFO L280 TraceCheckUtils]: 5: Hoare triple {1842#(= |#valid| |old(#valid)|)} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {1842#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 00:52:48,430 INFO L280 TraceCheckUtils]: 6: Hoare triple {1842#(= |#valid| |old(#valid)|)} assume ~length1~0 < 1;~length1~0 := 1; {1842#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 00:52:48,432 INFO L280 TraceCheckUtils]: 7: Hoare triple {1842#(= |#valid| |old(#valid)|)} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} is VALID [2020-07-29 00:52:48,432 INFO L280 TraceCheckUtils]: 8: Hoare triple {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} assume !(~i~0 < ~length1~0 - 1); {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} is VALID [2020-07-29 00:52:48,433 INFO L280 TraceCheckUtils]: 9: Hoare triple {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} SUMMARY for call write~int(0, ~nondetString1~0.base, ~nondetString1~0.offset + (~length1~0 - 1), 1); srcloc: L533-4 {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} is VALID [2020-07-29 00:52:48,433 INFO L280 TraceCheckUtils]: 10: Hoare triple {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} assume -2147483648 <= #t~nondet10 && #t~nondet10 <= 2147483647;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} is VALID [2020-07-29 00:52:48,435 INFO L263 TraceCheckUtils]: 11: Hoare triple {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} call #t~ret12 := cstrreplace(~nondetString1~0.base, ~nondetString1~0.offset, (if #t~nondet10 % 256 <= 127 then #t~nondet10 % 256 else #t~nondet10 % 256 - 256), (if #t~nondet11 % 256 <= 127 then #t~nondet11 % 256 else #t~nondet11 % 256 - 256)); {1851#(= |#memory_int| |old(#memory_int)|)} is VALID [2020-07-29 00:52:48,435 INFO L280 TraceCheckUtils]: 12: Hoare triple {1851#(= |#memory_int| |old(#memory_int)|)} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {1837#true} is VALID [2020-07-29 00:52:48,435 INFO L280 TraceCheckUtils]: 13: Hoare triple {1837#true} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {1837#true} is VALID [2020-07-29 00:52:48,436 INFO L280 TraceCheckUtils]: 14: Hoare triple {1837#true} assume !(0 != #t~mem2);havoc #t~mem2; {1837#true} is VALID [2020-07-29 00:52:48,436 INFO L280 TraceCheckUtils]: 15: Hoare triple {1837#true} #res := ~numReplaced~0; {1837#true} is VALID [2020-07-29 00:52:48,436 INFO L280 TraceCheckUtils]: 16: Hoare triple {1837#true} assume true; {1837#true} is VALID [2020-07-29 00:52:48,437 INFO L275 TraceCheckUtils]: 17: Hoare quadruple {1837#true} {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} #81#return; {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} is VALID [2020-07-29 00:52:48,438 INFO L280 TraceCheckUtils]: 18: Hoare triple {1843#(= (store |#valid| |main_#t~malloc7.base| 0) |old(#valid)|)} assume -2147483648 <= #t~ret12 && #t~ret12 <= 2147483647;#res := #t~ret12;havoc #t~nondet10;havoc #t~ret12;havoc #t~nondet11;call ULTIMATE.dealloc(#t~malloc7.base, #t~malloc7.offset);havoc #t~malloc7.base, #t~malloc7.offset; {1842#(= |#valid| |old(#valid)|)} is VALID [2020-07-29 00:52:48,439 INFO L280 TraceCheckUtils]: 19: Hoare triple {1842#(= |#valid| |old(#valid)|)} assume !(#valid == old(#valid)); {1838#false} is VALID [2020-07-29 00:52:48,440 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:48,440 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [927942473] [2020-07-29 00:52:48,440 INFO L220 FreeRefinementEngine]: Constructing automaton from 1 perfect and 0 imperfect interpolant sequences. [2020-07-29 00:52:48,440 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2020-07-29 00:52:48,440 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1415232786] [2020-07-29 00:52:48,441 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 20 [2020-07-29 00:52:48,441 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:48,441 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states. [2020-07-29 00:52:48,464 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:48,464 INFO L459 AbstractCegarLoop]: Interpolant automaton has 6 states [2020-07-29 00:52:48,464 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:48,465 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2020-07-29 00:52:48,465 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2020-07-29 00:52:48,465 INFO L87 Difference]: Start difference. First operand 49 states and 55 transitions. Second operand 6 states. [2020-07-29 00:52:48,729 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:48,729 INFO L93 Difference]: Finished difference Result 61 states and 69 transitions. [2020-07-29 00:52:48,729 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2020-07-29 00:52:48,729 INFO L78 Accepts]: Start accepts. Automaton has 6 states. Word has length 20 [2020-07-29 00:52:48,730 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:52:48,730 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-29 00:52:48,732 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 53 transitions. [2020-07-29 00:52:48,732 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 6 states. [2020-07-29 00:52:48,733 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 53 transitions. [2020-07-29 00:52:48,733 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 53 transitions. [2020-07-29 00:52:48,810 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 53 edges. 53 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:48,811 INFO L225 Difference]: With dead ends: 61 [2020-07-29 00:52:48,811 INFO L226 Difference]: Without dead ends: 42 [2020-07-29 00:52:48,812 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2020-07-29 00:52:48,812 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 42 states. [2020-07-29 00:52:48,814 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 42 to 32. [2020-07-29 00:52:48,814 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:52:48,815 INFO L82 GeneralOperation]: Start isEquivalent. First operand 42 states. Second operand 32 states. [2020-07-29 00:52:48,815 INFO L74 IsIncluded]: Start isIncluded. First operand 42 states. Second operand 32 states. [2020-07-29 00:52:48,815 INFO L87 Difference]: Start difference. First operand 42 states. Second operand 32 states. [2020-07-29 00:52:48,816 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:48,816 INFO L93 Difference]: Finished difference Result 42 states and 46 transitions. [2020-07-29 00:52:48,817 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 46 transitions. [2020-07-29 00:52:48,817 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:48,817 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:48,817 INFO L74 IsIncluded]: Start isIncluded. First operand 32 states. Second operand 42 states. [2020-07-29 00:52:48,817 INFO L87 Difference]: Start difference. First operand 32 states. Second operand 42 states. [2020-07-29 00:52:48,818 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:48,819 INFO L93 Difference]: Finished difference Result 42 states and 46 transitions. [2020-07-29 00:52:48,819 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 46 transitions. [2020-07-29 00:52:48,819 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:48,819 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:48,819 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:52:48,819 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:52:48,819 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 32 states. [2020-07-29 00:52:48,820 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 32 states to 32 states and 35 transitions. [2020-07-29 00:52:48,820 INFO L78 Accepts]: Start accepts. Automaton has 32 states and 35 transitions. Word has length 20 [2020-07-29 00:52:48,821 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:52:48,821 INFO L479 AbstractCegarLoop]: Abstraction has 32 states and 35 transitions. [2020-07-29 00:52:48,821 INFO L480 AbstractCegarLoop]: Interpolant automaton has 6 states. [2020-07-29 00:52:48,821 INFO L276 IsEmpty]: Start isEmpty. Operand 32 states and 35 transitions. [2020-07-29 00:52:48,821 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 24 [2020-07-29 00:52:48,821 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:48,822 INFO L422 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:48,822 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2020-07-29 00:52:48,822 INFO L427 AbstractCegarLoop]: === Iteration 11 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:48,822 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:48,822 INFO L82 PathProgramCache]: Analyzing trace with hash 956679290, now seen corresponding path program 1 times [2020-07-29 00:52:48,823 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:48,823 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1621437904] [2020-07-29 00:52:48,823 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:48,837 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:48,979 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:48,980 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:48,983 INFO L280 TraceCheckUtils]: 0: Hoare triple {2046#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2036#true} is VALID [2020-07-29 00:52:48,984 INFO L280 TraceCheckUtils]: 1: Hoare triple {2036#true} assume true; {2036#true} is VALID [2020-07-29 00:52:48,984 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2036#true} {2036#true} #83#return; {2036#true} is VALID [2020-07-29 00:52:48,985 INFO L263 TraceCheckUtils]: 0: Hoare triple {2036#true} call ULTIMATE.init(); {2046#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:48,986 INFO L280 TraceCheckUtils]: 1: Hoare triple {2046#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2036#true} is VALID [2020-07-29 00:52:48,986 INFO L280 TraceCheckUtils]: 2: Hoare triple {2036#true} assume true; {2036#true} is VALID [2020-07-29 00:52:48,986 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2036#true} {2036#true} #83#return; {2036#true} is VALID [2020-07-29 00:52:48,986 INFO L263 TraceCheckUtils]: 4: Hoare triple {2036#true} call #t~ret13 := main(); {2036#true} is VALID [2020-07-29 00:52:48,986 INFO L280 TraceCheckUtils]: 5: Hoare triple {2036#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {2036#true} is VALID [2020-07-29 00:52:48,987 INFO L280 TraceCheckUtils]: 6: Hoare triple {2036#true} assume !(~length1~0 < 1); {2036#true} is VALID [2020-07-29 00:52:48,988 INFO L280 TraceCheckUtils]: 7: Hoare triple {2036#true} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {2041#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:48,989 INFO L280 TraceCheckUtils]: 8: Hoare triple {2041#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:48,989 INFO L280 TraceCheckUtils]: 9: Hoare triple {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(#t~nondet9, ~nondetString1~0.base, ~nondetString1~0.offset + ~i~0, 1); srcloc: L535 {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:48,990 INFO L280 TraceCheckUtils]: 10: Hoare triple {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} havoc #t~nondet9; {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:48,991 INFO L280 TraceCheckUtils]: 11: Hoare triple {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} #t~post8 := ~i~0;~i~0 := 1 + #t~post8;havoc #t~post8; {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:48,992 INFO L280 TraceCheckUtils]: 12: Hoare triple {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} assume !(~i~0 < ~length1~0 - 1); {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:48,994 INFO L280 TraceCheckUtils]: 13: Hoare triple {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(0, ~nondetString1~0.base, ~nondetString1~0.offset + (~length1~0 - 1), 1); srcloc: L533-4 {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:48,995 INFO L280 TraceCheckUtils]: 14: Hoare triple {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} assume -2147483648 <= #t~nondet10 && #t~nondet10 <= 2147483647;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:48,997 INFO L263 TraceCheckUtils]: 15: Hoare triple {2042#(and (<= 2 (select |#length| main_~nondetString1~0.base)) (= 0 main_~nondetString1~0.offset))} call #t~ret12 := cstrreplace(~nondetString1~0.base, ~nondetString1~0.offset, (if #t~nondet10 % 256 <= 127 then #t~nondet10 % 256 else #t~nondet10 % 256 - 256), (if #t~nondet11 % 256 <= 127 then #t~nondet11 % 256 else #t~nondet11 % 256 - 256)); {2043#(and (<= 2 (select |#length| |cstrreplace_#in~s.base|)) (= |cstrreplace_#in~s.offset| 0))} is VALID [2020-07-29 00:52:48,998 INFO L280 TraceCheckUtils]: 16: Hoare triple {2043#(and (<= 2 (select |#length| |cstrreplace_#in~s.base|)) (= |cstrreplace_#in~s.offset| 0))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {2044#(and (= 0 cstrreplace_~p~0.offset) (<= 2 (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:48,999 INFO L280 TraceCheckUtils]: 17: Hoare triple {2044#(and (= 0 cstrreplace_~p~0.offset) (<= 2 (select |#length| cstrreplace_~p~0.base)))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2044#(and (= 0 cstrreplace_~p~0.offset) (<= 2 (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:49,000 INFO L280 TraceCheckUtils]: 18: Hoare triple {2044#(and (= 0 cstrreplace_~p~0.offset) (<= 2 (select |#length| cstrreplace_~p~0.base)))} assume !!(0 != #t~mem2);havoc #t~mem2; {2044#(and (= 0 cstrreplace_~p~0.offset) (<= 2 (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:49,002 INFO L280 TraceCheckUtils]: 19: Hoare triple {2044#(and (= 0 cstrreplace_~p~0.offset) (<= 2 (select |#length| cstrreplace_~p~0.base)))} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2044#(and (= 0 cstrreplace_~p~0.offset) (<= 2 (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:49,003 INFO L280 TraceCheckUtils]: 20: Hoare triple {2044#(and (= 0 cstrreplace_~p~0.offset) (<= 2 (select |#length| cstrreplace_~p~0.base)))} assume !(#t~mem3 == ~old);havoc #t~mem3; {2044#(and (= 0 cstrreplace_~p~0.offset) (<= 2 (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:49,005 INFO L280 TraceCheckUtils]: 21: Hoare triple {2044#(and (= 0 cstrreplace_~p~0.offset) (<= 2 (select |#length| cstrreplace_~p~0.base)))} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2045#(and (<= 1 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 1) (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:49,008 INFO L280 TraceCheckUtils]: 22: Hoare triple {2045#(and (<= 1 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 1) (select |#length| cstrreplace_~p~0.base)))} assume !(1 + ~p~0.offset <= #length[~p~0.base] && 0 <= ~p~0.offset); {2037#false} is VALID [2020-07-29 00:52:49,010 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:49,010 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1621437904] [2020-07-29 00:52:49,010 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [660732601] [2020-07-29 00:52:49,011 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 3 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:52:49,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:49,110 INFO L263 TraceCheckSpWp]: Trace formula consists of 111 conjuncts, 20 conjunts are in the unsatisfiable core [2020-07-29 00:52:49,125 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:49,127 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 00:52:49,449 INFO L263 TraceCheckUtils]: 0: Hoare triple {2036#true} call ULTIMATE.init(); {2036#true} is VALID [2020-07-29 00:52:49,449 INFO L280 TraceCheckUtils]: 1: Hoare triple {2036#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2036#true} is VALID [2020-07-29 00:52:49,449 INFO L280 TraceCheckUtils]: 2: Hoare triple {2036#true} assume true; {2036#true} is VALID [2020-07-29 00:52:49,450 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2036#true} {2036#true} #83#return; {2036#true} is VALID [2020-07-29 00:52:49,450 INFO L263 TraceCheckUtils]: 4: Hoare triple {2036#true} call #t~ret13 := main(); {2036#true} is VALID [2020-07-29 00:52:49,450 INFO L280 TraceCheckUtils]: 5: Hoare triple {2036#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {2036#true} is VALID [2020-07-29 00:52:49,450 INFO L280 TraceCheckUtils]: 6: Hoare triple {2036#true} assume !(~length1~0 < 1); {2036#true} is VALID [2020-07-29 00:52:49,451 INFO L280 TraceCheckUtils]: 7: Hoare triple {2036#true} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {2071#(<= 0 main_~i~0)} is VALID [2020-07-29 00:52:49,452 INFO L280 TraceCheckUtils]: 8: Hoare triple {2071#(<= 0 main_~i~0)} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {2075#(<= 2 main_~length1~0)} is VALID [2020-07-29 00:52:49,452 INFO L280 TraceCheckUtils]: 9: Hoare triple {2075#(<= 2 main_~length1~0)} SUMMARY for call write~int(#t~nondet9, ~nondetString1~0.base, ~nondetString1~0.offset + ~i~0, 1); srcloc: L535 {2075#(<= 2 main_~length1~0)} is VALID [2020-07-29 00:52:49,453 INFO L280 TraceCheckUtils]: 10: Hoare triple {2075#(<= 2 main_~length1~0)} havoc #t~nondet9; {2075#(<= 2 main_~length1~0)} is VALID [2020-07-29 00:52:49,453 INFO L280 TraceCheckUtils]: 11: Hoare triple {2075#(<= 2 main_~length1~0)} #t~post8 := ~i~0;~i~0 := 1 + #t~post8;havoc #t~post8; {2075#(<= 2 main_~length1~0)} is VALID [2020-07-29 00:52:49,453 INFO L280 TraceCheckUtils]: 12: Hoare triple {2075#(<= 2 main_~length1~0)} assume !(~i~0 < ~length1~0 - 1); {2075#(<= 2 main_~length1~0)} is VALID [2020-07-29 00:52:49,454 INFO L280 TraceCheckUtils]: 13: Hoare triple {2075#(<= 2 main_~length1~0)} SUMMARY for call write~int(0, ~nondetString1~0.base, ~nondetString1~0.offset + (~length1~0 - 1), 1); srcloc: L533-4 {2091#(<= (+ main_~nondetString1~0.offset 2) (select |#length| main_~nondetString1~0.base))} is VALID [2020-07-29 00:52:49,455 INFO L280 TraceCheckUtils]: 14: Hoare triple {2091#(<= (+ main_~nondetString1~0.offset 2) (select |#length| main_~nondetString1~0.base))} assume -2147483648 <= #t~nondet10 && #t~nondet10 <= 2147483647;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; {2091#(<= (+ main_~nondetString1~0.offset 2) (select |#length| main_~nondetString1~0.base))} is VALID [2020-07-29 00:52:49,456 INFO L263 TraceCheckUtils]: 15: Hoare triple {2091#(<= (+ main_~nondetString1~0.offset 2) (select |#length| main_~nondetString1~0.base))} call #t~ret12 := cstrreplace(~nondetString1~0.base, ~nondetString1~0.offset, (if #t~nondet10 % 256 <= 127 then #t~nondet10 % 256 else #t~nondet10 % 256 - 256), (if #t~nondet11 % 256 <= 127 then #t~nondet11 % 256 else #t~nondet11 % 256 - 256)); {2098#(<= (+ |cstrreplace_#in~s.offset| 2) (select |#length| |cstrreplace_#in~s.base|))} is VALID [2020-07-29 00:52:49,459 INFO L280 TraceCheckUtils]: 16: Hoare triple {2098#(<= (+ |cstrreplace_#in~s.offset| 2) (select |#length| |cstrreplace_#in~s.base|))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {2102#(<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base))} is VALID [2020-07-29 00:52:49,460 INFO L280 TraceCheckUtils]: 17: Hoare triple {2102#(<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2106#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:49,461 INFO L280 TraceCheckUtils]: 18: Hoare triple {2106#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} assume !!(0 != #t~mem2);havoc #t~mem2; {2106#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:49,462 INFO L280 TraceCheckUtils]: 19: Hoare triple {2106#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2106#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:49,462 INFO L280 TraceCheckUtils]: 20: Hoare triple {2106#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} assume !(#t~mem3 == ~old);havoc #t~mem3; {2106#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:49,463 INFO L280 TraceCheckUtils]: 21: Hoare triple {2106#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2045#(and (<= 1 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 1) (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:49,463 INFO L280 TraceCheckUtils]: 22: Hoare triple {2045#(and (<= 1 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 1) (select |#length| cstrreplace_~p~0.base)))} assume !(1 + ~p~0.offset <= #length[~p~0.base] && 0 <= ~p~0.offset); {2037#false} is VALID [2020-07-29 00:52:49,465 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:49,465 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-29 00:52:49,465 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 8] total 13 [2020-07-29 00:52:49,466 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [692286560] [2020-07-29 00:52:49,466 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 23 [2020-07-29 00:52:49,467 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:49,467 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states. [2020-07-29 00:52:49,525 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:49,525 INFO L459 AbstractCegarLoop]: Interpolant automaton has 14 states [2020-07-29 00:52:49,525 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:49,526 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2020-07-29 00:52:49,526 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=31, Invalid=151, Unknown=0, NotChecked=0, Total=182 [2020-07-29 00:52:49,526 INFO L87 Difference]: Start difference. First operand 32 states and 35 transitions. Second operand 14 states. [2020-07-29 00:52:50,347 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:50,347 INFO L93 Difference]: Finished difference Result 44 states and 48 transitions. [2020-07-29 00:52:50,347 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2020-07-29 00:52:50,348 INFO L78 Accepts]: Start accepts. Automaton has 14 states. Word has length 23 [2020-07-29 00:52:50,348 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:52:50,348 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 14 states. [2020-07-29 00:52:50,350 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 51 transitions. [2020-07-29 00:52:50,350 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 14 states. [2020-07-29 00:52:50,351 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 51 transitions. [2020-07-29 00:52:50,351 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 51 transitions. [2020-07-29 00:52:50,435 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 51 edges. 51 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:50,436 INFO L225 Difference]: With dead ends: 44 [2020-07-29 00:52:50,436 INFO L226 Difference]: Without dead ends: 44 [2020-07-29 00:52:50,437 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 35 GetRequests, 18 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 22 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=66, Invalid=276, Unknown=0, NotChecked=0, Total=342 [2020-07-29 00:52:50,438 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 44 states. [2020-07-29 00:52:50,439 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 44 to 39. [2020-07-29 00:52:50,440 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:52:50,440 INFO L82 GeneralOperation]: Start isEquivalent. First operand 44 states. Second operand 39 states. [2020-07-29 00:52:50,440 INFO L74 IsIncluded]: Start isIncluded. First operand 44 states. Second operand 39 states. [2020-07-29 00:52:50,440 INFO L87 Difference]: Start difference. First operand 44 states. Second operand 39 states. [2020-07-29 00:52:50,441 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:50,441 INFO L93 Difference]: Finished difference Result 44 states and 48 transitions. [2020-07-29 00:52:50,441 INFO L276 IsEmpty]: Start isEmpty. Operand 44 states and 48 transitions. [2020-07-29 00:52:50,442 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:50,442 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:50,442 INFO L74 IsIncluded]: Start isIncluded. First operand 39 states. Second operand 44 states. [2020-07-29 00:52:50,442 INFO L87 Difference]: Start difference. First operand 39 states. Second operand 44 states. [2020-07-29 00:52:50,443 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:52:50,443 INFO L93 Difference]: Finished difference Result 44 states and 48 transitions. [2020-07-29 00:52:50,443 INFO L276 IsEmpty]: Start isEmpty. Operand 44 states and 48 transitions. [2020-07-29 00:52:50,444 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:52:50,444 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:52:50,444 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:52:50,444 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:52:50,444 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 39 states. [2020-07-29 00:52:50,445 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 39 states to 39 states and 43 transitions. [2020-07-29 00:52:50,445 INFO L78 Accepts]: Start accepts. Automaton has 39 states and 43 transitions. Word has length 23 [2020-07-29 00:52:50,445 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:52:50,445 INFO L479 AbstractCegarLoop]: Abstraction has 39 states and 43 transitions. [2020-07-29 00:52:50,445 INFO L480 AbstractCegarLoop]: Interpolant automaton has 14 states. [2020-07-29 00:52:50,446 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 43 transitions. [2020-07-29 00:52:50,446 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2020-07-29 00:52:50,446 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:52:50,446 INFO L422 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:52:50,649 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10,3 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:52:50,650 INFO L427 AbstractCegarLoop]: === Iteration 12 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:52:50,650 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:52:50,651 INFO L82 PathProgramCache]: Analyzing trace with hash -403117159, now seen corresponding path program 2 times [2020-07-29 00:52:50,651 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:52:50,654 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [925668771] [2020-07-29 00:52:50,655 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:52:50,700 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:51,095 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:52:51,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:51,099 INFO L280 TraceCheckUtils]: 0: Hoare triple {2316#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2302#true} is VALID [2020-07-29 00:52:51,100 INFO L280 TraceCheckUtils]: 1: Hoare triple {2302#true} assume true; {2302#true} is VALID [2020-07-29 00:52:51,100 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2302#true} {2302#true} #83#return; {2302#true} is VALID [2020-07-29 00:52:51,101 INFO L263 TraceCheckUtils]: 0: Hoare triple {2302#true} call ULTIMATE.init(); {2316#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:52:51,101 INFO L280 TraceCheckUtils]: 1: Hoare triple {2316#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2302#true} is VALID [2020-07-29 00:52:51,101 INFO L280 TraceCheckUtils]: 2: Hoare triple {2302#true} assume true; {2302#true} is VALID [2020-07-29 00:52:51,102 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2302#true} {2302#true} #83#return; {2302#true} is VALID [2020-07-29 00:52:51,102 INFO L263 TraceCheckUtils]: 4: Hoare triple {2302#true} call #t~ret13 := main(); {2302#true} is VALID [2020-07-29 00:52:51,102 INFO L280 TraceCheckUtils]: 5: Hoare triple {2302#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {2302#true} is VALID [2020-07-29 00:52:51,102 INFO L280 TraceCheckUtils]: 6: Hoare triple {2302#true} assume !(~length1~0 < 1); {2302#true} is VALID [2020-07-29 00:52:51,103 INFO L280 TraceCheckUtils]: 7: Hoare triple {2302#true} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {2307#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:51,105 INFO L280 TraceCheckUtils]: 8: Hoare triple {2307#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {2308#(and (or (and (= 0 main_~i~0) (<= (+ main_~i~0 2) main_~length1~0)) (= 2 (+ main_~nondetString1~0.offset main_~length1~0))) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:51,107 INFO L280 TraceCheckUtils]: 9: Hoare triple {2308#(and (or (and (= 0 main_~i~0) (<= (+ main_~i~0 2) main_~length1~0)) (= 2 (+ main_~nondetString1~0.offset main_~length1~0))) (= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(#t~nondet9, ~nondetString1~0.base, ~nondetString1~0.offset + ~i~0, 1); srcloc: L535 {2308#(and (or (and (= 0 main_~i~0) (<= (+ main_~i~0 2) main_~length1~0)) (= 2 (+ main_~nondetString1~0.offset main_~length1~0))) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:51,108 INFO L280 TraceCheckUtils]: 10: Hoare triple {2308#(and (or (and (= 0 main_~i~0) (<= (+ main_~i~0 2) main_~length1~0)) (= 2 (+ main_~nondetString1~0.offset main_~length1~0))) (= 0 main_~nondetString1~0.offset))} havoc #t~nondet9; {2308#(and (or (and (= 0 main_~i~0) (<= (+ main_~i~0 2) main_~length1~0)) (= 2 (+ main_~nondetString1~0.offset main_~length1~0))) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:51,112 INFO L280 TraceCheckUtils]: 11: Hoare triple {2308#(and (or (and (= 0 main_~i~0) (<= (+ main_~i~0 2) main_~length1~0)) (= 2 (+ main_~nondetString1~0.offset main_~length1~0))) (= 0 main_~nondetString1~0.offset))} #t~post8 := ~i~0;~i~0 := 1 + #t~post8;havoc #t~post8; {2309#(and (< 1 (+ main_~nondetString1~0.offset main_~length1~0)) (= 0 main_~nondetString1~0.offset) (or (<= (+ main_~nondetString1~0.offset main_~length1~0) 2) (<= main_~i~0 1)))} is VALID [2020-07-29 00:52:51,114 INFO L280 TraceCheckUtils]: 12: Hoare triple {2309#(and (< 1 (+ main_~nondetString1~0.offset main_~length1~0)) (= 0 main_~nondetString1~0.offset) (or (<= (+ main_~nondetString1~0.offset main_~length1~0) 2) (<= main_~i~0 1)))} assume !(~i~0 < ~length1~0 - 1); {2310#(and (= 0 main_~nondetString1~0.offset) (= 2 (+ main_~nondetString1~0.offset main_~length1~0)))} is VALID [2020-07-29 00:52:51,119 INFO L280 TraceCheckUtils]: 13: Hoare triple {2310#(and (= 0 main_~nondetString1~0.offset) (= 2 (+ main_~nondetString1~0.offset main_~length1~0)))} SUMMARY for call write~int(0, ~nondetString1~0.base, ~nondetString1~0.offset + (~length1~0 - 1), 1); srcloc: L533-4 {2311#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) 1)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:51,122 INFO L280 TraceCheckUtils]: 14: Hoare triple {2311#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) 1)) (= 0 main_~nondetString1~0.offset))} assume -2147483648 <= #t~nondet10 && #t~nondet10 <= 2147483647;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; {2311#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) 1)) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:52:51,124 INFO L263 TraceCheckUtils]: 15: Hoare triple {2311#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) 1)) (= 0 main_~nondetString1~0.offset))} call #t~ret12 := cstrreplace(~nondetString1~0.base, ~nondetString1~0.offset, (if #t~nondet10 % 256 <= 127 then #t~nondet10 % 256 else #t~nondet10 % 256 - 256), (if #t~nondet11 % 256 <= 127 then #t~nondet11 % 256 else #t~nondet11 % 256 - 256)); {2312#(and (= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) 1)) (= |cstrreplace_#in~s.offset| 0))} is VALID [2020-07-29 00:52:51,125 INFO L280 TraceCheckUtils]: 16: Hoare triple {2312#(and (= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) 1)) (= |cstrreplace_#in~s.offset| 0))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {2313#(and (= 0 cstrreplace_~p~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) 1)))} is VALID [2020-07-29 00:52:51,126 INFO L280 TraceCheckUtils]: 17: Hoare triple {2313#(and (= 0 cstrreplace_~p~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) 1)))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2313#(and (= 0 cstrreplace_~p~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) 1)))} is VALID [2020-07-29 00:52:51,126 INFO L280 TraceCheckUtils]: 18: Hoare triple {2313#(and (= 0 cstrreplace_~p~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) 1)))} assume !!(0 != #t~mem2);havoc #t~mem2; {2313#(and (= 0 cstrreplace_~p~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) 1)))} is VALID [2020-07-29 00:52:51,127 INFO L280 TraceCheckUtils]: 19: Hoare triple {2313#(and (= 0 cstrreplace_~p~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) 1)))} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2313#(and (= 0 cstrreplace_~p~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) 1)))} is VALID [2020-07-29 00:52:51,128 INFO L280 TraceCheckUtils]: 20: Hoare triple {2313#(and (= 0 cstrreplace_~p~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) 1)))} assume !(#t~mem3 == ~old);havoc #t~mem3; {2313#(and (= 0 cstrreplace_~p~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) 1)))} is VALID [2020-07-29 00:52:51,129 INFO L280 TraceCheckUtils]: 21: Hoare triple {2313#(and (= 0 cstrreplace_~p~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) 1)))} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2314#(and (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) cstrreplace_~p~0.offset)) (= 1 cstrreplace_~p~0.offset))} is VALID [2020-07-29 00:52:51,130 INFO L280 TraceCheckUtils]: 22: Hoare triple {2314#(and (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) cstrreplace_~p~0.offset)) (= 1 cstrreplace_~p~0.offset))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2315#(= |cstrreplace_#t~mem2| 0)} is VALID [2020-07-29 00:52:51,130 INFO L280 TraceCheckUtils]: 23: Hoare triple {2315#(= |cstrreplace_#t~mem2| 0)} assume !!(0 != #t~mem2);havoc #t~mem2; {2303#false} is VALID [2020-07-29 00:52:51,131 INFO L280 TraceCheckUtils]: 24: Hoare triple {2303#false} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2303#false} is VALID [2020-07-29 00:52:51,131 INFO L280 TraceCheckUtils]: 25: Hoare triple {2303#false} assume !(#t~mem3 == ~old);havoc #t~mem3; {2303#false} is VALID [2020-07-29 00:52:51,131 INFO L280 TraceCheckUtils]: 26: Hoare triple {2303#false} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2303#false} is VALID [2020-07-29 00:52:51,131 INFO L280 TraceCheckUtils]: 27: Hoare triple {2303#false} assume !(1 + ~p~0.offset <= #length[~p~0.base] && 0 <= ~p~0.offset); {2303#false} is VALID [2020-07-29 00:52:51,133 INFO L134 CoverageAnalysis]: Checked inductivity of 8 backedges. 5 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:51,134 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [925668771] [2020-07-29 00:52:51,134 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [146030286] [2020-07-29 00:52:51,134 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 4 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:52:51,230 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2020-07-29 00:52:51,230 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2020-07-29 00:52:51,232 INFO L263 TraceCheckSpWp]: Trace formula consists of 129 conjuncts, 30 conjunts are in the unsatisfiable core [2020-07-29 00:52:51,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:52:51,256 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 00:52:51,360 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 10 [2020-07-29 00:52:51,360 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:52:51,369 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:52:51,381 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2020-07-29 00:52:51,381 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 2 variables, input treesize:25, output treesize:21 [2020-07-29 00:52:51,387 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:52:51,387 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#memory_int_13|, main_~length1~0]. (and (= |#memory_int| (store |v_#memory_int_13| main_~nondetString1~0.base (store (select |v_#memory_int_13| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset main_~length1~0 (- 1)) 0))) (<= 2 main_~length1~0) (<= (+ main_~nondetString1~0.offset main_~length1~0) (select |#length| main_~nondetString1~0.base))) [2020-07-29 00:52:51,387 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [main_~length1~0]. (and (<= 2 main_~length1~0) (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset main_~length1~0 (- 1)))) (<= (+ main_~nondetString1~0.offset main_~length1~0) (select |#length| main_~nondetString1~0.base))) [2020-07-29 00:52:52,886 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:52:52,887 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 18 treesize of output 18 [2020-07-29 00:52:52,888 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 2 xjuncts. [2020-07-29 00:52:52,902 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:52:52,935 INFO L523 QuantifierPusher]: Distributing 2 conjuncts over 3 disjuncts [2020-07-29 00:52:52,989 INFO L523 QuantifierPusher]: Distributing 2 conjuncts over 2 disjuncts [2020-07-29 00:52:52,999 INFO L523 QuantifierPusher]: Distributing 2 conjuncts over 3 disjuncts [2020-07-29 00:52:53,044 INFO L544 ElimStorePlain]: Start of recursive call 1: 2 dim-0 vars, 1 dim-2 vars, End of recursive call: and 1 xjuncts. [2020-07-29 00:52:53,044 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 3 variables, input treesize:36, output treesize:31 [2020-07-29 00:52:53,047 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:52:53,047 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~length1~0, v_main_~nondetString1~0.offset_BEFORE_CALL_2]. (let ((.cse0 (select |#memory_int| cstrreplace_~p~0.base))) (and (<= 2 main_~length1~0) (<= 1 cstrreplace_~p~0.offset) (= |cstrreplace_#t~mem2| (select .cse0 cstrreplace_~p~0.offset)) (<= cstrreplace_~p~0.offset (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 1)) (= 0 (select .cse0 (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base)))) [2020-07-29 00:52:53,047 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (<= 1 cstrreplace_~p~0.offset) (let ((.cse1 (select |#length| cstrreplace_~p~0.base))) (let ((.cse0 (<= (+ cstrreplace_~p~0.offset 1) .cse1))) (or (and (= |cstrreplace_#t~mem2| 0) .cse0) (and (<= (+ cstrreplace_~p~0.offset 2) .cse1) .cse0))))) [2020-07-29 00:52:53,129 INFO L523 QuantifierPusher]: Distributing 2 conjuncts over 2 disjuncts [2020-07-29 00:52:53,212 INFO L263 TraceCheckUtils]: 0: Hoare triple {2302#true} call ULTIMATE.init(); {2302#true} is VALID [2020-07-29 00:52:53,213 INFO L280 TraceCheckUtils]: 1: Hoare triple {2302#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2302#true} is VALID [2020-07-29 00:52:53,213 INFO L280 TraceCheckUtils]: 2: Hoare triple {2302#true} assume true; {2302#true} is VALID [2020-07-29 00:52:53,214 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2302#true} {2302#true} #83#return; {2302#true} is VALID [2020-07-29 00:52:53,214 INFO L263 TraceCheckUtils]: 4: Hoare triple {2302#true} call #t~ret13 := main(); {2302#true} is VALID [2020-07-29 00:52:53,214 INFO L280 TraceCheckUtils]: 5: Hoare triple {2302#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {2302#true} is VALID [2020-07-29 00:52:53,214 INFO L280 TraceCheckUtils]: 6: Hoare triple {2302#true} assume !(~length1~0 < 1); {2302#true} is VALID [2020-07-29 00:52:53,215 INFO L280 TraceCheckUtils]: 7: Hoare triple {2302#true} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {2341#(<= 0 main_~i~0)} is VALID [2020-07-29 00:52:53,216 INFO L280 TraceCheckUtils]: 8: Hoare triple {2341#(<= 0 main_~i~0)} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {2345#(<= 2 main_~length1~0)} is VALID [2020-07-29 00:52:53,216 INFO L280 TraceCheckUtils]: 9: Hoare triple {2345#(<= 2 main_~length1~0)} SUMMARY for call write~int(#t~nondet9, ~nondetString1~0.base, ~nondetString1~0.offset + ~i~0, 1); srcloc: L535 {2345#(<= 2 main_~length1~0)} is VALID [2020-07-29 00:52:53,216 INFO L280 TraceCheckUtils]: 10: Hoare triple {2345#(<= 2 main_~length1~0)} havoc #t~nondet9; {2345#(<= 2 main_~length1~0)} is VALID [2020-07-29 00:52:53,217 INFO L280 TraceCheckUtils]: 11: Hoare triple {2345#(<= 2 main_~length1~0)} #t~post8 := ~i~0;~i~0 := 1 + #t~post8;havoc #t~post8; {2345#(<= 2 main_~length1~0)} is VALID [2020-07-29 00:52:53,217 INFO L280 TraceCheckUtils]: 12: Hoare triple {2345#(<= 2 main_~length1~0)} assume !(~i~0 < ~length1~0 - 1); {2345#(<= 2 main_~length1~0)} is VALID [2020-07-29 00:52:53,218 INFO L280 TraceCheckUtils]: 13: Hoare triple {2345#(<= 2 main_~length1~0)} SUMMARY for call write~int(0, ~nondetString1~0.base, ~nondetString1~0.offset + (~length1~0 - 1), 1); srcloc: L533-4 {2361#(exists ((main_~length1~0 Int)) (and (<= 2 main_~length1~0) (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset main_~length1~0 (- 1)))) (<= (+ main_~nondetString1~0.offset main_~length1~0) (select |#length| main_~nondetString1~0.base))))} is VALID [2020-07-29 00:52:53,219 INFO L280 TraceCheckUtils]: 14: Hoare triple {2361#(exists ((main_~length1~0 Int)) (and (<= 2 main_~length1~0) (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset main_~length1~0 (- 1)))) (<= (+ main_~nondetString1~0.offset main_~length1~0) (select |#length| main_~nondetString1~0.base))))} assume -2147483648 <= #t~nondet10 && #t~nondet10 <= 2147483647;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; {2361#(exists ((main_~length1~0 Int)) (and (<= 2 main_~length1~0) (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset main_~length1~0 (- 1)))) (<= (+ main_~nondetString1~0.offset main_~length1~0) (select |#length| main_~nondetString1~0.base))))} is VALID [2020-07-29 00:52:53,230 INFO L263 TraceCheckUtils]: 15: Hoare triple {2361#(exists ((main_~length1~0 Int)) (and (<= 2 main_~length1~0) (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset main_~length1~0 (- 1)))) (<= (+ main_~nondetString1~0.offset main_~length1~0) (select |#length| main_~nondetString1~0.base))))} call #t~ret12 := cstrreplace(~nondetString1~0.base, ~nondetString1~0.offset, (if #t~nondet10 % 256 <= 127 then #t~nondet10 % 256 else #t~nondet10 % 256 - 256), (if #t~nondet11 % 256 <= 127 then #t~nondet11 % 256 else #t~nondet11 % 256 - 256)); {2368#(exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= 2 main_~length1~0) (<= |cstrreplace_#in~s.offset| v_main_~nondetString1~0.offset_BEFORE_CALL_2) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| |cstrreplace_#in~s.base|))))} is VALID [2020-07-29 00:52:53,248 INFO L280 TraceCheckUtils]: 16: Hoare triple {2368#(exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= 2 main_~length1~0) (<= |cstrreplace_#in~s.offset| v_main_~nondetString1~0.offset_BEFORE_CALL_2) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| |cstrreplace_#in~s.base|))))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {2372#(exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset v_main_~nondetString1~0.offset_BEFORE_CALL_2) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base))))} is VALID [2020-07-29 00:52:53,250 INFO L280 TraceCheckUtils]: 17: Hoare triple {2372#(exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset v_main_~nondetString1~0.offset_BEFORE_CALL_2) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base))))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2376#(and (<= 0 cstrreplace_~p~0.offset) (exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset v_main_~nondetString1~0.offset_BEFORE_CALL_2) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base)))))} is VALID [2020-07-29 00:52:53,251 INFO L280 TraceCheckUtils]: 18: Hoare triple {2376#(and (<= 0 cstrreplace_~p~0.offset) (exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset v_main_~nondetString1~0.offset_BEFORE_CALL_2) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base)))))} assume !!(0 != #t~mem2);havoc #t~mem2; {2376#(and (<= 0 cstrreplace_~p~0.offset) (exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset v_main_~nondetString1~0.offset_BEFORE_CALL_2) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base)))))} is VALID [2020-07-29 00:52:53,251 INFO L280 TraceCheckUtils]: 19: Hoare triple {2376#(and (<= 0 cstrreplace_~p~0.offset) (exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset v_main_~nondetString1~0.offset_BEFORE_CALL_2) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base)))))} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2376#(and (<= 0 cstrreplace_~p~0.offset) (exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset v_main_~nondetString1~0.offset_BEFORE_CALL_2) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base)))))} is VALID [2020-07-29 00:52:53,252 INFO L280 TraceCheckUtils]: 20: Hoare triple {2376#(and (<= 0 cstrreplace_~p~0.offset) (exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset v_main_~nondetString1~0.offset_BEFORE_CALL_2) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base)))))} assume !(#t~mem3 == ~old);havoc #t~mem3; {2376#(and (<= 0 cstrreplace_~p~0.offset) (exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset v_main_~nondetString1~0.offset_BEFORE_CALL_2) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base)))))} is VALID [2020-07-29 00:52:53,275 INFO L280 TraceCheckUtils]: 21: Hoare triple {2376#(and (<= 0 cstrreplace_~p~0.offset) (exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset v_main_~nondetString1~0.offset_BEFORE_CALL_2) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base)))))} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2389#(and (<= 1 cstrreplace_~p~0.offset) (exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 1)) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base)))))} is VALID [2020-07-29 00:52:53,277 INFO L280 TraceCheckUtils]: 22: Hoare triple {2389#(and (<= 1 cstrreplace_~p~0.offset) (exists ((v_main_~nondetString1~0.offset_BEFORE_CALL_2 Int) (main_~length1~0 Int)) (and (<= 2 main_~length1~0) (<= cstrreplace_~p~0.offset (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 1)) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0 (- 1)))) (<= (+ v_main_~nondetString1~0.offset_BEFORE_CALL_2 main_~length1~0) (select |#length| cstrreplace_~p~0.base)))))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2393#(and (or (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)) (and (= |cstrreplace_#t~mem2| 0) (<= (+ cstrreplace_~p~0.offset 1) (select |#length| cstrreplace_~p~0.base)))) (<= 1 cstrreplace_~p~0.offset))} is VALID [2020-07-29 00:52:53,278 INFO L280 TraceCheckUtils]: 23: Hoare triple {2393#(and (or (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)) (and (= |cstrreplace_#t~mem2| 0) (<= (+ cstrreplace_~p~0.offset 1) (select |#length| cstrreplace_~p~0.base)))) (<= 1 cstrreplace_~p~0.offset))} assume !!(0 != #t~mem2);havoc #t~mem2; {2397#(and (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)) (<= 1 cstrreplace_~p~0.offset))} is VALID [2020-07-29 00:52:53,278 INFO L280 TraceCheckUtils]: 24: Hoare triple {2397#(and (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)) (<= 1 cstrreplace_~p~0.offset))} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2397#(and (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)) (<= 1 cstrreplace_~p~0.offset))} is VALID [2020-07-29 00:52:53,280 INFO L280 TraceCheckUtils]: 25: Hoare triple {2397#(and (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)) (<= 1 cstrreplace_~p~0.offset))} assume !(#t~mem3 == ~old);havoc #t~mem3; {2397#(and (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)) (<= 1 cstrreplace_~p~0.offset))} is VALID [2020-07-29 00:52:53,281 INFO L280 TraceCheckUtils]: 26: Hoare triple {2397#(and (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)) (<= 1 cstrreplace_~p~0.offset))} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2407#(and (<= 2 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 1) (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:52:53,282 INFO L280 TraceCheckUtils]: 27: Hoare triple {2407#(and (<= 2 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 1) (select |#length| cstrreplace_~p~0.base)))} assume !(1 + ~p~0.offset <= #length[~p~0.base] && 0 <= ~p~0.offset); {2303#false} is VALID [2020-07-29 00:52:53,285 INFO L134 CoverageAnalysis]: Checked inductivity of 8 backedges. 0 proven. 8 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:52:53,286 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-29 00:52:53,286 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 11] total 22 [2020-07-29 00:52:53,286 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1982401215] [2020-07-29 00:52:53,286 INFO L78 Accepts]: Start accepts. Automaton has 22 states. Word has length 28 [2020-07-29 00:52:53,287 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:52:53,287 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 22 states. [2020-07-29 00:52:55,499 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 51 edges. 50 inductive. 0 not inductive. 1 times theorem prover too weak to decide inductivity. [2020-07-29 00:52:55,500 INFO L459 AbstractCegarLoop]: Interpolant automaton has 22 states [2020-07-29 00:52:55,500 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:52:55,500 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 22 interpolants. [2020-07-29 00:52:55,501 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=50, Invalid=412, Unknown=0, NotChecked=0, Total=462 [2020-07-29 00:52:55,501 INFO L87 Difference]: Start difference. First operand 39 states and 43 transitions. Second operand 22 states. [2020-07-29 00:53:01,848 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:53:01,849 INFO L93 Difference]: Finished difference Result 69 states and 75 transitions. [2020-07-29 00:53:01,849 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 22 states. [2020-07-29 00:53:01,849 INFO L78 Accepts]: Start accepts. Automaton has 22 states. Word has length 28 [2020-07-29 00:53:01,850 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:53:01,850 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 22 states. [2020-07-29 00:53:01,852 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 22 states to 22 states and 79 transitions. [2020-07-29 00:53:01,852 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 22 states. [2020-07-29 00:53:01,853 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 22 states to 22 states and 79 transitions. [2020-07-29 00:53:01,854 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 22 states and 79 transitions. [2020-07-29 00:53:09,010 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 79 edges. 75 inductive. 0 not inductive. 4 times theorem prover too weak to decide inductivity. [2020-07-29 00:53:09,011 INFO L225 Difference]: With dead ends: 69 [2020-07-29 00:53:09,011 INFO L226 Difference]: Without dead ends: 56 [2020-07-29 00:53:09,013 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 58 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 38 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 243 ImplicationChecksByTransitivity, 1.6s TimeCoverageRelationStatistics Valid=187, Invalid=1373, Unknown=0, NotChecked=0, Total=1560 [2020-07-29 00:53:09,013 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 56 states. [2020-07-29 00:53:09,015 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 56 to 50. [2020-07-29 00:53:09,015 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:53:09,016 INFO L82 GeneralOperation]: Start isEquivalent. First operand 56 states. Second operand 50 states. [2020-07-29 00:53:09,016 INFO L74 IsIncluded]: Start isIncluded. First operand 56 states. Second operand 50 states. [2020-07-29 00:53:09,016 INFO L87 Difference]: Start difference. First operand 56 states. Second operand 50 states. [2020-07-29 00:53:09,018 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:53:09,018 INFO L93 Difference]: Finished difference Result 56 states and 61 transitions. [2020-07-29 00:53:09,018 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 61 transitions. [2020-07-29 00:53:09,018 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:53:09,019 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:53:09,019 INFO L74 IsIncluded]: Start isIncluded. First operand 50 states. Second operand 56 states. [2020-07-29 00:53:09,019 INFO L87 Difference]: Start difference. First operand 50 states. Second operand 56 states. [2020-07-29 00:53:09,021 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:53:09,021 INFO L93 Difference]: Finished difference Result 56 states and 61 transitions. [2020-07-29 00:53:09,021 INFO L276 IsEmpty]: Start isEmpty. Operand 56 states and 61 transitions. [2020-07-29 00:53:09,021 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:53:09,021 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:53:09,022 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:53:09,022 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:53:09,022 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 50 states. [2020-07-29 00:53:09,023 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 50 states to 50 states and 55 transitions. [2020-07-29 00:53:09,023 INFO L78 Accepts]: Start accepts. Automaton has 50 states and 55 transitions. Word has length 28 [2020-07-29 00:53:09,023 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:53:09,023 INFO L479 AbstractCegarLoop]: Abstraction has 50 states and 55 transitions. [2020-07-29 00:53:09,023 INFO L480 AbstractCegarLoop]: Interpolant automaton has 22 states. [2020-07-29 00:53:09,023 INFO L276 IsEmpty]: Start isEmpty. Operand 50 states and 55 transitions. [2020-07-29 00:53:09,024 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2020-07-29 00:53:09,024 INFO L414 BasicCegarLoop]: Found error trace [2020-07-29 00:53:09,024 INFO L422 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2020-07-29 00:53:09,228 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable11 [2020-07-29 00:53:09,229 INFO L427 AbstractCegarLoop]: === Iteration 13 === [cstrreplaceErr2REQUIRES_VIOLATION, cstrreplaceErr3REQUIRES_VIOLATION, cstrreplaceErr4REQUIRES_VIOLATION, cstrreplaceErr5REQUIRES_VIOLATION, cstrreplaceErr0REQUIRES_VIOLATION, cstrreplaceErr1REQUIRES_VIOLATION, mainErr2REQUIRES_VIOLATION, mainErr3REQUIRES_VIOLATION, mainErr4ENSURES_VIOLATIONMEMORY_LEAK, mainErr0REQUIRES_VIOLATION, mainErr1REQUIRES_VIOLATION]=== [2020-07-29 00:53:09,230 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2020-07-29 00:53:09,230 INFO L82 PathProgramCache]: Analyzing trace with hash -227169609, now seen corresponding path program 3 times [2020-07-29 00:53:09,230 INFO L163 FreeRefinementEngine]: Executing refinement strategy CAMEL [2020-07-29 00:53:09,231 INFO L354 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [82236040] [2020-07-29 00:53:09,232 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2020-07-29 00:53:09,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:53:09,506 INFO L375 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 0 [2020-07-29 00:53:09,507 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:53:09,516 INFO L280 TraceCheckUtils]: 0: Hoare triple {2693#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2677#true} is VALID [2020-07-29 00:53:09,517 INFO L280 TraceCheckUtils]: 1: Hoare triple {2677#true} assume true; {2677#true} is VALID [2020-07-29 00:53:09,517 INFO L275 TraceCheckUtils]: 2: Hoare quadruple {2677#true} {2677#true} #83#return; {2677#true} is VALID [2020-07-29 00:53:09,518 INFO L263 TraceCheckUtils]: 0: Hoare triple {2677#true} call ULTIMATE.init(); {2693#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} is VALID [2020-07-29 00:53:09,518 INFO L280 TraceCheckUtils]: 1: Hoare triple {2693#(and (= |#valid| |old(#valid)|) (= |#NULL.base| |old(#NULL.base)|) (= |#NULL.offset| |old(#NULL.offset)|))} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2677#true} is VALID [2020-07-29 00:53:09,518 INFO L280 TraceCheckUtils]: 2: Hoare triple {2677#true} assume true; {2677#true} is VALID [2020-07-29 00:53:09,518 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2677#true} {2677#true} #83#return; {2677#true} is VALID [2020-07-29 00:53:09,518 INFO L263 TraceCheckUtils]: 4: Hoare triple {2677#true} call #t~ret13 := main(); {2677#true} is VALID [2020-07-29 00:53:09,519 INFO L280 TraceCheckUtils]: 5: Hoare triple {2677#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {2677#true} is VALID [2020-07-29 00:53:09,519 INFO L280 TraceCheckUtils]: 6: Hoare triple {2677#true} assume !(~length1~0 < 1); {2677#true} is VALID [2020-07-29 00:53:09,519 INFO L280 TraceCheckUtils]: 7: Hoare triple {2677#true} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {2682#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:09,520 INFO L280 TraceCheckUtils]: 8: Hoare triple {2682#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {2682#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:09,521 INFO L280 TraceCheckUtils]: 9: Hoare triple {2682#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(#t~nondet9, ~nondetString1~0.base, ~nondetString1~0.offset + ~i~0, 1); srcloc: L535 {2682#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:09,521 INFO L280 TraceCheckUtils]: 10: Hoare triple {2682#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} havoc #t~nondet9; {2682#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:09,522 INFO L280 TraceCheckUtils]: 11: Hoare triple {2682#(and (= 0 main_~i~0) (= 0 main_~nondetString1~0.offset))} #t~post8 := ~i~0;~i~0 := 1 + #t~post8;havoc #t~post8; {2683#(and (= 0 main_~nondetString1~0.offset) (<= main_~i~0 1) (<= 1 main_~i~0))} is VALID [2020-07-29 00:53:09,522 INFO L280 TraceCheckUtils]: 12: Hoare triple {2683#(and (= 0 main_~nondetString1~0.offset) (<= main_~i~0 1) (<= 1 main_~i~0))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {2684#(and (<= 3 main_~length1~0) (= 0 main_~nondetString1~0.offset) (<= main_~i~0 1))} is VALID [2020-07-29 00:53:09,523 INFO L280 TraceCheckUtils]: 13: Hoare triple {2684#(and (<= 3 main_~length1~0) (= 0 main_~nondetString1~0.offset) (<= main_~i~0 1))} SUMMARY for call write~int(#t~nondet9, ~nondetString1~0.base, ~nondetString1~0.offset + ~i~0, 1); srcloc: L535 {2684#(and (<= 3 main_~length1~0) (= 0 main_~nondetString1~0.offset) (<= main_~i~0 1))} is VALID [2020-07-29 00:53:09,524 INFO L280 TraceCheckUtils]: 14: Hoare triple {2684#(and (<= 3 main_~length1~0) (= 0 main_~nondetString1~0.offset) (<= main_~i~0 1))} havoc #t~nondet9; {2684#(and (<= 3 main_~length1~0) (= 0 main_~nondetString1~0.offset) (<= main_~i~0 1))} is VALID [2020-07-29 00:53:09,526 INFO L280 TraceCheckUtils]: 15: Hoare triple {2684#(and (<= 3 main_~length1~0) (= 0 main_~nondetString1~0.offset) (<= main_~i~0 1))} #t~post8 := ~i~0;~i~0 := 1 + #t~post8;havoc #t~post8; {2685#(and (<= 3 main_~length1~0) (<= main_~i~0 2) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:09,527 INFO L280 TraceCheckUtils]: 16: Hoare triple {2685#(and (<= 3 main_~length1~0) (<= main_~i~0 2) (= 0 main_~nondetString1~0.offset))} assume !(~i~0 < ~length1~0 - 1); {2686#(and (<= 3 main_~length1~0) (<= main_~length1~0 3) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:09,528 INFO L280 TraceCheckUtils]: 17: Hoare triple {2686#(and (<= 3 main_~length1~0) (<= main_~length1~0 3) (= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(0, ~nondetString1~0.base, ~nondetString1~0.offset + (~length1~0 - 1), 1); srcloc: L533-4 {2687#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset 2))) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:09,529 INFO L280 TraceCheckUtils]: 18: Hoare triple {2687#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset 2))) (= 0 main_~nondetString1~0.offset))} assume -2147483648 <= #t~nondet10 && #t~nondet10 <= 2147483647;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; {2687#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset 2))) (= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:09,531 INFO L263 TraceCheckUtils]: 19: Hoare triple {2687#(and (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset 2))) (= 0 main_~nondetString1~0.offset))} call #t~ret12 := cstrreplace(~nondetString1~0.base, ~nondetString1~0.offset, (if #t~nondet10 % 256 <= 127 then #t~nondet10 % 256 else #t~nondet10 % 256 - 256), (if #t~nondet11 % 256 <= 127 then #t~nondet11 % 256 else #t~nondet11 % 256 - 256)); {2688#(and (= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) 2)) (= |cstrreplace_#in~s.offset| 0))} is VALID [2020-07-29 00:53:09,532 INFO L280 TraceCheckUtils]: 20: Hoare triple {2688#(and (= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) 2)) (= |cstrreplace_#in~s.offset| 0))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {2689#(and (= 0 cstrreplace_~p~0.offset) (= (select (select |#memory_int| cstrreplace_~p~0.base) 2) 0))} is VALID [2020-07-29 00:53:09,532 INFO L280 TraceCheckUtils]: 21: Hoare triple {2689#(and (= 0 cstrreplace_~p~0.offset) (= (select (select |#memory_int| cstrreplace_~p~0.base) 2) 0))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2689#(and (= 0 cstrreplace_~p~0.offset) (= (select (select |#memory_int| cstrreplace_~p~0.base) 2) 0))} is VALID [2020-07-29 00:53:09,533 INFO L280 TraceCheckUtils]: 22: Hoare triple {2689#(and (= 0 cstrreplace_~p~0.offset) (= (select (select |#memory_int| cstrreplace_~p~0.base) 2) 0))} assume !!(0 != #t~mem2);havoc #t~mem2; {2689#(and (= 0 cstrreplace_~p~0.offset) (= (select (select |#memory_int| cstrreplace_~p~0.base) 2) 0))} is VALID [2020-07-29 00:53:09,534 INFO L280 TraceCheckUtils]: 23: Hoare triple {2689#(and (= 0 cstrreplace_~p~0.offset) (= (select (select |#memory_int| cstrreplace_~p~0.base) 2) 0))} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2689#(and (= 0 cstrreplace_~p~0.offset) (= (select (select |#memory_int| cstrreplace_~p~0.base) 2) 0))} is VALID [2020-07-29 00:53:09,535 INFO L280 TraceCheckUtils]: 24: Hoare triple {2689#(and (= 0 cstrreplace_~p~0.offset) (= (select (select |#memory_int| cstrreplace_~p~0.base) 2) 0))} assume !(#t~mem3 == ~old);havoc #t~mem3; {2689#(and (= 0 cstrreplace_~p~0.offset) (= (select (select |#memory_int| cstrreplace_~p~0.base) 2) 0))} is VALID [2020-07-29 00:53:09,536 INFO L280 TraceCheckUtils]: 25: Hoare triple {2689#(and (= 0 cstrreplace_~p~0.offset) (= (select (select |#memory_int| cstrreplace_~p~0.base) 2) 0))} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2690#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ cstrreplace_~p~0.offset 1)))} is VALID [2020-07-29 00:53:09,537 INFO L280 TraceCheckUtils]: 26: Hoare triple {2690#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ cstrreplace_~p~0.offset 1)))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2690#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ cstrreplace_~p~0.offset 1)))} is VALID [2020-07-29 00:53:09,537 INFO L280 TraceCheckUtils]: 27: Hoare triple {2690#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ cstrreplace_~p~0.offset 1)))} assume !!(0 != #t~mem2);havoc #t~mem2; {2690#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ cstrreplace_~p~0.offset 1)))} is VALID [2020-07-29 00:53:09,538 INFO L280 TraceCheckUtils]: 28: Hoare triple {2690#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ cstrreplace_~p~0.offset 1)))} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2690#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ cstrreplace_~p~0.offset 1)))} is VALID [2020-07-29 00:53:09,539 INFO L280 TraceCheckUtils]: 29: Hoare triple {2690#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ cstrreplace_~p~0.offset 1)))} assume !(#t~mem3 == ~old);havoc #t~mem3; {2690#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ cstrreplace_~p~0.offset 1)))} is VALID [2020-07-29 00:53:09,540 INFO L280 TraceCheckUtils]: 30: Hoare triple {2690#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ cstrreplace_~p~0.offset 1)))} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2691#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) cstrreplace_~p~0.offset))} is VALID [2020-07-29 00:53:09,541 INFO L280 TraceCheckUtils]: 31: Hoare triple {2691#(= 0 (select (select |#memory_int| cstrreplace_~p~0.base) cstrreplace_~p~0.offset))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2692#(= |cstrreplace_#t~mem2| 0)} is VALID [2020-07-29 00:53:09,541 INFO L280 TraceCheckUtils]: 32: Hoare triple {2692#(= |cstrreplace_#t~mem2| 0)} assume !!(0 != #t~mem2);havoc #t~mem2; {2678#false} is VALID [2020-07-29 00:53:09,542 INFO L280 TraceCheckUtils]: 33: Hoare triple {2678#false} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2678#false} is VALID [2020-07-29 00:53:09,542 INFO L280 TraceCheckUtils]: 34: Hoare triple {2678#false} assume !(#t~mem3 == ~old);havoc #t~mem3; {2678#false} is VALID [2020-07-29 00:53:09,542 INFO L280 TraceCheckUtils]: 35: Hoare triple {2678#false} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2678#false} is VALID [2020-07-29 00:53:09,542 INFO L280 TraceCheckUtils]: 36: Hoare triple {2678#false} assume !(1 + ~p~0.offset <= #length[~p~0.base] && 0 <= ~p~0.offset); {2678#false} is VALID [2020-07-29 00:53:09,546 INFO L134 CoverageAnalysis]: Checked inductivity of 24 backedges. 9 proven. 15 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2020-07-29 00:53:09,546 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [82236040] [2020-07-29 00:53:09,546 INFO L354 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1793282295] [2020-07-29 00:53:09,546 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 Starting monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) Waiting until toolchain timeout for monitored process 5 with z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:53:09,647 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 4 check-sat command(s) [2020-07-29 00:53:09,647 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2020-07-29 00:53:09,649 INFO L263 TraceCheckSpWp]: Trace formula consists of 158 conjuncts, 29 conjunts are in the unsatisfiable core [2020-07-29 00:53:09,663 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2020-07-29 00:53:09,665 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2020-07-29 00:53:09,700 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2020-07-29 00:53:09,701 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:53:09,708 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:53:09,708 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-1 vars, End of recursive call: and 1 xjuncts. [2020-07-29 00:53:09,708 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 1 variables, input treesize:10, output treesize:9 [2020-07-29 00:53:09,711 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:53:09,711 WARN L407 uantifierElimination]: Input elimination task: ∃ [|v_#length_16|]. (and (= |#length| (store |v_#length_16| main_~nondetString1~0.base main_~length1~0)) (<= 0 main_~nondetString1~0.offset)) [2020-07-29 00:53:09,711 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset)) [2020-07-29 00:53:09,807 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 16 treesize of output 12 [2020-07-29 00:53:09,808 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 1 xjuncts. [2020-07-29 00:53:09,821 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:53:09,832 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: 1 dim-0 vars, and 1 xjuncts. [2020-07-29 00:53:09,832 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 2 variables, input treesize:23, output treesize:19 [2020-07-29 00:53:09,836 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:53:09,837 WARN L407 uantifierElimination]: Input elimination task: ∃ [main_~nondetString1~0.offset, |v_#memory_int_14|]. (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= (store |v_#memory_int_14| main_~nondetString1~0.base (store (select |v_#memory_int_14| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset (select |#length| main_~nondetString1~0.base) (- 1)) 0)) |#memory_int|)) [2020-07-29 00:53:09,837 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ [main_~nondetString1~0.offset]. (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset (select |#length| main_~nondetString1~0.base) (- 1))))) [2020-07-29 00:53:10,617 INFO L350 Elim1Store]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:53:10,618 INFO L384 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 20 treesize of output 20 [2020-07-29 00:53:10,619 INFO L544 ElimStorePlain]: Start of recursive call 2: End of recursive call: and 2 xjuncts. [2020-07-29 00:53:10,630 INFO L624 ElimStorePlain]: treesize reduction 0, result has 100.0 percent of original size [2020-07-29 00:53:10,642 INFO L523 QuantifierPusher]: Distributing 2 conjuncts over 3 disjuncts [2020-07-29 00:53:10,676 INFO L544 ElimStorePlain]: Start of recursive call 1: 1 dim-0 vars, 1 dim-2 vars, End of recursive call: and 3 xjuncts. [2020-07-29 00:53:10,676 INFO L244 ElimStorePlain]: Needed 2 recursive calls to eliminate 2 variables, input treesize:26, output treesize:16 [2020-07-29 00:53:10,679 WARN L406 uantifierElimination]: Trying to double check SDD result, but SMT solver's response was UNKNOWN. [2020-07-29 00:53:10,679 WARN L407 uantifierElimination]: Input elimination task: ∃ [|#memory_int|, main_~nondetString1~0.offset]. (let ((.cse0 (select |#memory_int| cstrreplace_~p~0.base))) (and (<= main_~nondetString1~0.offset 0) (= |cstrreplace_#t~mem2| (select .cse0 cstrreplace_~p~0.offset)) (<= 0 main_~nondetString1~0.offset) (= 0 (select .cse0 (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1)))))) [2020-07-29 00:53:10,679 WARN L408 uantifierElimination]: ElimStorePlain result: ∃ []. (let ((.cse0 (select |#length| cstrreplace_~p~0.base))) (or (<= .cse0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) .cse0) (= |cstrreplace_#t~mem2| 0))) [2020-07-29 00:53:10,741 INFO L523 QuantifierPusher]: Distributing 3 conjuncts over 2 disjuncts [2020-07-29 00:53:10,893 INFO L263 TraceCheckUtils]: 0: Hoare triple {2677#true} call ULTIMATE.init(); {2677#true} is VALID [2020-07-29 00:53:10,894 INFO L280 TraceCheckUtils]: 1: Hoare triple {2677#true} #NULL.base, #NULL.offset := 0, 0;#valid := #valid[0 := 0];assume 0 < #StackHeapBarrier; {2677#true} is VALID [2020-07-29 00:53:10,894 INFO L280 TraceCheckUtils]: 2: Hoare triple {2677#true} assume true; {2677#true} is VALID [2020-07-29 00:53:10,895 INFO L275 TraceCheckUtils]: 3: Hoare quadruple {2677#true} {2677#true} #83#return; {2677#true} is VALID [2020-07-29 00:53:10,895 INFO L263 TraceCheckUtils]: 4: Hoare triple {2677#true} call #t~ret13 := main(); {2677#true} is VALID [2020-07-29 00:53:10,895 INFO L280 TraceCheckUtils]: 5: Hoare triple {2677#true} assume -2147483648 <= #t~nondet6 && #t~nondet6 <= 2147483647;~length1~0 := #t~nondet6;havoc #t~nondet6; {2677#true} is VALID [2020-07-29 00:53:10,896 INFO L280 TraceCheckUtils]: 6: Hoare triple {2677#true} assume !(~length1~0 < 1); {2677#true} is VALID [2020-07-29 00:53:10,898 INFO L280 TraceCheckUtils]: 7: Hoare triple {2677#true} call #t~malloc7.base, #t~malloc7.offset := #Ultimate.allocOnStack(~length1~0);~nondetString1~0.base, ~nondetString1~0.offset := #t~malloc7.base, #t~malloc7.offset;~i~0 := 0; {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:10,898 INFO L280 TraceCheckUtils]: 8: Hoare triple {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:10,899 INFO L280 TraceCheckUtils]: 9: Hoare triple {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(#t~nondet9, ~nondetString1~0.base, ~nondetString1~0.offset + ~i~0, 1); srcloc: L535 {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:10,899 INFO L280 TraceCheckUtils]: 10: Hoare triple {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} havoc #t~nondet9; {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:10,900 INFO L280 TraceCheckUtils]: 11: Hoare triple {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} #t~post8 := ~i~0;~i~0 := 1 + #t~post8;havoc #t~post8; {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:10,901 INFO L280 TraceCheckUtils]: 12: Hoare triple {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} assume !!(~i~0 < ~length1~0 - 1);assume -128 <= #t~nondet9 && #t~nondet9 <= 127; {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:10,901 INFO L280 TraceCheckUtils]: 13: Hoare triple {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(#t~nondet9, ~nondetString1~0.base, ~nondetString1~0.offset + ~i~0, 1); srcloc: L535 {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:10,902 INFO L280 TraceCheckUtils]: 14: Hoare triple {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} havoc #t~nondet9; {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:10,902 INFO L280 TraceCheckUtils]: 15: Hoare triple {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} #t~post8 := ~i~0;~i~0 := 1 + #t~post8;havoc #t~post8; {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:10,903 INFO L280 TraceCheckUtils]: 16: Hoare triple {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} assume !(~i~0 < ~length1~0 - 1); {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} is VALID [2020-07-29 00:53:10,905 INFO L280 TraceCheckUtils]: 17: Hoare triple {2718#(and (= (select |#length| main_~nondetString1~0.base) main_~length1~0) (<= 0 main_~nondetString1~0.offset))} SUMMARY for call write~int(0, ~nondetString1~0.base, ~nondetString1~0.offset + (~length1~0 - 1), 1); srcloc: L533-4 {2749#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset (select |#length| main_~nondetString1~0.base) (- 1))))))} is VALID [2020-07-29 00:53:10,905 INFO L280 TraceCheckUtils]: 18: Hoare triple {2749#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset (select |#length| main_~nondetString1~0.base) (- 1))))))} assume -2147483648 <= #t~nondet10 && #t~nondet10 <= 2147483647;assume -2147483648 <= #t~nondet11 && #t~nondet11 <= 2147483647; {2749#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset (select |#length| main_~nondetString1~0.base) (- 1))))))} is VALID [2020-07-29 00:53:10,907 INFO L263 TraceCheckUtils]: 19: Hoare triple {2749#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| main_~nondetString1~0.base) (+ main_~nondetString1~0.offset (select |#length| main_~nondetString1~0.base) (- 1))))))} call #t~ret12 := cstrreplace(~nondetString1~0.base, ~nondetString1~0.offset, (if #t~nondet10 % 256 <= 127 then #t~nondet10 % 256 else #t~nondet10 % 256 - 256), (if #t~nondet11 % 256 <= 127 then #t~nondet11 % 256 else #t~nondet11 % 256 - 256)); {2756#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) (+ (select |#length| |cstrreplace_#in~s.base|) main_~nondetString1~0.offset (- 1)))) (<= 0 main_~nondetString1~0.offset)))} is VALID [2020-07-29 00:53:10,909 INFO L280 TraceCheckUtils]: 20: Hoare triple {2756#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (= 0 (select (select |#memory_int| |cstrreplace_#in~s.base|) (+ (select |#length| |cstrreplace_#in~s.base|) main_~nondetString1~0.offset (- 1)))) (<= 0 main_~nondetString1~0.offset)))} ~s.base, ~s.offset := #in~s.base, #in~s.offset;~old := #in~old;~new := #in~new;~p~0.base, ~p~0.offset := ~s.base, ~s.offset;~numReplaced~0 := 0; {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} is VALID [2020-07-29 00:53:10,909 INFO L280 TraceCheckUtils]: 21: Hoare triple {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} is VALID [2020-07-29 00:53:10,910 INFO L280 TraceCheckUtils]: 22: Hoare triple {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} assume !!(0 != #t~mem2);havoc #t~mem2; {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} is VALID [2020-07-29 00:53:10,910 INFO L280 TraceCheckUtils]: 23: Hoare triple {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} is VALID [2020-07-29 00:53:10,911 INFO L280 TraceCheckUtils]: 24: Hoare triple {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} assume !(#t~mem3 == ~old);havoc #t~mem3; {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} is VALID [2020-07-29 00:53:10,912 INFO L280 TraceCheckUtils]: 25: Hoare triple {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} is VALID [2020-07-29 00:53:10,912 INFO L280 TraceCheckUtils]: 26: Hoare triple {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} is VALID [2020-07-29 00:53:10,913 INFO L280 TraceCheckUtils]: 27: Hoare triple {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} assume !!(0 != #t~mem2);havoc #t~mem2; {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} is VALID [2020-07-29 00:53:10,913 INFO L280 TraceCheckUtils]: 28: Hoare triple {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} is VALID [2020-07-29 00:53:10,914 INFO L280 TraceCheckUtils]: 29: Hoare triple {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} assume !(#t~mem3 == ~old);havoc #t~mem3; {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} is VALID [2020-07-29 00:53:10,914 INFO L280 TraceCheckUtils]: 30: Hoare triple {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} is VALID [2020-07-29 00:53:10,916 INFO L280 TraceCheckUtils]: 31: Hoare triple {2760#(exists ((main_~nondetString1~0.offset Int)) (and (<= main_~nondetString1~0.offset 0) (<= 0 main_~nondetString1~0.offset) (= 0 (select (select |#memory_int| cstrreplace_~p~0.base) (+ (select |#length| cstrreplace_~p~0.base) main_~nondetString1~0.offset (- 1))))))} SUMMARY for call #t~mem2 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L517-3 {2794#(or (<= (select |#length| cstrreplace_~p~0.base) cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)) (= |cstrreplace_#t~mem2| 0))} is VALID [2020-07-29 00:53:10,916 INFO L280 TraceCheckUtils]: 32: Hoare triple {2794#(or (<= (select |#length| cstrreplace_~p~0.base) cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)) (= |cstrreplace_#t~mem2| 0))} assume !!(0 != #t~mem2);havoc #t~mem2; {2798#(or (<= (select |#length| cstrreplace_~p~0.base) cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:53:10,917 INFO L280 TraceCheckUtils]: 33: Hoare triple {2798#(or (<= (select |#length| cstrreplace_~p~0.base) cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} SUMMARY for call #t~mem3 := read~int(~p~0.base, ~p~0.offset, 1); srcloc: L518 {2802#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:53:10,918 INFO L280 TraceCheckUtils]: 34: Hoare triple {2802#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} assume !(#t~mem3 == ~old);havoc #t~mem3; {2802#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:53:10,918 INFO L280 TraceCheckUtils]: 35: Hoare triple {2802#(and (<= 0 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 2) (select |#length| cstrreplace_~p~0.base)))} #t~post5.base, #t~post5.offset := ~p~0.base, ~p~0.offset;~p~0.base, ~p~0.offset := #t~post5.base, 1 + #t~post5.offset;havoc #t~post5.base, #t~post5.offset; {2809#(and (<= 1 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 1) (select |#length| cstrreplace_~p~0.base)))} is VALID [2020-07-29 00:53:10,919 INFO L280 TraceCheckUtils]: 36: Hoare triple {2809#(and (<= 1 cstrreplace_~p~0.offset) (<= (+ cstrreplace_~p~0.offset 1) (select |#length| cstrreplace_~p~0.base)))} assume !(1 + ~p~0.offset <= #length[~p~0.base] && 0 <= ~p~0.offset); {2678#false} is VALID [2020-07-29 00:53:10,924 INFO L134 CoverageAnalysis]: Checked inductivity of 24 backedges. 0 proven. 11 refuted. 0 times theorem prover too weak. 13 trivial. 0 not checked. [2020-07-29 00:53:10,924 INFO L220 FreeRefinementEngine]: Constructing automaton from 0 perfect and 2 imperfect interpolant sequences. [2020-07-29 00:53:10,924 INFO L233 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [14, 9] total 22 [2020-07-29 00:53:10,924 INFO L156 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2033313850] [2020-07-29 00:53:10,925 INFO L78 Accepts]: Start accepts. Automaton has 22 states. Word has length 37 [2020-07-29 00:53:10,925 INFO L84 Accepts]: Finished accepts. word is accepted. [2020-07-29 00:53:10,926 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 22 states. [2020-07-29 00:53:11,013 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 60 edges. 60 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:53:11,013 INFO L459 AbstractCegarLoop]: Interpolant automaton has 22 states [2020-07-29 00:53:11,014 INFO L143 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2020-07-29 00:53:11,014 INFO L142 InterpolantAutomaton]: Constructing interpolant automaton starting with 22 interpolants. [2020-07-29 00:53:11,014 INFO L144 InterpolantAutomaton]: CoverageRelationStatistics Valid=46, Invalid=416, Unknown=0, NotChecked=0, Total=462 [2020-07-29 00:53:11,015 INFO L87 Difference]: Start difference. First operand 50 states and 55 transitions. Second operand 22 states. [2020-07-29 00:53:13,464 WARN L193 SmtUtils]: Spent 113.00 ms on a formula simplification. DAG size of input: 51 DAG size of output: 50 [2020-07-29 00:53:15,232 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:53:15,232 INFO L93 Difference]: Finished difference Result 77 states and 83 transitions. [2020-07-29 00:53:15,232 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 32 states. [2020-07-29 00:53:15,232 INFO L78 Accepts]: Start accepts. Automaton has 22 states. Word has length 37 [2020-07-29 00:53:15,233 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2020-07-29 00:53:15,233 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 22 states. [2020-07-29 00:53:15,234 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 32 states to 32 states and 74 transitions. [2020-07-29 00:53:15,234 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 22 states. [2020-07-29 00:53:15,236 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 32 states to 32 states and 74 transitions. [2020-07-29 00:53:15,236 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 32 states and 74 transitions. [2020-07-29 00:53:15,429 INFO L119 InductivityCheck]: Floyd-Hoare automaton has 74 edges. 74 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2020-07-29 00:53:15,429 INFO L225 Difference]: With dead ends: 77 [2020-07-29 00:53:15,429 INFO L226 Difference]: Without dead ends: 0 [2020-07-29 00:53:15,430 INFO L675 BasicCegarLoop]: 0 DeclaredPredicates, 79 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 48 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 376 ImplicationChecksByTransitivity, 2.5s TimeCoverageRelationStatistics Valid=351, Invalid=2099, Unknown=0, NotChecked=0, Total=2450 [2020-07-29 00:53:15,430 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2020-07-29 00:53:15,431 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2020-07-29 00:53:15,431 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2020-07-29 00:53:15,431 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand 0 states. [2020-07-29 00:53:15,431 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand 0 states. [2020-07-29 00:53:15,431 INFO L87 Difference]: Start difference. First operand 0 states. Second operand 0 states. [2020-07-29 00:53:15,431 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:53:15,431 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2020-07-29 00:53:15,431 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2020-07-29 00:53:15,432 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:53:15,432 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:53:15,432 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand 0 states. [2020-07-29 00:53:15,432 INFO L87 Difference]: Start difference. First operand 0 states. Second operand 0 states. [2020-07-29 00:53:15,432 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2020-07-29 00:53:15,432 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2020-07-29 00:53:15,432 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2020-07-29 00:53:15,432 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:53:15,433 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2020-07-29 00:53:15,433 INFO L88 GeneralOperation]: Finished isEquivalent. [2020-07-29 00:53:15,433 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2020-07-29 00:53:15,433 INFO L82 GeneralOperation]: Start removeUnreachable. Operand 0 states. [2020-07-29 00:53:15,433 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2020-07-29 00:53:15,433 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 37 [2020-07-29 00:53:15,433 INFO L84 Accepts]: Finished accepts. word is rejected. [2020-07-29 00:53:15,433 INFO L479 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2020-07-29 00:53:15,433 INFO L480 AbstractCegarLoop]: Interpolant automaton has 22 states. [2020-07-29 00:53:15,434 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2020-07-29 00:53:15,434 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2020-07-29 00:53:15,634 WARN L516 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12,5 z3 -smt2 -in SMTLIB2_COMPLIANT=true [2020-07-29 00:53:15,641 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 29.07 12:53:15 BoogieIcfgContainer [2020-07-29 00:53:15,641 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2020-07-29 00:53:15,641 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2020-07-29 00:53:15,641 INFO L271 PluginConnector]: Initializing Witness Printer... [2020-07-29 00:53:15,641 INFO L275 PluginConnector]: Witness Printer initialized [2020-07-29 00:53:15,642 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 29.07 12:52:41" (3/4) ... [2020-07-29 00:53:15,645 INFO L137 WitnessPrinter]: Generating witness for correct program [2020-07-29 00:53:15,654 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure ULTIMATE.init [2020-07-29 00:53:15,654 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cstrreplace [2020-07-29 00:53:15,654 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __bswap_32 [2020-07-29 00:53:15,654 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __bswap_64 [2020-07-29 00:53:15,654 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __uint16_identity [2020-07-29 00:53:15,654 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __uint64_identity [2020-07-29 00:53:15,655 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure main [2020-07-29 00:53:15,655 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure __uint32_identity [2020-07-29 00:53:15,661 INFO L902 BoogieBacktranslator]: Reduced CFG by removing 14 nodes and edges [2020-07-29 00:53:15,662 INFO L902 BoogieBacktranslator]: Reduced CFG by removing 7 nodes and edges [2020-07-29 00:53:15,662 INFO L902 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2020-07-29 00:53:15,662 INFO L902 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2020-07-29 00:53:15,704 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2020-07-29 00:53:15,704 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2020-07-29 00:53:15,706 INFO L168 Benchmark]: Toolchain (without parser) took 36084.32 ms. Allocated memory was 1.0 GB in the beginning and 1.4 GB in the end (delta: 411.6 MB). Free memory was 960.2 MB in the beginning and 961.3 MB in the end (delta: -1.1 MB). Peak memory consumption was 410.5 MB. Max. memory is 11.5 GB. [2020-07-29 00:53:15,707 INFO L168 Benchmark]: CDTParser took 0.28 ms. Allocated memory is still 1.0 GB. Free memory is still 987.1 MB. There was no memory consumed. Max. memory is 11.5 GB. [2020-07-29 00:53:15,707 INFO L168 Benchmark]: CACSL2BoogieTranslator took 620.35 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 155.7 MB). Free memory was 954.8 MB in the beginning and 1.1 GB in the end (delta: -176.8 MB). Peak memory consumption was 20.9 MB. Max. memory is 11.5 GB. [2020-07-29 00:53:15,708 INFO L168 Benchmark]: Boogie Preprocessor took 97.04 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 6.7 MB). Peak memory consumption was 6.7 MB. Max. memory is 11.5 GB. [2020-07-29 00:53:15,708 INFO L168 Benchmark]: RCFGBuilder took 735.97 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 58.6 MB). Peak memory consumption was 58.6 MB. Max. memory is 11.5 GB. [2020-07-29 00:53:15,708 INFO L168 Benchmark]: TraceAbstraction took 34561.55 ms. Allocated memory was 1.2 GB in the beginning and 1.4 GB in the end (delta: 255.9 MB). Free memory was 1.1 GB in the beginning and 961.3 MB in the end (delta: 105.0 MB). Peak memory consumption was 360.9 MB. Max. memory is 11.5 GB. [2020-07-29 00:53:15,709 INFO L168 Benchmark]: Witness Printer took 62.79 ms. Allocated memory is still 1.4 GB. Free memory is still 961.3 MB. There was no memory consumed. Max. memory is 11.5 GB. [2020-07-29 00:53:15,711 INFO L336 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.28 ms. Allocated memory is still 1.0 GB. Free memory is still 987.1 MB. There was no memory consumed. Max. memory is 11.5 GB. * CACSL2BoogieTranslator took 620.35 ms. Allocated memory was 1.0 GB in the beginning and 1.2 GB in the end (delta: 155.7 MB). Free memory was 954.8 MB in the beginning and 1.1 GB in the end (delta: -176.8 MB). Peak memory consumption was 20.9 MB. Max. memory is 11.5 GB. * Boogie Preprocessor took 97.04 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 6.7 MB). Peak memory consumption was 6.7 MB. Max. memory is 11.5 GB. * RCFGBuilder took 735.97 ms. Allocated memory is still 1.2 GB. Free memory was 1.1 GB in the beginning and 1.1 GB in the end (delta: 58.6 MB). Peak memory consumption was 58.6 MB. Max. memory is 11.5 GB. * TraceAbstraction took 34561.55 ms. Allocated memory was 1.2 GB in the beginning and 1.4 GB in the end (delta: 255.9 MB). Free memory was 1.1 GB in the beginning and 961.3 MB in the end (delta: 105.0 MB). Peak memory consumption was 360.9 MB. Max. memory is 11.5 GB. * Witness Printer took 62.79 ms. Allocated memory is still 1.4 GB. Free memory is still 961.3 MB. There was no memory consumed. Max. memory is 11.5 GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - PositiveResult [Line: 518]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 518]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 519]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 519]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 517]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 517]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 538]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 538]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 526]: all allocated memory was freed For all program executions holds that all allocated memory was freed at this location - PositiveResult [Line: 535]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - PositiveResult [Line: 535]: pointer dereference always succeeds For all program executions holds that pointer dereference always succeeds at this location - AllSpecificationsHoldResult: All specifications hold 11 specifications checked. All of them hold - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 57 locations, 11 error locations. Started 1 CEGAR loops. VerificationResult: SAFE, OverallTime: 34.4s, OverallIterations: 13, TraceHistogramMax: 3, AutomataDifference: 23.8s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 314 SDtfs, 842 SDslu, 506 SDs, 0 SdLazy, 2148 SolverSat, 176 SolverUnsat, 1 SolverUnknown, 0 SolverNotchecked, 5.9s Time, PredicateUnifierStatistics: 0 DeclaredPredicates, 277 GetRequests, 106 SyntacticMatches, 1 SemanticMatches, 170 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 692 ImplicationChecksByTransitivity, 5.5s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=50occurred in iteration=12, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 13 MinimizatonAttempts, 68 StatesRemovedByMinimization, 9 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.3s SatisfiabilityAnalysisTime, 6.1s InterpolantComputationTime, 330 NumberOfCodeBlocks, 330 NumberOfCodeBlocksAsserted, 21 NumberOfCheckSat, 313 ConstructedInterpolants, 23 QuantifiedInterpolants, 54704 SizeOfPredicates, 27 NumberOfNonLiveVariables, 460 ConjunctsInSsa, 90 ConjunctsInUnsatCore, 17 InterpolantComputations, 9 PerfectInterpolantSequences, 30/74 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available RESULT: Ultimate proved your program to be correct! Received shutdown request...